Prince Sultan University

College of Computer and Information Sciences

CYS$401-$ Fundamentals of Cybersecurity

Practical $4$: Metasploit Framework $-$

Generating Meterpreter Payload in Kali

Linux and send it to Victim to gain access and control of Victim Computer

Instructions:

a$.$ The assignment must be done individually.

b$.$ The assignment is of $10$ marks. You'll have to demonstrate the assignment on your PC OR submit a report. For each assignment, there will be an assessment.

c$.$ The assignment should preferably be done on a laptop.

d$.$ Required Tools: Kali$-$ Linux, Firefox, python.

Introduction:

Metasploit $-$ is the most powerful tool of Kali Linux used for pen$-$testing. The main components of Metasploit are msfconsole, the most commonly used shell$-$like all$-$in$-$one interface that allows you to access all features of Metasploit.

Exploit: A code that exploits the found vulnerability.

Payload: It's a code that helps you achieve the goal of exploiting a vulnerability. It runs inside the target system to access the target data, like maintaining access via Meterpreter or a reverse shell.

Meterpreter: has become a Metasploit attack payload that gives an intruder factor that affects how to browse and execute code on the target machine.

Lab Details:

In this lab we will use Metasploit to create a payload and exploit the victim computer.

We will create a meterpreter in which we need to mention the service $($tcp$,$ reverse$\_$tcp$,$ smtp$),$ target machine $($Windows$,$ Mac, android, Linus etc.$)$ and payload runnable format $(.$exe, $.$apk etc.$).$ The payload is then sent to a target machine through a back door in order to gain access and control of the victim machine. A little bit social engineering is also used here to trick the user to open the payload $($embed it in some software, send it through email or chat$)$

Steps:

Login to Kali Linux.

Open terminal and check the IP address of kali machine