Results 1 to 6 of 6

Thread: BT5 n00b and testing system with Metasploit

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    Wales
    Posts
    24

    Angry BT5 n00b and testing system with Metasploit

    I have a few n00bish questions so bear with me. And if its in the wrong section of the forums, I apologise. Its been a while since I messed with BT. I only ever really tried cracking my wireless but I only seemed to be able to crack WEP and failed with the rest. Now, I decided to give it another go and I am testing my system with Metasploit and SET and wondered if anyone could give me tips on what else to do to test its security and gain access(if possible).

    I have downloaded the VMware version of BT5R1 and have been typing away all day trying to gain access to my PC. I can only seem to get access if I disable my anti-virus. I have tried putting an infected PDF and EXE on my system, but while my AV is on, I failed to gain access. While my AV was off however, I managed to do a number of things i.e. record audio, webcam snap etc... What I CANNOT do is create a "hashdump" and log keystrokes. It said it was logging but nothing showed up. Is it possible to do on my system? Its running Win 7 Ultimate SP1 x64.

    I also tried cloning a website where it does something funky with Java(my routers webpage where I change settings). As a n00b, I'm not sure what would happen if I tried to clone a page that's on the web so I left it. The AV kicked in on the fake page so that's good

    I have been following alot of video guides on youtube but from what I can see, the programs have changed somewhat and I am missing certain menu's inside SET. Now here's another problem to throw at you master-minds... EVERY guide I have found on using SET to send a mail with a PDF attachment says this:

    1. Perform a Mass Email Attack
    2. Create a FileFormat Payload
    3. Create a Social-Engineering Template
    4. Return to Main Menu

    Enter your choice: 1

    Select the file format exploit you want.
    The default is the PDF embedded EXE.

    ********** PAYLOADS **********

    1. SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
    2. Adobe Flash Player 'Button' Remote Code Execution... BLAH BLAH BLAH

    I don't get this. Once I hit "Perform a Mass Email Attack" like all the guides say, it goes straight to asking for an email address and sends an email with the text I enter. What am I doing wrong? I know there's no point in really knowing this seeing as my AV will block it anyway but its just bugged me to hell.

    I have many more questions but I'm gonna Google those first before making another post.

    So... is there anything else I can do to try and gain access to my PC? Its an admin account. I do want to try and break another account where I 'Group Policied' the hell out of it but that's gonna have to wait until I understand a bit more about BackTrack.

    Thanks in advance for your help.
    Just when you see the light at the end of the tunnel, the roof caves in!

  2. #2
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: BT5 n00b and testing system with Metasploit

    Here's my take on what's going on...although I'm definitely not a master-mind Your anti-virus is catching the infected PDF/EXE based on known signatures of the payload(s). If you use msfencode (or msfvenom with the appropriate options), you should be able to encode & slip by the anti-virus. Win7 has some security features built-in (i.e. ASLR, DEP, NX) that's probably stopping hashdump & keylogging. If you dig around in metasploit (and on exploit-db.com), you should be able to find some exploits that will defeat these features.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  3. #3
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    Wales
    Posts
    24

    Default Re: BT5 n00b and testing system with Metasploit

    Cheers dude. I'll check out that site now. I did check it the other day but only really had a quick browse to see if any of my applications were listed recently which none were I'm gonna have a read up on Metasploit and its commands before I hassle you guys again about it. I don't really know Linux at all or the program itself so I downloaded some eBook I stumbled across called Metasploit - The Pen Tester's Guide or something like that. That should help me a bit hopefully with understanding it. Before then though... next stop... an nMap guide that helps with the "All ports filtered" b*ll*cks I'm getting before I pull my hair out... haha
    Just when you see the light at the end of the tunnel, the roof caves in!

  4. #4
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: BT5 n00b and testing system with Metasploit

    just sort of skimming this one, but sometimes to do hashdump you need to use an exploit to escalate your privileges to NT Authority

  5. #5
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: BT5 n00b and testing system with Metasploit

    Good luck If your book is titled "Metasploit A Penetration Tester's Guide" it won't steer you wrong. The authors are well known in the security field; in fact, Mati (aka muts) is one of the main people on this website & offensive-security.com
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  6. #6
    Just burned his ISO theAud1t0r's Avatar
    Join Date
    Nov 2011
    Location
    Dark Side of the Moon
    Posts
    6

    Default Re: BT5 n00b and testing system with Metasploit

    As a fellow n00b I can safely say that the most informative, relevant, and chronologically appropriate information is indeed found in Metasploit: Pen Tester's Guide. After reading a handful of other publications relevant to the field of study I found that they are over generalized, don't provide specific examples or use cases, are outdated, and/or only examine the "hacker mindset". Although these are vary good as a base of study, more immediate and encouraging results can be obtained by the Pen Tester's Guide.

    You will need to be diligent as the examples are written up to be copy-paste in format, but there is undoubtedly necessary tweaking and custom modification
    to obtain relevant results. That being said, I wish you the best in your journey for knowledge. ^_^


    - aud1t

Similar Threads

  1. Metasploit V4.00-Testing - svn r13289
    By Si2006 in forum BackTrack 5 General Topics
    Replies: 1
    Last Post: 07-22-2011, 05:24 PM
  2. Note to the N00b from a N00b
    By Joe Mama in forum OLD Newbie Area
    Replies: 4
    Last Post: 01-29-2010, 01:24 AM
  3. n00b needing some pen testing tips! (links?)
    By Aarhem in forum OLD Pentesting
    Replies: 5
    Last Post: 09-22-2009, 09:29 AM
  4. Replies: 0
    Last Post: 09-13-2009, 09:05 AM
  5. Sorry for the n00b questions...
    By eLiT3SnIpEz in forum OLD Newbie Area
    Replies: 14
    Last Post: 01-07-2009, 12:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •