Saturday, 19 February 2011

How to hack with nessus + metasploit from start to finish.



1) Download nessus from http://www.nessus.org and register it, its free and easy.
2) Install the server and client version in your PC
3) Start the server , register ir and update the plugins
4) Download backtrack from www.backtrack-linux.org/ , install in a VM or in your PC
5) Start your nessus client, and connect to your server
6) Click on the "+" on the left side and ADD the target server
7) On the right side, click "+" and add new policy and click SAVE
8) Click on the target on the left side, now click on the plugins on the right side and click SCAN NOW
9) Now click on the reports and "+" on the target, you will see all the problems.
10) Copy the CVE ID of a RED problem : EX -> CVE-2008-4250
11) Go to : http://www.metasploit.com/modules/ and type your CVE id on the field CVE and click "SEARCH MODULES"
12) Scroll down and look with module should be used, in this case is "ms08_067_netapi"
13) Now go to your backtrack and type : msfconsole
14) Now type "use exploit/windows/smb/ms08_067_netapi"
15) Now type set RHOST 192.168.127.199 ( in my case is this the TARGET IP, yours will be different)
16) Now type "exploit"
17) You will be prompted with the "meterpreter" if the exploit worked , now you can do a lot of cool things like hashdump,keylogger,download files, upload files,edit/view files
add routes, view ips, kill process, reboot , etc etc, type "help" and you will see everything you can do.
That's it, now watch my video and see how I dit it.
If you have any questions, just put as comment!
Thanks for watching.

No comments:

Post a Comment