Backtrack Metasploit Tutorial: Owning a Box with Aurora Exploit

Great introductory Metasploit tutorial on PaulDotCom yesterday. PaulDotCom is run by Paul Asadoorian (GCIA, GCIH). Paul is an information security expert, performs penetration tests and has co-authored Ultimate WRT54G Hacking, a book dedicated to embedded device hacking and wireless security.

The video is called “Metasploit 101 Putting it All Together” by Mark Bennet. Mark recently gave a presentation at the Michigan ISSA on Metasploit and decided to create a video showing some of features of Metasploit.

Mark gives step by step instructions on how to use the Aurora exploit with Backtrack 4 and the MSF console. The Aurora exploit was the vulnerability exposed in the recent Google hacking. Mark sets up the exploit through the console and sets the target webpage. Once these are set, all that is required is that an unpatched browser visits the page. Once the victim machine visits the attacker’s website, a session is created.

Once a session is created, Mark shows some of the interesting features you can use through a meterpreter shell including Keylog Recorder and a nifty program called Scraper. Scraper is a cool program that pulls a lot of information from the target PC, including shares, users, registry keys, etc. Packetrecorder allows you to record target system packets to a file. Hashdump allows you to view the password hashes. Migrate allows you to move your session shell to another program ID, and Upload allows you to upload files to the remote PC. Lastly, Mark demonstrates how to create a backdoor on the target machine so you can access it at a later time.

The video quality is a little poor, but Mark’s video is informative and easy to follow and is a great introduction to using the MSF console. Check it out.



3 thoughts on “Backtrack Metasploit Tutorial: Owning a Box with Aurora Exploit”

  1. Pingback: Gadget Newz
  2. Download SecurityTube Metasploit Framework Expert DVD FREE Enjoy 😉 😉

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.