Skip to main content

Ethical Hacking - Metasploit

Metasploit is one of the most powerful exploit tools. Most of its resources can be found at: https://www.metasploit.com. It comes in two versions − commercial and free edition. There are no major differences in the two versions, so in this tutorial, we will be mostly using the Community version (free) of Metasploit.
As an Ethical Hacker, you will be using “Kali Distribution” which has the Metasploit community version embedded in it along with other ethical hacking tools. But if you want to install Metasploit as a separate tool, you can easily do so on systems that run on Linux, Windows, or Mac OS X.
The hardware requirements to install Metasploit are −
  • 2 GHz+ processor
  • 1 GB RAM available
  • 1 GB+ available disk space
Matasploit can be used either with command prompt or with Web UI.
To open in Kali, go to Applications → Exploitation Tools → metasploit.
Exploitation Tools After Metasploit starts, you will see the following screen. Highlighted in red underline is the version of Metasploit.
Highlighted Metaspolit

Exploits of Metasploit

From Vulnerability Scanner, we found that the Linux machine that we have for test is vulnerable to FTP service. Now, we will use the exploit that can work for us. The command is −
use “exploit path”
The screen will appear as follows −
Exploit Path Then type mfs> show options in order to see what parameters you have to set in order to make it functional. As shown in the following screenshot, we have to set RHOST as the “target IP”.
Show Options We type msf> set RHOST 192.168.1.101 and msf>set RPORT 21
Set Report Then, type mfs>run. If the exploit is successful, then it will open one session that you can interact with, as shown in the following screenshot.
Open Session

Metasploit Payloads

Payload, in simple terms, are simple scripts that the hackers utilize to interact with a hacked system. Using payloads, they can transfer data to a victim system.
Metasploit payloads can be of three types −
  • Singles − Singles are very small and designed to create some kind of communication, then move to the next stage. For example, just creating a user.
  • Staged − It is a payload that an attacker can use to upload a bigger file onto a victim system.
  • Stages − Stages are payload components that are downloaded by Stagers modules. The various payload stages provide advanced features with no size limits such as Meterpreter and VNC Injection.

Payload Usage − Example

We use the command show payloads. With this exploit, we can see the payloads that we can use, and it will also show the payloads that will help us upload /execute files onto a victim system.
Payload Payload Usage To set the payload that we want, we will use the following command −
set PAYLOAD payload/path
Set the listen host and listen port (LHOST, LPORT) which are the attacker IP and port. Then set remote host and port (RPORT, LHOST) which are the victim IP and port.
Victim IP Type “exploit”. It will create a session as shown below −
Create Session Now we can play with the system according to the settings that this payload offers.

Comments

Post a Comment

Popular posts from this blog

IMPORTANCE AND ADVANTAGES OF SIWES

STUDENTS INDUSTRIAL WORK EXPERIENCE SCHEME (SIWES) The Industrial Training/Students Industrial Work Experience Scheme, IT/SIWES is a new Directorate under the Vice-Chancellor’s Office.  It was established on 20th April, 2012 The Students Industrial Work Experience Scheme (SIWES) is a skills training programme designed to expose and prepare students of universities and other tertiary institutions for the Industrial Work situation they are likely to meet after graduation.  It is also a planned and structured programme based on stated and specific career objectives which are geared towards developing the occupational competencies of participants (Mafe, 2009).  Consequently, the SIWES programme is a compulsory graduation requirement for all Nigerian university students offering certain courses. The Students Industrial Work Experience Scheme (SIWES), is the accepted training pro...
1 comment
Read more

Hack Instagram Account with ighack

Ighack is a secure Instagram account hacking application that allows you to hack Instagram password free. The best part of the application is that it does not require any survey or download. It is available free on the internet. I addition to being free to use, this app is compatible with every device. The application has a reputation of being authentic and untraceable. Let us look into the procedure needed to follow for hacking Instagram passwords. Step 1: Visit the website ighack.net and click on ‘Start Hack’ option. Step 2: Enter the user name of the target’s Instagram account when the system asks you to do so and click the ‘Hack’ button. Step 3: Allow the application to do the rest. The ighack server establishes contact with Instagram server and searches for the password in the Instagram database by matching the username ID. Step 4: On extraction of the data, the installed software program automatically decrypts the data. Step 5: The system delivers the password to...
1 comment
Read more

How to Reset HP Elitebook 8460p BIOS/Administrator Password

Have you  forgotten HP Elitebook 8460p password , bios or administrator account password? How to do if both of them lost? It seems hard though there may be lots of ways that can solve it. But if we talk about it separately, such as in two parts,  HP elitebook password reset  would be not so difficult. Part 1: Reset HP Elitebook 8460p BIOS password Part 2: HP Elitebook 8460p Administrator password recovery Part 1: How to Reset Forgotten HP Elitebook BIOS Password? Generally, there are two ways to  reset forgotten BIOS password .  One  is forcing BIOS/CMOS to reset itself to its stored defaults by removing all power from it.  The other  is to use a program to either locate or identify the password, and reveal it to you or erasing the password clearly. And the most easiest and convenient method for erasing dynamic BIOS/CMOS settings is to remove battery directly from the motherboard. However, it applies to most motherboards besides HP...
Post a Comment
Read more