How to Exploit Vulnerabilities in an Operating System using Metasploit

·         Vulnerable System: Windows 2000
·         Penetration testing system: Kali Linux    

Key Tools Used:        
·         nmap
·         Nessus
·         Exploit-DB
·         Metasploits


1)      First open the Kali Linux and windows 2000 in virtual box and run it. 
  • Get the ip addresses of kali linux and windows 2000. Both should be in same ip range in order to ping

Figure 1: Kali Linux IP address

Figure 2: Windows 2000 machine IP address


           In here both IP addresses are in class C.
  •  Ping the windows in kali and vice versa.
Figure 3: Ping from windows to kali

Figure 4: Ping from Kali to Windows

2)  nmap – Using this we can find some services and versions of that services on the vulnerable machine like installed OS, open ports, closed ports etc.
  • Using nmap find the open ports in windows 2000
Figure 5: Find the open ports and closed ports




Figure 6: Finding UDP ports
Figure 7: Scan for most common 5 ports

  • Using nmap we can find the OS version installed in targeted machine.



3)      Nessus - Search for vulnerabilities in targeted host
-                 Now I know the OS of the targeted machine. Now I can find the vulnerabilities of that OS. To that I use nessus.
  • First start the nessus server.

  • Open a browser and browse to nessus using the url https://127.0.0.1:8834
  • Start a scan for targeted host.
Figure: Scan Summary (After scanning process finish)
  • Nesses report will display many vulnerabilities that can be exploited. In this windows server I got 83 critical vulnerabilities.
  • We can look for more details on each vulnerability by clicking on that vulnerability.



4)      Metasploit – Use to compromise the vulnerable host
-                 Now we have to exploit these vulnerabilities and have to get the root access.
  • First start the metaspolit by initialing the database and the webserver.
  • Now I’m in msfconsole So I need to find the metasploit modules which will allow us to carry    out our attacks.
  • This allows us to create a meterpreter session with the server by using metasploit.
  • This also gives us the chance to gain a shell with root privileges.


 I.            MS03-026: Microsoft RPC Interface Buffer Overrun (823980)
Figure: Get more details using nessus

Figure: Get more details using metasploit
  • Now we have the location of the exploit to take advantage of the MS03-026.
  • Next view the information metasploit holds for this vulnerability
  • Search for what option can take to do some exploits.

  • Now we should set the target host.
  • Now we can exploit the selected vulnerability.

  • Now I can get System information and network configurations using this vulnerability
  • Also, I can access and control the windows desktop being inside the kali.








II.            MS03-007 Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow.
















Comments

Post a Comment

Popular posts from this blog

Introduction to Encryption

Image
What is Encryption? Encryption is like sending secret messages between parties; if someone tries to pry without the proper keys, they won't be able to understand the message. In other words, it is the process of locking up information using cryptography (Cryptography is both the practice and the study of hiding information.) Definition:  ‘ The Process of converting plain text into cipher text, something that appears to be random and meaningless ’ is called as the encryption. Process of converting cipher text back into original text is called as decryption . Terminology Original message is called as plain text/clear text.   Encrypted message is called as cipher text/encrypted text.  A Key which is a secret like a password which is used to encrypt and decrypt information.  Ciphers are the specific algorithms which are used to encrypt and decrypt data. A cipher is series of well-defined steps that can be followed as a procedure to encrypt and decrypt m
Read more

Cross-Site Request Forgery protection in web applications via Double Submit Cookies Patterns

Image
Double submission of cookies is another well-known method to block CSRF. Similar to using unique tokens, random tokens are assigned to both a cookie and a request parameter. In double-submitted cookie pattern, two cookies (for the session and for the CSRF token) are stored in the browser. This pattern is also called as Stateless CSRF Defense since the server site does not have to save this value in any way, thus avoiding server side state. In our previous method, we stored CSRF token values on the server side (text file). But here we don't do it. When a user authenticates to a site, the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user's machine separate from the session id. The site then requires that every transaction request include this random value as a hidden form value (or other request parameter). A cross origin attacker cannot read any data sent from the server or modify cookie values, per the same-origin
Read more

How to do a Phishing attack on Facebook?

Image
This is a Step by step tutorial to make an undetectable Facebook phishing site. Step 1: Download page source Go to https://www.facebook.com Right click on the blank area -> Click Save As When dialog box appears select ‘Webpage, complete’ as Save as type -> Click Save Step 2: Edit “Facebook - Log In or Sign Up.html” file and rename it. Open ‘Facebook - Log In or Sign Up.html’ file with notepad or Dreamweaver. Remove all the ajax codes. (You can download HTML file which removed all ajax codes form here https://github.com/nimeshikaranasinghe/Facebook-Phisihing.git   ) Search for login action (Press Ctrl + F -> type ‘ action= ’ -> Click Find Next) Replace the highlighted part (as in the following screenshot) with getDetails.php Save the file as index.html Step 3: Create getDetails.php Open a notepad. Type the following code <?php             $username = $_POS
Read more