Friday, April 12, 2013

Hacking with Meterpreter Session on Kali linux / Backtrack | Post Exploitation

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

In my last post, I demonstrated how a vulnerable system can be discovered quickly using the nmap tool. We used the script 'smb-check-vulns.nse' belonging to the 'vuln' category. We used it in 'unsafe' mode which is very likely to crash the victim machine.

In this one, I exploit that system using Metasploit and obtain a meterpreter session:


We need to set the 'rhost' or remote host, the payload, and the 'lhost' or localhost. The standard Metasploit command 'exploit' will then run the module with these parameters configured.

Now:

- We can try to dump the password hashes of this system.

- We can upload and execute a nc.exe (netcat) file on hacked system to gain access later (backdoor).

4 comments:

  1. I'm using setoolkit to create a keylogger , everything is working fine but i'm facing problem to enable Meterpreter , i don't know if the problem with the IP address that im using or what but i need to open a session ...thank you

    ReplyDelete
  2. I am getting the shell but not getting meterpreter, any way for privilege escalation

    ReplyDelete
  3. Hi Aloke in order to to get prevelide use the below EXPLOIT

    exploit/windows/local/ppr_flatten_rec This is for previlege esclation

    ReplyDelete