Hi everyone, I'm new here but I've lurked for around 2 months and read many tutorials. I was wondering if anyone could help me get past a wall in my learning: I can't hack my own LAN with metasploit.
At home I run Kali linux 2.0 on VMware on windows 7, Kali Nethunter on my phone and Kali on my RPi2. All other machines run windows 7, except one, seldom used, windows XP PC. Windows and most software are updated often on every machine.
Port/service exploitation on metasploit: I have used Nmap to learn what hosts are online etc. in my home via both console and armitage. I have tried various port-service exploits and the "hail mary" attack on armitage and had zero success. I haven't managed to find any obvious vulnerabilities in any recon scans on any of the laptops/computers in my home. Is it just that my network is hard to hack? Should I be able to hack these?
I know there are social engineering techniques like disguising meterpreter inside executables but I didn't want to rely on those as I'm trying to do this without leaving any trace.
Are there any port-service exploits that I could use to hack such a network without social engineering? Would I need to build a day zero exploit for this? Is this only a viable option for day zero exploit outbreaks and old operating systems and software?
I'm sorry to ask a broad question but I've tried to work around this metasploit brickwall for weeks and I'm losing steam.
6 Responses
John:
First, two months is not a lot of time to learn hacking. Most hackers study for years and are learning new things every day.
When exploits are revealed, the software companies patch them. They would be negligent otherwise. To hack your fully patched systems, you will need an exploit that has not yet been patched.
I suggest you keep one unpatched system to practice on.
OTW
I agree with that. Learning stops when you die.
Thanks OTW. I didn't mean to imply that I thought 2 months was impressive, but now that I think about it I have been trying to rush to learn it. I'll bear this in mind.
I have your series on making exploits but I hadn't reached it yet. Do you think it would be worth trying to make my own new exploits against windows 7 or would it be beyond my capabilities?
You're going to fail. A lot. The question is; what will you learn from each failure?
ghost_
This. I've studied for years, and still feel like I'm a noob. I'm pretty sure if I stop learning it's because I've become complacent.
Also if you want a box to hack that's not as challenging, throw metasploitable into your VM solution of choice. It's extremely easy to get at least a few shells on and good for getting basics down.
On the bright side I guess if it was easy everyone would do it and nobodies data would be secure.
Share Your Thoughts