Penetration testing with Metasploit

Penetration testing is one of the ways to identify the security holes of your system and Metasploit is great free and open source tool to launch your attack.

Here I have two machines in my virtual environment and I am using my favorite Kali to launch the attack. We will use browser_autopwn2 which is a hack packaged within Metasploit.

Before doing anything, please ensure that firewall in your windows system is disabled and then ping from both systems.

1

Great!! Now launch your “weapon” Metasploit framework from kali Linux. It is one with “M” icon on the sidebar. To start any exploit, we use keyword “use”. Since we are using browser_autopwn2 we start typing path for it which is auxiliary/server/browser_autopwn2

Then hit enter to move to next step. To find LISTENER address, type run next.

2

After a number of lines, we will see the address and this is the address which we have to copy down and type into the browser of victim system (WindowsXP).

3Go to internet explorer of Window XP, and type the URL. You will notice changes on your terminal in kali. This opened two sessions which can be used to interact with the victim system.

4Type “sessions –i 1” to use ‘meterpreter’ DLL. Type help to see all the fun stuff you can do with this.

5The ‘help’ command will introduce you to a number of commands with their functions. You can use hashdump to collect usernames and hashes.

This is one of the commands, I used here to shutdown the Victim System.Try other commands too and  Enjoy your hack!! 😉

6

Advertisements