Remote hacking with metasploit
For those new to security and hacking the power of an attack with metasploit is surprising. Most of the times beginners find hacking the most interesting hobby! Well, the “real hacking”, which is footprinting, exploit development and attack design, needs a lot of knowledge, experience and creativity. Fortunately, nowadays even those with little experience in computer can practically learn hacking with metasploit. In this article I am going to introduce requirements and steps to arrange a hacking presentation with metasploit.
Metasploit MS08-067 exploit
MS08-067 exploit in metasploit was based on CVE-2008-4250 vulnerability. This vulnerability was the basis of one of the most devastating malwares in the world. Conflicker worm made use of this vulnerability and infected five million computers! MS08-067 exploit provides the same functionality public generally expect from hacking. Just aim a vulnerable target with metasploit and bam; you own the system! At CVE website you can see a full list of vulnerable hosts. For this article I chose Microsoft Windows Server 2003 Service Pack 2 (Enterprise Edition). You will see how easy is hacking this windows server with metasploit.
To demonstrate this hacking you need a working version of this Windows somewhere in your network. For simplicity I suggest you install VMWare Workstation and then install a copy of this Windows as a virtual machine. After installation just power on the virtual machine and record the machine’s IP address (you will need it to configure metasploit for hacking). A simple ipconfig command can show you the IP address.
Remotely hacking windows server 2003 with metasploit
To hack vulnerable hosts to CVE-2008-4250 I use Metasploit. Metasploit is a penetration testing application. It provides both a user friendly UI and a console and has numerous capabilities for hacking. Before Installing Metasploit don't forget to disable your Anti-Virus or exclude both the installation folder and metasploit exe directory to your antivirus .After Installing and activating metasploit (the community edition is free and sufficient for this demonstration) you can follow from here to perform the remote hacking (these steps have been tested on Metasploit 4.8.2 - update 1):
- Disable you Antivirus and firewall, they don’t allow you to perform the attack because they think your system has been infected by a malware and that malware is trying to infect other computers. This is because Metasploit exploits have the signatures of a malware.
- Open an internet browser like Firefox and type https://localhost:3790. This is the address to the metasploit user interface
- Type the username and password you entered while installing metasploit
- Click New Project button in the homepage of metasploit
- Name whatever you want and enter the IP address you recorded, in the network range, mine was 192.168.184.130 so I entered 192.168.184.130-130.
- After project creation in metasploit perform a scan to make sure the host is vulnerable
- After completion of the scan you should see these ports identified by Metasploit: netbios 137, smb 445, 139 and several others
- Select Module tab of the metasploit menu
- In the search box type MS08-067 and press Enter
- Select the Module found by metasploit
- Leave all the options but the target, select “Windows 2003 SP2 English (NX)” as target and press “Run Module”
- After completion of attack, select sessions tab of metasploit menu. In this tab you can access the compromised system’s Desktop. To do that, click “Remote Desktop”
- Go to [Metasploit installation Folder]\tools folder and select “vncviewer”
- Paste the address you copied and press OK
- That’s it, you hacked the windows Server 2003 target with metasploit! Now you can see the host’s desktop and control it
With Metasploit of course, you can do a lot more. Remote desktop option was my favorite but this is not at all the only option you have after you hacked the target with the metasploit payload. For example you can simply place a keylogger in the target with the metasploit UI.
Optionally if you’re more comfortable with console you can open Metasploit’s console (in your Metasploit's installation folder), download and modify this remote hacking file’s RHOST variable and run the following command in the metasploit console:
You saw how easy hacking a remote vulnerable target is with metasploit. We attacked a fresh installed version of windows server 2003. We didn't update it and this made it a perfect vulnerable target; One strong reason to make your operating system always up to date. After all now you know how dngerous metasploit can be in the hands of a script kiddy. With an up to date operating system at least you have one bar of defense.