this video would be way more useful if you would just use a god dam mic

what is it with you noob hacker types playing songs in videos.

wtf are you using windows lol, backtrack much more efficient

@Tajnost1337 well yeah but EVERYBODY shows it using Backtrack. I figured I'd use the Windows version for laughs. You'll notice I use various OSs in my videos so people know its diverse.

post a better resolution , plz !

good

hey man nice vid. umm can you do the quicktime one and speed up the typing when u edit the video... thad rock face.

thanks again

can you use metasploit to hack virtual pc 2007? windows xp sp2?

yes you can check out my channel =)

Zero Code

yes

does the victim need to be running vnc client? Or can you just hack some computer running windows only remotely?

Gotta be running VNC. And they must be running a vulnerable version for it to work. Google "VNC Vulnerability" to find out which version are effected.

So it's any type of remote control program running on the host that needs to be exploited?

Is there a way to make direct connection to force remote control only through the raw internet connection? So imagine an alien operating system that's connected to the internet, but has no programs, is it possible to take the computer over even when it's running not one program?

Yes with netcat you probably could. Netcat can essentially and effectively take control of things like ssh and file sharing ports. Even though these aren't necessarily "programs" they are "services" You could then pump data in and suck data out.

And don't forget, older versions of VNC store a hash of the password in the registry which is easily decrypted.

This exploit uses VNC. There are several exploits that can be used if VNC isn't running. But since you asked this 11 months ago, I trust you know that by now.

Do you think that there's always a vulnerability in any internet connection no matter what people do? But can we use these vulnerabilities untraced and undetected you think? Is it possible to gain control while keeping it not known? And can they trace me through a proxy network? Probably right?

I choose not to make videos and i was in no way having a go at you i was making a playfull joke at metasplit which might i add i use daily it is a great tool and am sorry if i offended you

No hard feelings all in good fun

Well, I apologize for taking it the wrong way. I get some pretty asinine comments sometimes as you can probably imagine lol. When you aren't talking to someone face to face, its hard to tell when they are joking and when they are serious know what I mean? You are correct though sir: Metasploit is about as "Autohack" as it gets. Doesn't take a whole lot of skill to use, but it is fun to tinker with.

script kiddy much

This looks so much easier to use than the non-gui linux version, think i might swap over to windows and give this a go!

The Linux Version HAS a GUI..

It does? I haven't been able to find one even with the latest versions of metasploit.

Download it from the Metasploit site for Linux, then unpack it, you'll get a folder. Run "msfgui" in it. You need Ruby, tho. Use your packet manager and download the newest ruby packages.

Ok i'll give it a go, already got ruby. Thanks for help.

it was a bitch for me to get it workin right on ubuntu. after everything is installed/configured, all you do is run msfweb, open up to the ip/port in a web browser and bingo. you got it. its been 5 mo. since you posted so you probably have it by now but i figured id try to help anyways.

cheers.

Yo AJ! Can you send me this song? Or upload it to rapidshare and send me the link? I've been looking for this song for agess bro!

Peace, and cool video :]

-C|0N3D

Hey i'm new to Metasploit. What i wish to do is gain access to a particular workstation on an unsecured wireless network. I have the internal IP address, and everything is ready to roll, except i have no clue as to which exploit i need to use. The workstation i wish to access is an XP SP2. Can anybody point me in the right direction of a good tutorial?

you need to scan for services running on the server. Use nmap to profile the ip, determine the version. Amap is another good tool for service discovery. Once you know what is running, determine if it is vulnerable and choose the exploit for that particular service...

perhaps having Data Execution Prevention on prevented the payload from executing, perhaps it was my av's b0f prevention, who knows? I would like to try again soon and actually do something useful lol...

yeah wow! I have some research ahead of me lol...

The offset to the return address on the stack is most likely off. You could attach to Ultra VNC with the debugger and find the buffer that is being overflowed in the stack. Then you can determine where the return address is and setup the correct address that will 'jmp esp' or the such to the nop sled. This will then allow for execution of the payload. My suggestion is just to watch it all take place with the debugger. =]