BT5 n00b and testing system with Metasploit

[chris_heyward]

I have a few n00bish questions so bear with me. And if its in the wrong section of the forums, I apologise. Its been a while since I messed with BT. I only ever really tried cracking my wireless but I only seemed to be able to crack WEP and failed with the rest. Now, I decided to give it another go and I am testing my system with Metasploit and SET and wondered if anyone could give me tips on what else to do to test its security and gain access(if possible).

I have downloaded the VMware version of BT5R1 and have been typing away all day trying to gain access to my PC. I can only seem to get access if I disable my anti-virus. I have tried putting an infected PDF and EXE on my system, but while my AV is on, I failed to gain access. While my AV was off however, I managed to do a number of things i.e. record audio, webcam snap etc... What I CANNOT do is create a "hashdump" and log keystrokes. It said it was logging but nothing showed up. Is it possible to do on my system? Its running Win 7 Ultimate SP1 x64.

I also tried cloning a website where it does something funky with Java(my routers webpage where I change settings). As a n00b, I'm not sure what would happen if I tried to clone a page that's on the web so I left it. The AV kicked in on the fake page so that's good

I have been following alot of video guides on youtube but from what I can see, the programs have changed somewhat and I am missing certain menu's inside SET. Now here's another problem to throw at you master-minds... EVERY guide I have found on using SET to send a mail with a PDF attachment says this:

1. Perform a Mass Email Attack
2. Create a FileFormat Payload
3. Create a Social-Engineering Template
4. Return to Main Menu

Enter your choice: 1

Select the file format exploit you want.
The default is the PDF embedded EXE.

********** PAYLOADS **********

1. SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
2. Adobe Flash Player 'Button' Remote Code Execution... BLAH BLAH BLAH

I don't get this. Once I hit "Perform a Mass Email Attack" like all the guides say, it goes straight to asking for an email address and sends an email with the text I enter. What am I doing wrong? I know there's no point in really knowing this seeing as my AV will block it anyway but its just bugged me to hell.

I have many more questions but I'm gonna Google those first before making another post.

So... is there anything else I can do to try and gain access to my PC? Its an admin account. I do want to try and break another account where I 'Group Policied' the hell out of it but that's gonna have to wait until I understand a bit more about BackTrack.

Thanks in advance for your help.

[scottm99]

Here's my take on what's going on...although I'm definitely not a master-mind Your anti-virus is catching the infected PDF/EXE based on known signatures of the payload(s). If you use msfencode (or msfvenom with the appropriate options), you should be able to encode & slip by the anti-virus. Win7 has some security features built-in (i.e. ASLR, DEP, NX) that's probably stopping hashdump & keylogging. If you dig around in metasploit (and on exploit-db.com), you should be able to find some exploits that will defeat these features.

[chris_heyward]

Cheers dude. I'll check out that site now. I did check it the other day but only really had a quick browse to see if any of my applications were listed recently which none were I'm gonna have a read up on Metasploit and its commands before I hassle you guys again about it. I don't really know Linux at all or the program itself so I downloaded some eBook I stumbled across called Metasploit - The Pen Tester's Guide or something like that. That should help me a bit hopefully with understanding it. Before then though... next stop... an nMap guide that helps with the "All ports filtered" b*ll*cks I'm getting before I pull my hair out... haha

[iproute]

just sort of skimming this one, but sometimes to do hashdump you need to use an exploit to escalate your privileges to NT Authority

[scottm99]

Good luck If your book is titled "Metasploit A Penetration Tester's Guide" it won't steer you wrong. The authors are well known in the security field; in fact, Mati (aka muts) is one of the main people on this website & offensive-security.com

[theAud1t0r]

As a fellow n00b I can safely say that the most informative, relevant, and chronologically appropriate information is indeed found in Metasploit: Pen Tester's Guide. After reading a handful of other publications relevant to the field of study I found that they are over generalized, don't provide specific examples or use cases, are outdated, and/or only examine the "hacker mindset". Although these are vary good as a base of study, more immediate and encouraging results can be obtained by the Pen Tester's Guide.

You will need to be diligent as the examples are written up to be copy-paste in format, but there is undoubtedly necessary tweaking and custom modification
to obtain relevant results. That being said, I wish you the best in your journey for knowledge. ^_^


- aud1t