Overview:
Metasploit is an open source penetration testing tool. It has a database of public exploits and vulnerabilities . it can execute remlote attacks after gaining root access.
Here I will show how to use metasploit and meterpreter to gain access to windows machine
Steps:
To open up metasploit the command is “msfconsole”
Checking ip of windows machine
Now to attack windows machine.
- One of the known vulnerability of windows is hta server. It is an html application but with right payload it can be used to open a backdoor to a system
Accessing the application by using command “use exploit windows/misc/hta_server”
Checking options to set:
Checking ip of Attackers machine
Setting Lhost Srvhost and Lport according to attackers machine
Launching the payload
When Opening the URL in browser , it automatically downloads a file
Opening up and running file
Now here we can see, it is delivering payload
The screenshot shows the amount of data that has been sent
Now using command “sessions –i” to check where the session has been sent
“sysinfo” command is showing the name of machine, OS, Architecture etc
“help” command shows what are things that we can set out of system
All the commands that we can run on normal windows cmd , we can run here now
Now Confirming ip:
Leave a Reply