How to Exploit the Vulnerability of a Missing Patch Using Metasploit
Download and install Metasploit. After the installation is complete, run the Metasploit GUI.
The Metasploit GUI is now referred to as the Metasploit Framework GUI (MSFGUI) which is Metasploit’s main console
Expand the Exploits option to see what exploits are available to run..
If you know the specific vulnerability (say, Microsoft’s MS08-067), you can simply enter part or all of the search term (such as ms08) in the search field at the top and then click Find.
After you find the exploit you want to run against your target system, simply double-click the exploit and then follow the steps starting with selecting the target operating system; click the Forward button.
Select Automatic Targeting if it’s available; otherwise, make your best guess of which version of Windows is running and then click the Forward button.
Select the payload you want to send to the target and then click the Forward button.
The payload is the specific hack that you want to attempt.
Enter the IP address of the target system in the RHOST field and confirm that the IP address shown in the LHOST field is the address of your testing system. Click the Forward button.
After clicking Forward, you will have one more chance to confirm or cancel this hack.
Confirm your settings on the final screen, and click the Apply button.
The job executes, and you see the shell session in the Sessions section in the lower-right quadrant of the Metasploit GUI.
Double-click the session and a new window opens with a command prompt on the target system.
To add a user, simply enter net user username password /add at the Metasploit command prompt.
Next, add the user to the local administrators group by entering net localgroup administrators username /add at the Metasploit command prompt. You can then log in to the remote system by mapping a drive to the C$ share or by connecting via Remote Desktop.