WINDOWS XP - EXPLOITATION
- Layout for this exercise:
- Metasploit allows to perform a port scan on a victim, similar to the usual scan with Nmap, using this auxiliary module:
- Options for this auxiliary module:
- The remote host (RHOSTS) is the victim's IP, and in this case the range or ports to be scanned will be from 1 to 1000:
- The result of the scanning process is that 3 ports are open at the victim machine: 135, 139 and 445:
- To exploit the victim, Metasploit provides the ms03_026_dcom exploit, based on a well known Microsoft vulnerability. This module exploits a stack buffer overflow in the RPCSS service.
https://www.rapid7.com/db/modules/exploit/windows/dcerpc/ms03_026_dcom
- A required option for this exploit is the remote host's IP:
- Setting the RHOST or victim's IP:
- Also, a shell bind payload can be used, in order to achieve a remote shell from the victim:
- In this case, options for this payload are already established:
- The exploit is launched, and the successful result is the creation of a remote shell C:\WINDOWS\system32>
-
Now, several post explotaition actions can be performed, as seen in next posts.
