Monday, May 27, 2013


Metasploit: Step-by-step
The steps below are for use with the BackTrack Distro.
For Downloading BackTrack:
http://www.backtrack-linux.org/downloads/
To begin, boot to your CD and pull up a shell window. From there you will need to move to the Metasploit directory. To do this from a command prompt type:
cd pentest/exploits/framework-2.3/
Launch the Metasploit console. To do this, from a command line type the following:
# “. /msfconsole”
Pick which exploit to use!
Once the msfconsole is running, it is time to decide which exploit to attempt against the target system.
Your options here stub from the following commands:
<!--[if !supportLists]-->use
<!--[if !supportLists]-->show
<!--[if !supportLists]--><!--[endif]-->info
The use command will tell the utility exactly which exploit to select.
After "use" configure options:
We’ve selected our exploit, but we are not done yet. We need to set options. These options include the destination IP and the destination port. The options are configured by using the set command. The show advanced command will let you know if there are more options that can be set. Most exploits do not have advanced options:
Start by typing: Show options
This will show you the command requirements to run the exploit.
These include the RHOST (This is the host that we are going to compromise) and the RPORT (this is the port
that the vulnerable function is running on)
To set these options type:
set RHOST <your partner machines IP address>
On the next line type:
set RPORT 80
Is the exploit going to work?
We have a system, we have an exploit. Are we going to be able to compromise the system? Now is the time to find out. To perform the check type: check
This may not work on all exploits. This will see if the server or target appears vulnerable.
If you type: show targets, you should see something like the below:
msf iis50_webdav_ntdll > show targets
Supported Exploit Targets
=========================
0 Windows 2000 Bruteforce
Now you got the base = tomorrow we will publish the second part and you will find out:
What do we want a successful attack to do? We will also show you how to perform such attack 
Stay tuned! 

No comments:

Post a Comment