How to hack Remote PC (Windows 2003 server) with Metasploits

Read full details here: How to hack Remote PC with Metasploits (Windows 2003 server)

This is a a detailed step by step guide on How to hack Remote PC with Metasploits (Windows 2003 server). I’ve used BackTrack 5 and Windows 2003 server in a virtual environment. The ease of hacking is scary and readers, sysadmins are advised to update their Windows 2003 server to the latest patch/service pack and use additional antivirus, firewalls to protect them from similar situation. Exactly same commands can be used on Kali Linux, Ubuntu, Debian or any Linux that got Metasploits installed. In fact you can just do the whole thing from a Virtual Machine or USB and leave no trace whatsoever.

The author takes no responsibility on how this tutorial is being used by readers and this is for educational purpose only.

1. Contents
2. Introduction
3. Metasploit quick guide
   • search
   • show exploits
   • show payloads
   • show options
   • info
   • use
   • set RHOST
   • set RPORT
   • set PAYLOAD
   • set LPORT
   • exploit
   • help
4. Lab Setup
5. Objective
6. Detailed Steps
   • Step 1 – Scan with nmap for open ports
   • Step 2 – Open msfconsole
   • Step 3 – Search RPC exploit in Metasploit
   • Step 4 – Gather info about target exploit
   • Step 5 – Activate exploit
   • Step 6 – Configure exploit
   • Step 7 – Set payload for exploit
   • Step 8 – Launch exploit and establish connection
   • Step 9 – Perform an action on pentested server

Introduction

Metasploit is simple to use and is designed with ease-of-use in mind to aid Penetration Testers.
I will be taking you through this demo in BackTrack 5 R3, so go ahead and download that if you don’t already have it:
http://www.backtrack-linux.org/downloads/
The reason for using BackTrack 5 R3 is because it has the correct Ruby Libraries.
Metasploit framework has three work environments,

1. The msfconsole,
2. The msfcli interface and
3. The msfweb interface.

However, the primary and the most preferred work area is the ‘msfconsole’. It is an efficient command-line interface that has its own command set and environment system.
Metasploit quick guide
Before executing your exploit, it is useful to understand what some Metasploit commands do. Below are some of the commands that you will use most. Graphical explanation of their outputs would be given as and when we use them while exploiting some boxes in later part of the article.

1. search : Typing in the command ‘search’ along with the keyword lists out the various possible exploits that have that keyword pattern.
2. show exploits : Typing in the command ‘show exploits‘ lists out the currently available exploits. There are remote exploits for various platforms and applications including Windows, Linux, IIS, Apache, and so on, which help to test the flexibility and understand the working of Metasploit.
3. show payloads : With the same ‘show‘ command, we can also list the payloads available. We can use a ‘show payloads’ to list the payloads.
4. show options : Typing in the command ‘show options‘ will show you options that you have set and possibly ones that you might have forgotten to set. Each exploit and payload comes with its own options that you can set.
5. info : If you want specific information on an exploit or payload, you are able to use the ‘info’ command. Let’s say we want to get complete info of the payload ‘winbind’. We can use ‘info payload winbind‘.
6. use : This command tells Metasploit to use the exploit with the specified name
7. set RHOST : This command will instruct Metasploit to target the specified remote host.
8. set RPORT : This command sets the port that Metasploit will connect to on the remote host.
9. set PAYLOAD : This command sets the payload that is used to a generic payload that will give you a shell when a service is exploited.
10. set LPORT : This command sets the port number that the payload will open on the server when an exploit is exploited. It is important that this port number be a port that can be opened on the server (i.e.it is not in use by another service and not reserved for administrative use), so set it to a random 4 digit number greater than 1024, and you should be fine. You’ll have to change the number each time you successfully exploit a service as well.
11. exploit : Actually exploits the service. Another version of exploit, rexploit reloads your exploit code and then executes the exploit. This allows you to try minor changes to your exploit code without restarting the console
12. help : The ‘help’ command will give you basic information of all the commands that are not listed out here.

Now that you are ready with all the basic commands you need to launch your exploit. Let’s choose a couple of scenarios to get control of a remotely connected machine.

Lab Setup:

Victim Machine
OS: Microsoft Windows Server 2003
IP: IP: 192.168.42.128
Attacker (Our) Machine
OS: BackTrack 5 R3
Kernel version: Linux bt 2.6.38 #1 SMP Thu Mar 17 20:52:18 EDT 2011 i686 GNU/Linux
Metasploit Version: Built in version of metasploit 3.8.0-dev
IP: 192.168.42.128

Objective

The only information provided to us about the remote server is that it is a Windows 2003 Server and the Objective is to gain shell access of this remote server.

Detailed Steps

Step 1 – Scan with nmap for open ports

Perform an nmap scan of the remote server 192.168.42.129.
The output of the nmap scan shows us a range of ports open which can be seen below in Figure 1.

Read the rest of it here: How to hack Remote PC with Metasploits (Windows 2003 server)