In this blog we will discuss Target Exploitation and the tool that is used in order to exploit certain information. In this case we will talk about Metasploit. Metasploit is an open source attack framework that is used to hack systems for testing purposes. Why a lot of hackers choose to use Metasploit is because that it is open source and that it is actively updated.
We had a lab assignment using Metasploit using 2 VMs and having one VM control the other VM by shutting it down. Steps will be listed below.
- First step is to boot kali linux and open terminal, then run the msfconsole in the terminal.
2. Using the search command, Search Shellshock and locate the apache_mod_cgi_bash_env_exec Module and copy the location.
3. Type options to see the various settings
4. Check ifconfig on the target vm to get the IP address of the target.
5. The you set the rhost to the target you are trying to attack, set the uri into the directory cgi-bin/status, set the lhost to the current ip of the Virtual Machine that you are using to attack, and lport to your current port. Then run and see if it can be done.
6. Then check ifconfig and see if the IP of the current VM is changed to the one that u were targeting and in this case it changed.
7. Then do the command to power off the other VM and it works!
Recent Comments