Fast-Track Tutorial for Beginners | Payload Generation

We discussed Metasploit framework in a post and today in this tutorial we will be discussing about Fast-Track which is very easy to use as compared to metasploit as we will see later in the discussion.Here we will discuss how to generate payload using Fast-track from its menu driven interface.

What is Fast-Track?
 It is an open-source project in python and brain child of David Kennedy to come in help during penetration testing with the blend of metasploit framework to make pen testing automated.It makes it very easy for pen testers to exploit the client side data ,improper patch management etc.It has dependencies on metasploit,SQLite,FreeTDS etc.It is advantageous as compared to metasploit beacuse of its very user friendly usage.

What is Payload?
It is actually the work of the exploit that is the result or effect.For example while using any exploit on a targeted box we may get the shell,VNC desktop or access to the files etc on the attacker box.

What is Shellcode?
It is the opcode(Operational code) that can be executed on the targeted box to get the command shell etc.It can be encoded to bypass antivirus detection.

Requirements:

1.Backtrack

2.Virtual environment software.(Vmware player/Virtual Box)

>> Learn how to boot Backtrack from USB
>> Learn how to use Virtual Environment

Procedure:

Step 1.
Boot backtrack and open a shell console and change the directory to " cd /pentest/exploits " and
type "python setup.py install" to check if fast-track has all dependancies install so that it will download from online as shown below.
Step 2.
Now type "python fask-track.py" inorder to select the desired interactive mode.Here I have selected the menu driven mode (./fast-track.py -i) as in this discussion we will be using that.
Step 3.
Now as I got the menu for fast-track usage in the screen, I selected no.6 that is "Payload Generator" as shown in the image below.
Step 4.
Now in this step we have to select the type of payload from the given menu,here I have selected "Reverse_Tcp Meterpreter" that is no.2 as shown in the image below.
Step 5.
Now we need to encode our payload inorder to bypass the AV ,here we have selected no.2 as shown in the image below.
Step 6.
Now we need to enter the host IpAddress and the desired port.Then select the form of payload that is "executable" or "shellcode" as shown in the image below.
Step 7.
As you can see the payload is being saved in .txt format so,we can get the shellcode from it.If we would have choosen the "executable" format then a .exe file would have been created.

Step 8.
If the .exe file is run in the victim's box and we have setup a listener then we can get the meterpreter seesion on our desktop as shown in the image below.
 In the next post we will see how we can use the shellcode generated to make an executable.

If you find this post useful then do drop your comments it will be appreciated... :)
Fast-Track Tutorial for Beginners | Payload Generation Fast-Track Tutorial for Beginners | Payload Generation Reviewed by Satyajit (Admins,a.k.a Satosys) on Friday, January 28, 2011 Rating: 5

25 comments:

Anonymous said...

Very good work yar. Keep it up :)

Satyajit Das said...

@Aneesh Thanks for the comment :) Keep visting.

Johnnynumer said...

keep up the good work!

toto said...

very clear tutorial. thank for sharing this tutorial. I am waiting your other post :)

Unknown said...

Good post it is good i like your blog

Ganhei Dinheiro said...

This tutorial was very enlightening for me, thanks!

tvreplay75 said...

I think it is a useful post for beginners in this program, but not only, it can remind basic things even to those who have some experience already. Good work.

Marijuana said...

Thank You for the Post.It is very useful for me.I was looking for this kind of post.

Anonymous said...

This tutorial is very impresive..very informative to me..thank u very much

Unknown said...

dude ur post r fine and simple ....better than prohack....but lack content
plz try to include more ...contentz....thankz for this

Dipendra said...

Hats off to the one who has made backtrack. I am not familiar with this but I can hack WEP key with backtrack just I have noted the commands.

Sam Curtis said...

Excellent review. Thanks for sharing mate!

Jake said...

Nice post. I worked with Fast-Track for my senior design project, had a lot of fun with it

erwtisi said...

very good work.Thanks

ht83 said...

thank for share, i use for my site

Jass said...

Its awesome must give a try thanks for giving a great tutorial

Diane said...

Nice and great article! Im looking forward to read more of your article…Good job.

Satyajit (Admins,a.k.a Satosys) said...

@Praneesh Thanks for your appreciation.... Prohack is a good site too. :)

Yes I will surely come up with interesting contents soon.

Keep visting... :)

Ashley @ social security disability claims said...

Wow! This is super exciting and fun.

Thank you so much for this tutorial.. I can't wait to read more hacking tips and tricks on the next weeks. :D

tom lee said...

Excellent info once again. Thumbs up.

Alex said...

Very interesting topics here in your site mate. Can't wait to read more of your blogs. Just keep it coming.

andy said...

I'm glad that I stumble upon your site. I'll keep reading. Thank you.

Anonymous said...

good

sireesha said...

i found this site very informative
thank you

Deon B. said...

Great article,
you live and learn.

Thanks
Deon

Powered by Blogger.