Exploiting Vulnerabilities of Windows 2000 Server using NMAP, Nessus and Metasploit

November 6, 2018 | Views: 5889

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Using NMAP to identify OS and services on the vulnerable machine (Windows 2000 server)

Nmap is a free and open source for network discovery and security auditing.
Firstly we have to setup the virtual environments of vulnerable machine (Windows 2000) and kali Linux on the VM virtual box. And we have to set their IP’s as in a same network range.
Once open kali terminal, nmap –sV -O 192.168.56.99 (IP of the Windows 2000 machine) this will give us a report of version of each network processes and operating system as shown below.
 


Nessus vulnerability scanner

 
Nessus is a proprietary vulnerability scanner developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment.
Nessus does not come pre-installed. So we have to download Nessus and install and configure.
Nessus allows scans for the following types of vulnerabilities,
  •          Detection of security holes in local or remote hosts.
  •          Detection of missing security updates and patches.
  •          Simulated attacks to pinpoint vulnerabilities.
  •          Execution of security tests in a contained environment.
  •          Scheduled security audits.

 

Then, Open a Kali terminal and run Nessus with the command: 
service nessusd start
Nessus run as a server in background and is accessible via a web interface. Open a web browser and browse https://127.0.0.1:8834 and login. Then the following web interface will be appeared.

 
First Scan
 
Go to Scan Templates -> New Scan and give the Name of the system.
For Policy choose the Internal Network scan.
Put the IP address of the target (Windows 2000) in to the Scan Target Box and Run Scan.

 

Wait till the scan complete, then go to the results tab and see the scans populate in real time.

 


The vulnerabilities are categorized related to the severity as shown below,
Purple – Critical
Red – High
Orange – Medium
Green – Low
Grey – Information
 
To view vulnerability summary go to the Vulnerabilities tab and Click on a vulnerability.

 

From these vulnerabilities I will select the vulnerability MS05-47 for the demonstration purpose of the followings.
 
Using Metasploit to compromise a Vulnerability host
 
After identifying the possible vulnerabilities in order to launch the attack we are using Metasploit to execute the exploits.
To execute this exploit we need,
·         An exploit – MS04_047_wins (above selected vulnerability)
·         A payload – code which will run once the exploit is successful
·         Option- IP address etc…
 
Metasploit 
Metasploit Framework is Open source and it is a software platform for developing,testing and executing exploits. It can be used to create security testing tools and exploit modules and as a penetration testing system. It was originally created as a portable network tool in 2003 by HD Moore.

To start Metasploit open a terminal, start by initialing the database and web-server,

service apache2 start
service postgresql start
 
Then the command, msfconsole  

This command provides an “all-in-one” centralized console and allows you efficient acess to virtually all of the options available 🙂 .
 
       
Search command
By using the search command Metasploit will search for the given search term in the module names and description as following,
search ms04-047
 

 

Use command
The use command in Metasploit is used to activate a particular module and changes the context of the msfconsole to that particular module. The exploit name will be mentioned in red on the command line as following,
 
Info and show option commands
We can view the information of this vulnerability by info command and view other information byshow option command.
 
 

 

Set command
The set command allows you to configure Framework options and parameters for the current module you are working with.
set RHOST 192.168.56.99 (RHOST – remote host (windows 2000))
Then exploit it by the command exploitThis exploit is capable of shutting down windows 2000.
 
 
 ——————————————————————-


This is another exploit of a vulnerability to get a remote desktop of windows 2000.ility
Vulnerability –  ms04-045
 
Search the vulnerability,


 


Use the module path,

 


Set the remote host and exploit,
Then we run a meterpreter to get a remote desktop of the windows 2000 machine by the command
run vnc
 

 

Finally we will be getting a remote desktop as follows,
 

Hope you would understand 🙂
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel