How to Exploit Vulnerabilities in an Operating System using Metasploit

·         Vulnerable System: Windows 2000
·         Penetration testing system: Kali Linux    

Key Tools Used:        
·         nmap
·         Nessus
·         Exploit-DB
·         Metasploits


1)      First open the Kali Linux and windows 2000 in virtual box and run it. 
  • Get the ip addresses of kali linux and windows 2000. Both should be in same ip range in order to ping

Figure 1: Kali Linux IP address

Figure 2: Windows 2000 machine IP address


           In here both IP addresses are in class C.
  •  Ping the windows in kali and vice versa.
Figure 3: Ping from windows to kali

Figure 4: Ping from Kali to Windows

2)  nmap – Using this we can find some services and versions of that services on the vulnerable machine like installed OS, open ports, closed ports etc.
  • Using nmap find the open ports in windows 2000
Figure 5: Find the open ports and closed ports




Figure 6: Finding UDP ports
Figure 7: Scan for most common 5 ports

  • Using nmap we can find the OS version installed in targeted machine.



3)      Nessus - Search for vulnerabilities in targeted host
-                 Now I know the OS of the targeted machine. Now I can find the vulnerabilities of that OS. To that I use nessus.
  • First start the nessus server.

  • Open a browser and browse to nessus using the url https://127.0.0.1:8834
  • Start a scan for targeted host.
Figure: Scan Summary (After scanning process finish)
  • Nesses report will display many vulnerabilities that can be exploited. In this windows server I got 83 critical vulnerabilities.
  • We can look for more details on each vulnerability by clicking on that vulnerability.



4)      Metasploit – Use to compromise the vulnerable host
-                 Now we have to exploit these vulnerabilities and have to get the root access.
  • First start the metaspolit by initialing the database and the webserver.
  • Now I’m in msfconsole So I need to find the metasploit modules which will allow us to carry    out our attacks.
  • This allows us to create a meterpreter session with the server by using metasploit.
  • This also gives us the chance to gain a shell with root privileges.


 I.            MS03-026: Microsoft RPC Interface Buffer Overrun (823980)
Figure: Get more details using nessus

Figure: Get more details using metasploit
  • Now we have the location of the exploit to take advantage of the MS03-026.
  • Next view the information metasploit holds for this vulnerability
  • Search for what option can take to do some exploits.

  • Now we should set the target host.
  • Now we can exploit the selected vulnerability.

  • Now I can get System information and network configurations using this vulnerability
  • Also, I can access and control the windows desktop being inside the kali.








II.            MS03-007 Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow.
















Comments

Popular posts from this blog

Introduction to Encryption

RESTful API

How to do a Phishing attack on Facebook?