Posts Tagged ‘metasploit tutorial’
Tasting Metasploit’s Power
Just got Nessus (Tenable Network Security) version 4 and planning to use it to conduct some vulnerability assessment in our test lab. And interestingly, I found lot of machines vulnerable to MS08-067, which after the said scanning; I tried using Metasploit v3 to abuse the said flaw.
| 1. | Here I am showing that my client machine is vulnerable to MS08-067 |
 |
|
| 2. | Now I loaded up my Metasploit console |
 |
|
| 3. | I just expand the Exploits and choose windows and ms08_067_netapi; right-click and select execute |
 |
|
| 4. | So Selecting Target, I just set it to Automatic; here I am showing the current Users list on my machine |
 |
|
 |
|
| 5. | After hitting next, I have now here the Payload which is obviously to add user (with administrative privilege of course); selecting the options includes the remote IP and its remote post, username and password for that machine I will try to add. I am leaving it to you guys to look for these options/parameters using Metasploit’s user guide |
 |
|
 |
|
| 6. | Hit Apply; and now you’ll see the Metasploit user has been added and a member of Administrators and Users |
 |
|
 |
|
| 7. | Hope this is straight-forward enough and I’m able to share the power of Metasploit. Kudos to Metasploit Team! |
