06 System Hacking LAB
06 System Hacking LAB
Practical No 1: Basics
msfconsole
The above command will load Metasploit framework console version where we can use number of
modules of Metasploit framework by command line interface.
Msfconsole basics:
show exploits
payloads
auxiliary
post
encoders
nops
options
You can use the show command with above mentioned combinations of options to see several modules
and options for the modules we already selected.
search <keyword>
To search for a particular keyword from the available modules in your Metasploit.
exit –y
Chinni Diwakar 1
Practical No 2: Hacking PC with Firefox
msfconsole
search firefox_xpi
You will get an exploit list like above. Just copy the exploit name and paste followed by info command
and execute to get information of the exploit
Chinni Diwakar 2
Once you saw the information you can configure the exploit with use command.
use <exploitname>
Chinni Diwakar 3
For a specific target please set your target as Native Payload
You can execute show options command to see required options to run the exploit successfully.
show options
Configure important options like SRVHOST and SRVPORT and URIPATH and LHOST
Chinni Diwakar 4
Once you know that you configured everything properly execute show options to confirm.
Now whoever victims click on your malicious links they will be shown like below picture.
sessions
Chinni Diwakar 5
To access any specific session you need to execute command
Now you will get meterpreter prompt in msfconsole windows which confirms you are inside of the
victim machine you can execute a ‘?’ in meterpreter prompt to see the possible commands list.
Chinni Diwakar 6
Chinni Diwakar 7
For Example iam executing sysinfo command to get the system details like show in the below image
Chinni Diwakar 8
More meterpreter commands are explained in the document further.
msfconsole
search ms15_100
Chinni Diwakar 9
Step 5: configuring options
show options
exploit
Chinni Diwakar 10
Please share this file with your victim.
For this purpose you can use apache2 server in your kali linux.
Step6:
As we select meterpreter as payload you would get a meterpreter access of the target computer.
Chinni Diwakar 11
Practical No: 4 Meterpreter Commands
sysinfo command
ifconfig command
Chinni Diwakar 12
ii
pwd command
Chinni Diwakar 13
ls is to see the available files in the current directory
Chinni Diwakar 14
download command is to download any file form the victim PC to attacker PC
Chinni Diwakar 15
rm is to delete any file
Chinni Diwakar 16
Like this
upload command is used to upload any file form attacker machine to victim machine
Chinni Diwakar 17
You need to give the complete file path to successfully transfer that file.
Chinni Diwakar 18
Chinni Diwakar 19
background command is used to come out of a valid session without losing it.
You can use keyscan_start to start a passive keylogger in the target machine
Chinni Diwakar 20
migrate is to jump from one PID to another PID
execute is used to execute any executable like an .exe or .msi on the target machine
screenshot command is used to get an active screenshot of the target machine, you can follow the file
path to see the screenshot.
Chinni Diwakar 21
You can see the victim webcam live streaming with webcam_stream option
Chinni Diwakar 22
You can also take pictures from victim webcam with webcam_snap option
Chinni Diwakar 23