EXPLOITATION OF WINDOWS AND LINUX BASED OPERATING SYSTEM.
- Initialisation of metasploit is done by #msfdb init .
- Next step is to start the service of the metasploit. # service postgresql start.
- Next step is to open the metasploit by the command # msfconsole.
Next command is to search the vulnerabilities found by the nessus by the exploitation process.
Next command is to get the information about the payload.
The command is # info(copy paste the payload needed).
Next step is to use the payload to exploit the system the , command is #use(copy paste the payload).
After the use command we need to verify the payload, for that #show options , command is used.
Next we need to set the RHOSTS, which the RHOSTS means the victims ip addresses.
The command is #set RHOSTS (VICTIM IP ADDRESS).
To verify the changes have been made ,again the command #show options, is used.
In this , we can verify lhost and lport.
Next exploit command is used.
Meterpreter is opened and we can give the command as example.
The image saved by the screenshot command is,
To exit we use command #exit .
Now the below part is the attack towards Linux based machine.
- We need ,
Attacker machine : Kali Linux.
Target machine : metasploitable(ip add: 192.168.73.19)
The steps involved in this attack is ,
->Find the IP address of target machine and make a note.
->Start the nmap port scanning to find the open ports.
->Now, use web browser to find the vulnerability with the version name which is visible when the port scanning is made.
->Collect the results from famous websites like rapid7.com, exploit-db.com, packetsteram.com,etc.
->Now, same procedure as the above attack.
->Find the vulnerability with the name SAMBA
->After finding it SET LHOST with victim IP address.
Commands to execute are,
# service postgresql start
After this we will use command #session -l and use basic Linux command to get the result.
(PART 4 LINK, OF THE REPORT HAS BEEN ATTACHED BELOW — https://medium.com/@chinmayks16/nmap-port-scanning-127d2fa3c502)