Remote exploitation of Windows XP | ICSS Student | Adrish Mitra

Exploitation of Windows XP, SP2 –

Remote exploitation of Windows XP

Exploitation is a piece of programmed software or script which can allow hackers to take control over a system, exploiting its vulnerabilities. Hackers normally use vulnerability scanners like Nessus, Nexpose, OpenVAS, etc. to find these vulnerabilities.

Remote Exploitation of Windows XP project done by ICSS Student Adrish Mitra. Here discussed the full process below.

 

Project NameRemote Exploitation of Windows XP

Author NameAdrish Mitra

Publish Date:  24-07-2018

 

 

Exploit Documentation

Subject: Remote exploitation of Windows XP

 

Vulnerabilities – Threat level

 

Smb-vuln-cve2009-3103    –   Medium

Smb-vuln-ms08-067        –  High

Smb-vuln-ms10-054         –   False

Smb-vuln-ms10-061        –     Error

 

 Hacking windows using remote exploit for ms08_067 vulnerability:

 

1. Scanning the target system using nmap .

 

Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-11 10:19 IST

Nmap scan report for 192.168.0.122

Host is up (0.00015s latency).

Not shown: 996 closed ports

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp open netbios-ssn

445/tcp  open  microsoft-ds

2869/tcp open  icslap

Host script results:

|_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED

| smb-vuln-cve2009-3103:

|   VULNERABLE:

|   SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)

|     State: VULNERABLE

|     IDs:  CVE:CVE-2009-3103

|           Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2,

|           Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a

|           denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE

|           PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location,

|           aka “SMBv2 Negotiation Vulnerability.”

|          

|     Disclosure date: 2009-09-08

|     References:

|       http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103

|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103

| smb-vuln-ms08-067:

|   VULNERABLE:

|   Microsoft Windows system vulnerable to remote code execution (MS08-067)

|     State: VULNERABLE

|     IDs:  CVE:CVE-2008-4250

|           The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,

|           Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary

|           code via a crafted RPC request that triggers the overflow during path canonicalization.

|          

|     Disclosure date: 2008-10-23

|_smb-vuln-ms10-054: false

|_smb-vuln-ms10-061: ERROR: Script execution failed (use -d to debug)

 

|           aka “SMBv2 Negotiation Vulnerability.”

|          

|     Disclosure date: 2009-09-08

|     References:

|       http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103

|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103

| smb-vuln-ms08-067:

|   VULNERABLE:

|   Microsoft Windows system vulnerable to remote code execution (MS08-067)

|     State: VULNERABLE

|     IDs:  CVE:CVE-2008-4250

|           The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,

|           Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary

|           code via a crafted RPC request that triggers the overflow during path canonicalization.

|          

|     Disclosure date: 2008-10-23

|_smb-vuln-ms10-054: false

|_smb-vuln-ms10-061: ERROR: Script execution failed (use -d to debug)

 

2. For remote execution of the code open msf console and search the exploit code for ms08_067.

 


Exploitation

The exploit code for the ms08_067 vulnerability is shown.

 

Exploit

 

3. Use this exploit.

 

4. Set the rhost as the victims ip and rport as the port   number where the service related to ms08_067. By default the service runs on the port 445

 

Remote

 

Now upload the exploit file to the victim’s system. A session will be created in msf console and we can have remote access to the machine.

 

Remote

 

 

5. The system information for the victim’s system.

 

Remote

 

6. A confirmation of an established connection with the msf hacker’s system can be seen in the victim’s machine by seeing the list of foreign ip addresses.

 

Remote

 

Exploits other than Ms08-067

Smb-vuln-cve2009-3103:

   VULNERABLE:

   SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)

      State: VULNERABLE

    IDs:  CVE: CVE-2009-3103

           Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2,

           Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE .

           PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location,

           aka “SMBv2 Negotiation Vulnerability.”           

     Disclosure date: 2009-09-08

 

From the above nmap scan report we can conclude that the target machine can’t be exploited using this vulnerability.

     

 

Smb-vuln-ms10-054: false

Therefore, from the above nmap report we can conclude that the vulnerability cannot be implemented to exploit the target machine

 

Smb-vuln-ms10-061: ERROR: Script execution failed.

Therefore, from the above nmap report we can conclude that the vulnerability cannot be implemented to exploit the target machine.

 

 

 

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 

 

 

 

 

 

 

 


Show Buttons
Hide Buttons