A little background on the hack. I was doing an assessment of a financial application; the objective was to evaluate the security of the complete infrastructure on which the application will be hosted once it goes live. As oppose to the routine list of findings this particular hack took the limelight. It was system compromise with Administrator access to the system. It was last day of our assessment; I had little time on hand before I could wind up for the day.
But this was short lived, it dint take me more than 7 tries to get the combination right. And that opens my way into the system.
You can use the query analyzer or T-SQL code to run the command. We could send something like a VNC payload where we could get a GUI of the system, but that would likely be noticed by the system admin as he sees his mouse moving around his screen. We will use a VNC payload in a future hack.
So, to see what payloads are available to us, we simply need to type show payloads and Metasploit will list all the payloads available for this exploit. That's the one we want to use. It will connect to the Windows Server box and return us a command shell for remotely controlling the victim system.
Now that we have set the exploit and the payload, the only thing left to do is set the options on the payload. In other words, we need to tell the payload what system we want the command shell to connect back to. That would be us!
So, give it your IP address. Mine is Metasploit will send out the payload to the Windows Server system and return you a command prompt. You now own pwn that system! Want to start making money as a white hat hacker?
The Windows server is still used in several organizations to manipulate web servers, database servers, directory servers, FTP servers, and mail servers, but unfortunately it runs with several vulnerabilities, which easily attracts vicious hackers for unauthorized penetration.
The question is how the hackers exploit an unpatched operating system, in fact the modus operandi of illicit infiltration. If the target is live, then port scanning should be performed, which determines the status of all TCP and UDP ports; either they are open or closed on the target machines. If a network service is vulnerable, then the attacker might be able to use that information to speed up the vulnerability analysis process. We can encounter the port scanning method by one of the special tools, for instance Nmap or Metasploit itself.
Nmap has come into favor and is in fact a built-in vulnerability assessment tool of Backtrack or Kali Linux, and directly runs in the command shell, and generally asks the target IP address or DNS name as a parameter. So, we could penetrate that computer by exploiting these open services. We can also enumerate the open service on a target computer by using Metasploit port scanning exploits itself. In this odyssey, run the msfconsole and first search the available port scanning exploits modules in the msfconsole as follows:.
Therefore, we move ahead with the SYN scanning method. So, choose the port scanning exploit with the use command as follows:. Every exploit has specific options or parameters which can be displayed by the show options command as follows:. Note that this exploit requires the pcaprub module to be installed first in the Metasploit in order to scan the open port on the target computer.
We can configure this as follows:. Finally, run the exploit using the run command and it shall produce the list of open ports on the target computer as follows:. The exploit will only execute while the target host has a vulnerability which still remains unpatched.
Hence you would have to use a particular vulnerability scanner. Alternately, if your port scanner shows a particular port open, you can try all exploits for that particular port and see whether any one is successful carried out or not. The forthcoming demonstration regarding accessing the remote shell involves exploiting the common MS vulnerability, especially found on Windows Server and Windows XP operating system.
Metasploit can pair any Windows exploit with any Windows payload such as bind or reverse tcp. So, we can choose the MS vulnerability to exploit or open a command shell as well as create an administrator account or start a remote VNC session on the victim computer.
This vulnerability can be protected from hackers by patching the operating system, or by enabling a firewall to filter unwanted traffic and having installed an anti-virus with the latest signatures. We shall exploit the SMB port vulnerability of the target computer where Windows Server is running.
Most of the servers will have this service enabled so it will be very easy to exploit them except if they are using a firewall that filters the port You are commenting using your WordPress. You are commenting using your Google account. You are commenting using your Twitter account.
You are commenting using your Facebook account. Notify me of new comments via email. Notify me of new posts via email. Skip to content As a professional penetration tester you will have to deal with various systems including Windows and Linux.
Microsoft-ds Service is Open Our next step will be to open the metasploit framework in order to find the appropriate exploit that it will give us access to the remote server. Search for the netapi Exploit So we are configuring the exploit with the appropriate IP addresses and we will use as a payload the meterpreter service.
0コメント