Exploitation (using metaploit on kali linux)
type command as shown above to create and initialize msf database
start msfconsole
verify database connectivity
mkfbmk
modules in metasploit can be check via this path:
/usr/share/metasploit-framework/modules/exploits/windows
how to control/exploit window 7 using eternal blue doublepulsar:
use below method to check wehther target is vulnerable to SMB attack or not:
the result above show that the target has been patch
the result above show that the target is vulnerable to SMB attack
dpkg --add-architecture i386 && apt-get update && apt-get install wine32
type wine cmd.exe to try run wine32 on kali linux
type exit and press enter
copy the link
Type as above to use the following module to start exploitation
you are in! (able to access victim’s directory)
To exploit windows 10:
type show options to see available options for this exploit, srv host is the attacker's IP address
open a new window to oduble check own IP address
set as shown above
Copy the link generated
on victim side, open web browser
when key in the url or click on the url, the payload will be downloaded
back to the attacker machine
type sessions -l to list the available session
type sessions1(or follow by the session id that is listed when you type sessions -l), you can check the info by typing sysinfo and gaining shell access to the victim by typing shell
The fat rat on window server 2012:
click on the first result
copy the link
open terminal, type git clone follow by the link address that just copied
change directory to the downloadded folder (TheFatRat), find the setup.sh file, make it executable by typing chmod a+x setup.sh and run it by typing ./setup.sh
let us open firefox browser, type debian package and download a .deb first before we proceed
click view the packages in the stable distribution
move the project.deb to /var/www/html/apache
on ubuntu download project.deb from apache site
back to victim (red hat 7.6), make the project.deb executable
then run it
back on kali attack machine
MiTM against SQL server:
Before we getting started, let us make sure that we have enable server account on victim SQL server
click security tab, and tick SQL Server and windows Authentication mode
click ok
you could change the password if you want and uncheck the enfoce password policy box to prevent complex password
go to status tab, tick enabled login then press ok
add a few column in the table
back to kali linux, open wireshark by running the command as shown above
click the blue fin icon on top left to start capture packet and type tds.query at the filter tab to filter query packet
Double check the victim IP address
Key in the victim IP address
Select the directory of password list after tick password list
Click start
Result is shown
Extract mysql schema information using metasploit:
set payload on mssql