This Blog is written for to know the system hacking works, i am explaining how to hack system using Metaspolit, anyone who want learn ethical hacking can read this article
Before get started let me remind you what you need
–Kali linux need to be installed
-Metaspolit framework in kali Linux
-Have Metasploitable installed in virtual machine
-Requisites
-Knowledge of using terminal
-have both Metasploitable and linux operating sytem running
-have Knowledge about nmap
Step1: lets start the Metasploitable 2
lets start the Metasploitable 2 in virtual machine and username and password will be msfadmin and enter command of ifconfig you get results like: 192.168.1.3 something below image show
Step2 : scanning the target for vulnerabilities
we have IP address so now we are into kali Linux for scanning system using Nmap tool for the purpose identifying vulnerabilities within our target system now scan the target system using NMAP command
nmap -sV -O 192.168.1.7 here -O namp command is to determine the operating system within which has system is operating on -sV option will help us determine the version of the service running on the ports,
Now we have found the information what required to exploit vulnerable system , First we found FTP Port 21 exploit our 1st vulnerability on FTP runs on port 21
FTP runs on port 21
step1: launch metasploit and search for exploit
lets fireup metasploit using msfconsole
search vsftpd we have found 1 maching module which is related to vulnerability of vsftd
step -2: type use 0 or type the exploit as in below and type show options to see what required and here RHOST is required so we need to add target IP there
step-3 Checking privileges from the shell Time to add IP Set RHOSTS <IP> after all set fire up with run command and below we see we in target terminal
Exploit VNC port 5900 remote view vulnerabilities
as we saw in scanning time theirs another vulnerability VNC enables a users to control another computer over a network connection . here we are attacking on port 5900 in order to take control over remotely
step1: Launching Metasploit and searching for exploit
lets quickly fireup msfconsole and search vnc login after finding related vulnerability quickly select use 0 or exploit name
next step: after selecting command show options and thers need to set RHOSTS so lers quickly select RHOSTS with target ip set RHOSTS <IP>
and run we found the password here lets quickly checkout then
next step: open terminal vncviewer <ip> Now we are into system Having the IP address and VNC login password, we will open another terminal from where we will try to connect remotely to our target system. The password login credentials are “password
Next step :Gaining remote control of target system via VNC
as you see we are into system
Exploit samba server vulnerability
its time for samba we will we exploiting this We will be exploiting this vulnerability on our target machine to gain a TCP shell from which a hacker can be able to perform malicious activity on a vulnerable server since our target system has Samba “username map script” Command Execution.
step1: lets quickly fireup terminal with msfconsole and search for usermap script and we can see related exploit type use 0
set RHOSTS <ip> and exploit
step2: Checking Privilages of the shell acquired
We now have a remote shell. We can check our privileges on on the shell established using the command “whoami”
With the help of Metasploit we are able to exploit the vulnerability with more ease as it helps us in searching for the right vulnerability by just a single command.
THANK YOU FOR READING THIS