next »

[s1ayer]

does any body have any book or something ... to know which exploit to use .. when to use and for which exploit which payload can be used...
jappy has given a link.. thts good.. but more elaborative data vl be appreciated...

[Hackuin]

Okay, you can get the e-book here,
http://www.megaupload.com/?d=JPIKFO54

[decent]

nice book!

[D4rk357]

 

[protokaul]

does any body have any book or something ... to know which exploit to use .. when to use and for which exploit which payload can be used...
jappy has given a link.. thts good.. but more elaborative data vl be appreciated...

Hello s1ayer,
The book link forwarded by respected member is good. There are many tutorial and books on metasploit and offcourse the free online course on metasploit from Offensive-security.

But the best way to harness the power and to know the exploit, person has to be updated regularly on the exploits getting added to metasploit. The books and the courses can not be updated regularly. Person has to be aware of the new exploits.
e.g. if want to exploit smb vulnerability, the first exploit that strikes is MS08-067, then MS06-040. If MSSQL, MS09-004.  So this comes with practice and the closeness with metasploit.

Whenever you update the metasploit, you can see in the console, the list of newly added exploits/auxiliaries and the amended exploits. Thats the only key!

Regarding Payloads, almost any payload can be used.
* Avoid VNC, very noisy and slow. Target will definitely come to know the activity
* Meterpreter is best. It never touches the hard drive, so tough for forensic experts to find the evidence of attack
* Rely mostly on "reverse-connect" payloads as most of the time target is NATed and does not let open any incoming connect.
* Always keep one backdoor (could be of metasploit or simply netcat) handy and make sure it's undectable from any AV. As soon as access is obtained on target, plant it either using "at" or as a "service" or mark in "registry". All the three techniques have pros-n-cons. I can discuss them here if you wish.
* This second thing I look for after getting-in is the SAM and SYSTEM file. Grab the hashes and crack within minutes using rainbow tables (download it, around 35 Gb)
* and so n so....

Regards

[Hackuin]

Guys.
1] Don't seek for "Target of opportunity"
2] Every Vulnerability doesn't have exploit, and its time to build one for that, and that is thing why "ACTUALLY" framework is used for!
3] Blindly running msf doesn't make you learn anything except the wet fantasy.

I am writing an article on Metasploit titled "Metasploit Guide" [Mastering the framework] but, honestly I am putting a lot of effort on advance level of exploitation and techniques involved in building exploits, which presenting in a textual way needs more time, due to my schedule as from tomorrow, I could only spend few hours on this, so it may take a little time to complete.

~Hackuin

[s1ayer]

@ hackuin...
bro i tried on ur challenge.. but nothing good happened...... if u could come with its solution.... as u hv said... it vl be very helpful...... atleast we can get to know where we are commiting mistakes... i have tried my best ti exploit it... but always exploit failed except one.... thts the weak pass brute force exploit... its tryng to exploit the password by brute forcing.. its taking too much time.. and my net su**s big time... it has to check for 65536 and whenever my net gets dc.. i have to start again.... and i have tried my best to find the other possible exploit ... but failed.......

[Hackuin]

@slayer:
Please check-out my post

Cheers!

[SaiSatish]

up