I suggest you to begin to install backtrack 5 in your virtualbox and 1 windows machine.

Here is a good site:

http://www.metasploit.com/learn-more/how-do-i-use-it/test-lab.jsp

Thanks 3xban. I already have backtrack 5 on 1 virtual box and windows xp professional with SP3 on another with windows vista 32 on my main computer.

Now everything im doing is legal because it is on my own computer so please try to help me as much as you can I really do want to get into this.

I am following this tutorial http://www.securitytube.net/video/1175 and he is extremely good at explaining stuff. I got to part 3 and then decided that I want to give this a try.

So I get to the part where he downloads the exploit from a site I wont mention here. Although my exploit is different because the exploit he uses wont work on my XP professional with SP3

Here is the one I want to use, why? I have absolutely no idea but what the hell try and learn right? http://technet.microsoft.com/en-us/security/bulletin/ms11-071

So I open up metaspolit console just like he does, but I think he already has the code saved on his computer because he types in something like "search dcom.1" and it finds it.

When I type in "search ms11-071" it doesnt find it and I cant find the code for this exploit anywhere on the internet....

It's quite difficult to follow along to his video to the T because metasploit has been updated sinse his video and some things have changed but I dont expect it to be simple although any help would be greatly appreciated.

I'm making progress! im so close lol. I updated my msf just a little while ago and I thought let me just try and see if his exploit works on xp pro sp3 which ofcourse it never but it feels good to know im so close if I just had the correct exploit.


http://i51.tinypic.com/wclu86.jpg%5B/IMG


for the doubters who think im not using my own computer to test

p.s thnx eccodom ill try that one


**EDIT** sorry going abit of topic now I know but eccodom that exploit is quite different I have to set the server host IP and address and it exploits something to do with internet explorer. I need something very basic. Thanks anyway

Sorry me again..... I am looking through the microsoft website for vulnerabilities that suit my windows xp pro sp3 machine and there are loads and loads but none! not 1 single exploit is listed in the metasploit framework...

So I widen my search my typing in "search ms11, ms10, ms09" ect so it refines the search by the year and it lists lots of exploits but there for things like windows media player, .net framework, microsoft office and such.

I wish there was a way to search specifically for vulnerabilities with windows xp pro sp3  in metasploit...

Thanks x3ban but I have checked those sites before. Basically to put it simply I am trying to find an exploit that will work for Windows XP professional sp3 as thats what my virtual box system is running its annoying because in metasploit you cant actually search for a list of exploits that work for xxx system you can only search for that specific exploit by name like MS11-xxx


Thanks anyway ill keep having a look around

So do you mean downloading these programs to my main computer and running exploits on them? I cant get into the xp on my virtual box without running an O/S exploit first?

I'll have a look around see if I can get an unpatched software like you said but it may prove difficult

Yes ofcourse I have access to it, but dont I have to hack it from my other virtual box running linux or can I just log into the virtual box running xp and start exploiting stuff