One of the most powerful exploit tools is Metasploit. The link to find the resources of Metasploit is https://www.metasploit.com. Two versions of Metasploit are available free edition and commercial. Mostly free edition is used in this tutorial, as there is not much difference between the two versions.
Metasplit can be easily installed as a separate tool on systems which run on Linux, Windows or Mac OS X.
To install Metasploit some of the hardware required are −
Matasploit can be used either with command prompt or with Web UI.
To open in Kali, go to Applications → Exploitation Tools → metasploit.
After Metasploit starts, the screen appears as follows, red underline highlighted is the version of Metasploit.
From Vulnerability Scanner, it is identified that the machine used of testing is vulnerable to FTP service. To use the exploit that works, the command is:
The screen appears as -
Then type mfs> show options to check for the parameters to be set to make functional. RHOST is set as the “target IP”.
Type msf> set RHOST 192.168.1.101 and msf>set RPORT 21
Then, type mfs>run. If the exploit is successful, then it will open one session that can be interacted with, as shown in the following screenshot.
The scripts that hackers use to interact with hacked system are payloads. Payloads are used by hackers to transfer data to a victim system.
Metasploit payloads can be of three types −
The command show payloads is used. With this exploit, the payloads that are used can be seen and the payloads that help to upload files on a victim system can also be seen.
The command used to set the payload desired is:
Set the listen host and listen port (LHOST, LPORT) which are the attacker IP and port. Then set remote host and port (RPORT, LHOST) which are the victim IP and port.
Type “exploit”. A session as shown below is created−
Now one can play with the system according to the settings that this payload offers.
Ethical Hacking Related Interview Questions
|Networking Interview Questions||Android Interview Questions|
|CCNA Interview Questions||Routing Protcol Interview Questions|
|Firewall (computing) Interview Questions||Application Security Interview Questions|
|Cyber Security Interview Questions||TCP/IP Interview Questions|
|Owasp Interview Questions|
All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.