Wednesday, June 8, 2016

METASPLOIT - Windows XP - Exploitation


- Layout for this exercise:

- Metasploit allows to perform a port scan on a victim, similar to the usual scan with Nmap, using this auxiliary module:

- Options for this auxiliary module:

- The remote host (RHOSTS) is the victim's IP, and in this case the range or ports to be scanned will be from 1 to 1000:

- The result of the scanning process is that 3 ports are open at the victim machine: 135, 139 and 445:

- To exploit the victim, Metasploit provides the ms03_026_dcom exploit, based on a well known Microsoft vulnerability. This module exploits a stack buffer overflow in the RPCSS service.

- A required option for this exploit is the remote host's IP:

- Setting the RHOST or victim's IP:

- Also, a shell bind payload can be used, in order to achieve a remote shell from the victim:

- In this case, options for this payload are already established:

- The exploit is launched, and the successful result is the creation of a remote shell C:\WINDOWS\system32>

- Now, several post explotaition actions can be performed, as seen in next posts.