In my last post, I demonstrated how a vulnerable system can be discovered quickly using the nmap tool. We used the script 'smb-check-vulns.nse' belonging to the 'vuln' category. We used it in 'unsafe' mode which is very likely to crash the victim machine.
In this one, I exploit that system using Metasploit and obtain a meterpreter session:
We need to set the 'rhost' or remote host, the payload, and the 'lhost' or localhost. The standard Metasploit command 'exploit' will then run the module with these parameters configured.
Now:
- We can try to dump the password hashes of this system.
- We can upload and execute a nc.exe (netcat) file on hacked system to gain access later (backdoor).
I'm using setoolkit to create a keylogger , everything is working fine but i'm facing problem to enable Meterpreter , i don't know if the problem with the IP address that im using or what but i need to open a session ...thank you
ReplyDeleteI am getting the shell but not getting meterpreter, any way for privilege escalation
ReplyDeleteHi Aloke in order to to get prevelide use the below EXPLOIT
ReplyDeleteexploit/windows/local/ppr_flatten_rec This is for previlege esclation
This is a very good article.
ReplyDelete