How to Update to Metasploit 4 and use Autopwn in Backtrack 5
Well, given the recent release of Backtrack 5, and the recent
release of Metasploit 4, and knowing how popular the
super-quick-and-dirty Autopwn function is, I thought I'd write up a
brief instructional on how to get Metasploit 4 up and running on
Backtrack 5, and how to use the Autopwn function with it, for those who
can't figure it out for themselves.
First thing's first, we need to update Metasploit. Do so by first
opening a terminal, then type the following to change into the
appropriate directory and update:
- cd /pentest/exploits/framework3/
- ./msfupdate
Next, to have databases working appropriately, we need have the
environment set properly, and to do that, we need to run the msfconsole
with the following command:
- /usr/local/bin/msfconsole
Now, we need to check to make sure that our database drivers are loaded. Type:
- db_status
You should receive a response saying "postgresql connected to msf3". Now, we need to nmap the host:
- db_nmap -sS -sV -T 5 -P0 -O 172.16.40.43
I only have SSH open on mine, as I was scanning my work laptop, so
this will not be vulnerable to any exploits in Metasploit either,
unfortunately. I did not have quick access to any vulnerable machines to
use for this demo. As you may have noticed, I also used a loud and
thorough scan on this one - feel free to modify this to suit your needs
with any nmap-friendly flags.
Finally, once the scan is complete, exploit with:
- db_autopwn -p -e -t
Or whatever your favourite flags are for this. Then, you watch it all
go by, and hoepfully at the end, you have a session. Don't forget, to
use it:
- sessions -l
- sessions -i 1
Happy testing! Click here for the quick reference version.
ليست هناك تعليقات:
إرسال تعليق