Fast-Track Tutorial for Beginners | Payload Generation

We discussed Metasploit framework in a post and today in this tutorial we will be discussing about Fast-Track which is very easy to use as compared to metasploit as we will see later in the discussion.Here we will discuss how to generate payload using Fast-track from its menu driven interface.

What is Fast-Track?
 It is an open-source project in python and brain child of David Kennedy to come in help during penetration testing with the blend of metasploit framework to make pen testing automated.It makes it very easy for pen testers to exploit the client side data ,improper patch management etc.It has dependencies on metasploit,SQLite,FreeTDS etc.It is advantageous as compared to metasploit beacuse of its very user friendly usage.

What is Payload?
It is actually the work of the exploit that is the result or effect.For example while using any exploit on a targeted box we may get the shell,VNC desktop or access to the files etc on the attacker box.

What is Shellcode?
It is the opcode(Operational code) that can be executed on the targeted box to get the command shell etc.It can be encoded to bypass antivirus detection.

Requirements:

1.Backtrack

2.Virtual environment software.(Vmware player/Virtual Box)

>> Learn how to boot Backtrack from USB
>> Learn how to use Virtual Environment

Procedure:

Step 1.
Boot backtrack and open a shell console and change the directory to " cd /pentest/exploits " and
type "python setup.py install" to check if fast-track has all dependancies install so that it will download from online as shown below.
Step 2.
Now type "python fask-track.py" inorder to select the desired interactive mode.Here I have selected the menu driven mode (./fast-track.py -i) as in this discussion we will be using that.
Step 3.
Now as I got the menu for fast-track usage in the screen, I selected no.6 that is "Payload Generator" as shown in the image below.
Step 4.
Now in this step we have to select the type of payload from the given menu,here I have selected "Reverse_Tcp Meterpreter" that is no.2 as shown in the image below.
Step 5.
Now we need to encode our payload inorder to bypass the AV ,here we have selected no.2 as shown in the image below.
Step 6.
Now we need to enter the host IpAddress and the desired port.Then select the form of payload that is "executable" or "shellcode" as shown in the image below.
Step 7.
As you can see the payload is being saved in .txt format so,we can get the shellcode from it.If we would have choosen the "executable" format then a .exe file would have been created.

Step 8.
If the .exe file is run in the victim's box and we have setup a listener then we can get the meterpreter seesion on our desktop as shown in the image below.
 In the next post we will see how we can use the shellcode generated to make an executable.

If you find this post useful then do drop your comments it will be appreciated... :)
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 25 comments:

Aneesh M. Makker on January 28, 2011 at 10:27 PM said...

Very good work yar. Keep it up :)

Satyajit Das on February 3, 2011 at 12:18 AM said...

@Aneesh Thanks for the comment :) Keep visting.

Johnnynumer on March 1, 2011 at 3:21 AM said...

keep up the good work!

toto on April 20, 2011 at 1:20 PM said...

very clear tutorial. thank for sharing this tutorial. I am waiting your other post :)

Adley on April 22, 2011 at 11:44 PM said...

Good post it is good i like your blog

Ganhei Dinheiro on April 23, 2011 at 9:59 AM said...

This tutorial was very enlightening for me, thanks!

tvreplay75 on May 5, 2011 at 1:58 PM said...

I think it is a useful post for beginners in this program, but not only, it can remind basic things even to those who have some experience already. Good work.

Marijuana on May 30, 2011 at 12:14 PM said...

Thank You for the Post.It is very useful for me.I was looking for this kind of post.

Anonymous said...

This tutorial is very impresive..very informative to me..thank u very much

praneesh pradeep on July 2, 2011 at 5:46 PM said...

dude ur post r fine and simple ....better than prohack....but lack content
plz try to include more ...contentz....thankz for this

Dipendra on July 22, 2011 at 7:00 PM said...

Hats off to the one who has made backtrack. I am not familiar with this but I can hack WEP key with backtrack just I have noted the commands.

Sam Curtis on August 5, 2011 at 8:50 AM said...

Excellent review. Thanks for sharing mate!

Jake on August 23, 2011 at 12:19 AM said...

Nice post. I worked with Fast-Track for my senior design project, had a lot of fun with it

erwtisi on August 25, 2011 at 3:12 PM said...

very good work.Thanks

ht83 on August 26, 2011 at 9:49 AM said...

thank for share, i use for my site

Jass on September 20, 2011 at 10:44 AM said...

Its awesome must give a try thanks for giving a great tutorial

Diane on September 24, 2011 at 7:43 PM said...

Nice and great article! Im looking forward to read more of your article…Good job.

Satyajit (Admins,a.k.a Satosys) said...

@Praneesh Thanks for your appreciation.... Prohack is a good site too. :)

Yes I will surely come up with interesting contents soon.

Keep visting... :)

Ashley @ social security disability claims on October 20, 2011 at 11:27 PM said...

Wow! This is super exciting and fun.

Thank you so much for this tutorial.. I can't wait to read more hacking tips and tricks on the next weeks. :D

tom lee on November 29, 2011 at 2:48 PM said...

Excellent info once again. Thumbs up.

Alex on May 18, 2012 at 10:58 AM said...

Very interesting topics here in your site mate. Can't wait to read more of your blogs. Just keep it coming.

andy on June 19, 2012 at 10:15 AM said...

I'm glad that I stumble upon your site. I'll keep reading. Thank you.

Anonymous said...

good

sireesha on March 16, 2013 at 12:38 PM said...

i found this site very informative
thank you

Deon B. on June 29, 2013 at 1:37 AM said...

Great article,
you live and learn.

Thanks
Deon

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

 
© 2013 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates