Metasploit is one of the
greatest Hacking tools
ever. It makes the hacking
easy for the Script Kiddies
(new hackers). But
Question comes How to use
it to hack a computer?
*****
Metasploit Framework comes in
command-line as well as GUI
version. This article will deal
with the command-line version.
Followings are the basic
commands of Metasploit that
you should Learn by Heart.
1: help (show the commands.)
2: show info XXXX (to show
the information on specified
XXXX value, that is can be
exploit or payload)
3:
show options ( to show the
options for a exploit and
payload. Like RHOST, LHOST)
4:show exploits/
payloads (to get a list of
exploits/payloads)
5:
use XXXX (to select the
name of the exploit.)
6:
set XXXX (to set the value
of RHOST, LHOST or payload)
7:
exploit (to launch a exploit
on targeted machine.)
Note: To hack a computer using
Metasploit first you should have
the
enough information of the
target including
1: IP address
2: Open Ports
3: services running
4:Version of software
running
All of these need a little work. A
famous tool to do all of these
is
NMAP on which I have written
some articles.
Now the first step is choosing a
right exploit for the
vulnerabilities in the machine. To
determine
the exploit for the
attack you need all the things
noted above. For example the
computer is running a SMTP
server on Port 25 and there is
a exploit on it than you hack that computer.
To choose an exploit following
command is there:
Use [exploits address . e.g.
Exploit/windows/smtp/
xxx. ]
Now you need a payload
(payload is a piece of program
that will be executed if
vulnerability is exploited). To
get a list of all the payloads
available for the exploit Just
type following command.
Show payloads
Now choose an appropriate a
payload from it. The only thing
left is to set the fields for the
attack. List of Most Probable
fields to be set is given bellow.
RHOST = The IP address of the
computer to be attacked.
RPORT = The Port of the
service to exploited (it set by
default)
LHOST = The IP address of your
computer (it set by default)
LPORT = The default port of your Metasploit program (it set
by default)
Now the Last step is to type
the following command and
Launch attack to the computer.
exploit
After typing this command the
attack will be launched and if
vulnerability is successfully
exploited the payload will be
executed and a shell (you can
take it as command prompt) will
be launched which will allow you
to do anything with the
computer that you have
attacked.
No comments:
Post a Comment