Task 8.8: Exploiting Vulnerabilities with Metasploit
Patching continues to be of critical importance to the security professional. The importance of a good patch-management program cannot be emphasized enough. Sometimes management may ask to see why such activities are so important. The objective of this task is to demonstrate how easily an unpatched computer can be exploited.
Scenario
The organization for which you work has become more concerned about security and would like you to demonstrate the need for patch management. You have been asked to target an unpatched system and show how easily such systems can be attacked.
Scope of Task
Duration
This task should take about 15 minutes.
Setup
For this task, you will need two Windows computers, access to the Administrator account, and an Internet connection.
Caveat
Tools such as Metasploit can be used by security professionals for penetration testing but can also be used for illegal activity. Always make sure you have permission to use these tools before targeting any systems.
Procedure
In this task, you will learn how to use Metasploit, a penetration-testing tool.
Equipment Used
For this task, you must have:
- Two Windows computers; at least one of which needs to be an unpatched XP system
- Access to the Administrator account
- An Internet connection
Details
This task will run Metasploit, a penetration-testing tool that has the ability to target unpatched systems.
Installing and Using Metasploit
1. Once you have accessed your Windows computer and logged in as Administrator, open your browser and go to www.metasploit.com/framework/download/.
This will take you to the download page of the Windows version of Metasploit.
Metasploit is available in both free and commercial versions.
2. Once the program has completed downloading, execute it from the folder to which it was saved. This will start the installation process.
3. Once the installation is completed, you can launch Metasploit. From the Start menu, choose the Metasploit GUI. Metasploit gives you three interface options from the Start menu once the application is installed:
- Metasploit Console
- Metasploit GUI
- Metasploit IRB
If your virus scanner complains about running Metasploit, you will need to disable it for the duration of this task.
Before you proceed, record the IP addresses for the system you are launching Metasploit from and the system you are targeting.
RHOST: The remote host you are targeting: ____________
LHOST: The local host: ________________
4. You can view exploits by choosing the Exploits option. For this task use the RPC DCOM vulnerability. You can find it by choosing Exploits ⇒ Windows ⇒ idcerpc ⇒ MS03_026_dcom.
This exercise uses Metasploit to examine the RPC DCOM (Direct Component Object Model) vulnerability in unpatched Microsoft Windows products.
5. Choose the reverse TCP Shell.
6. Enter the IP address of the RHOST and verify it is correct. You will be prompted to continue; then click Run In Console.
7. Once the exploit executes successfully, you will see an indication that a new session was started.
8. In the session window, type ipconfig. Notice the IP address is that of the victim system.
C:>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 1:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.123.33
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.123.254
Once attackers can run their tools on your system, they are positioned to strengthen their control of your computer and most likely will use it to target other systems. To learn more about hackers and hacking tools, check out www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/tools.html for a great list of hacking tools and techniques.
Criteria for Completion
You have completed this task when you have run Metasploit against an unpatched computer and gained a command prompt on the computer.