Metasploit is a framework written in Ruby that makes it easy to run penetration tests on computers and servers. The Metasploit framework has hundreds of common exploits and payloads built right into it and ready to use. In addition to that Metasploit allows the user to add their own exploits and payloads into the framework as well. In the following exercise, I choose an exploit for a known vulnerability and a very powerful payload, which launches a program called Meterpreter on the victimized machine. This exercise is meant as a security test only and should never be run on a system that you do not have complete permission to target in this fashion.
In this demonstration, the victim machine is running Windows XP service pack 1 and an older version of Icecast Server (icecast2_win32_2.0.1_setup.exe) for Win32, which has a known vulnerability written into its code. You can find it here: http://downloads.us.xiph.org/releases/icecast/
In this part, I run Metasploit against a Windows XP system running a vulnerable server
In this part, I use Meterpreter to run a hashdump and then crack the Windows passwords with John the Ripper