Steps to Follow
- First download Metasploit 3.3 from the official website.
- Let it install and towards the end of the installation it will ask if you would like Nmap installed also, choose YES.
- Once you have installed the Metasploit, the below screen will open up.
- Now type db_create.
- Once you have typed that type nmap, it will load nmap as shown in below image.
- You need to configure your scan now, I usually do a simple -sT -sV scan which will tell us the open ports and services running on the victims computer.
- Now type nmap -sT -sV xxx.xxx.xxx.x (X's being victims Ip number)
- Now give it 5 minutes to complete the scan,Once that is complete if you are lucky you should get a response like this...
- This is basically a list of the open ports and services running on the target machine.
- Now the handy feature of the metasploit 3.3 framework is the autopwn feature, this basically searches and runs all matching exploits in the Metasploit database against the target machine and if successful will create a shell or similar privilege for the attacker.
- Now once you have the nmap results delivered back to you showing the open ports and services type db_autopwn -p -t -e.
- From this point you will either have access to the victims computer through a successfully launched exploit or you will get a response saying the machine wasn't vulnerable to any of the exploits in the Metasploit database.
- Unfortunately on this particular machine I found it wasn't vulnerable as the image below proves.But if you are in luck and the targeted computer is vulnerable to exploits then BOOM.
- Good luck. Have fun !!!
Note : This tutorial is just for educational purposes and HWS team is not responsible for any kind of misusse. Use it on your own risk. This tutorial is written by " Google Worm ".
