Compromising outdated Windows operating systems with Metasploit!

Disclaimer: This tutorial is for educational purposes only and was done inside a private environment.

Kali Linux

The first thing you are going to want to do is spin up a Kali Linux virtual machine. If you dont know how to install one you can learn how here. After that is done we can move onto the next step. You are also going to want to install a Windows VM because you'll need a system to attack. In this case I will be compromising a Windows XP system.

Kali comes with many pre installed programs that allow you to perform many tasks. One of those tools is NMAP which is a great tool to discover hosts and services on a network. This is one of the most useful tools in kali because it provides you with lots of information about your target that can be used to compromise their system!

Note: Linux operating systems provide manuals for their tools and give you an overview on how to use it. To see a manual, open a terminal and type “man” and the name of the tool you are using.

Scanning the network

We have to scan the network to find our target and gain information before we can attack.

My target's IP address is 192.168.168.192. you can see that there are many open ports and this will be helpful when exploiting our target. Generally the more open ports there are the more insecure the system.

Exploitation

Now that we have found our target and we know that it is vulnerable we can now attack. I am going to be using Armitage which is Metasploit but with a GUI interface. It makes it easy because it displays your hosts, suggests attacks, and exposes the advanced post exploitation features which are very fun! We will get to those soon!

After adding the host to the table and running another scan we can see that our target is running Windows XP. Now click on the attacks tab and click find attacks in the drop down window. Right click on the highlighted computer in the table and choose an attack. If you are not sure what attack to use, you can click check exploits and it will tell you what attack this computer is vulnerable to.

In this case I will be using a Windows/smb/ms08_067_netapi. This module exploits a parsing flaw in the path canonicalizing code of NetAP132.dll through the server service. This module is capable of bypassing NX on some operating systems and service packs. Windows XP targets seem to to handle multiple successful exploitation events.

If all else fails you can do a “Hail Mary” attack which floods the system with every possible exploit. I would not advise this, it is very noisy and there is nothing stealthy about this.

When you see the computer turn red and lighting around it, you have successfully compromised the machine

Now that we have successfully gained a shell inside the computer we can do lots of malicious things. This is where it gets fun!

Post-Exploitation

We can use the Meterpreter session to do many things like browse files, log keystrokes, and screenshot. Another thing that you can do that is kind of sketchy is if they have a webcam you can access it and watch with a click of a button.

After taking a screenshot we can see the user is on youtube and facebook. Scary right?!

Persisting

One thing you should do after gaining access is getting persistence, which basically means the payload will execute every time the computer is booted up. this way you have a shell every time the user tries restarting or rebooting the computer.

Conclusion

If you followed along with me and were successful in compromising the system, you saw how easy it was. Grant it, I used a Windows XP machine which is not supported by windows anymore, it still shows how easily it can be to compromise. Some tips I can give to the not so tech savvy

  • Upgrade your operating systems to their latest versions. these are more frequently updated and patched whenever a vulnerability is found
  • Stronger passwords. A strong password could be the difference in protecting your system from someone trying to gain access to your computer or other devices
  • It's also important to change the passwords from the default credentials on all your devices connected to the internet (Embedded devices)because these can easily be found on the internet or in a manual
  • Never give permission to other devices trying to connect to your computer. 99% of the time the answer is no when there is a pop up window saying a device is trying to connect to you.
  • Beware of downloading software, music, movies, games, etc. If it isn't the licenced site from which you are downloading from you could be at risk. Your download could have malicious code attached to it that makes changes to your computer that you are unaware of
  • Lastly, never leave your computer logged on and unattended in the office or public place. I am a strong believer that if someone has physical access to your computer then there is nothing preventing them from compromising that system.

Be sure to check my blog in the future for more tutorials and informational reports.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.