Thursday, June 23, 2011

Hacking exploits using the Metasploit Framework

Here we will discuss how to do hacking using Metasploit Framework is coupled with the utilization of external program to retrieve the information we want.
For example, the author will make hacking by exploiting security holes in Server Service Could Allow Remote Code Execution - MS08-067 on Windows XP SP3. Actually, the author never fill seminars and demos with matter exploit the vulnerability to hacking Windows XP SP2/SP3 in early December 2008, this gap has been known writer on ahkir October 2008 from a security site, here I share as well as to use up meterpreter utilize external program to dial up passwords exploited.
Ok we just start
First of all to find out who connected on the network. then you can go to command prompt and then type the command net view and enter
After appearing on network computers then you just select which ones will be targeted, for example PCXPSP3, just ping the ip PCXSP3.

Once you know your server computer can be if you want to do a scan to find out what OS, how wrote an open port with NMAP NMAP or take advantage of the Metasploit Framework.
We live it to the stage of exploitation. Here I use the console.
Below is to get into the target computer with the payload shell / bind_tcp:

For how to use the payload meterpreter as well try to upload a telnet backdoor

Once uploaded then we can check in c: \ in the victim's computer and then run a telnet backdoor 3x as much to run properly.

After that we can use Putty to get into telnet

Display after entering through a backdoor telnet

Now let's try to download files from the victim's computer, for example file fotorahasia.jpg

Below is an example command to download a file using meterpreter fotorahasia.jpg.

We are now trying to exploit to try to get a dial-up passwords stored by the victim's computer, we upload the program to take the dial-up passwords stored by Windows is dial.exe

Once uploaded we use the command: dial / stext (filename).

After a file, in the example uses the file name pass.txt, we stayed open pass.txt file contents with the command: type pass.txt

Binggo, we get the dial up passwords.

Thanks to : Kurniawan ( YF Code )