Exploiting Systems with Metasploit

Overview

Metasploit is a framework written in Ruby that makes it easy to run penetration tests on computers and servers. The Metasploit framework has hundreds of common exploits and payloads built right into it and ready to use. In addition to that Metasploit allows the user to add their own exploits and payloads into the framework as well. In the following exercise, I choose an exploit for a known vulnerability and a very powerful payload, which launches a program called Meterpreter on the victimized machine. This exercise is meant as a security test only and should never be run on a system that you do not have complete permission to target in this fashion.

Video Tutorial

In this demonstration, the victim machine is running Windows XP service pack 1 and an older version of Icecast Server (icecast2_win32_2.0.1_setup.exe) for Win32, which has a known vulnerability written into its code. You can find it here: http://downloads.us.xiph.org/releases/icecast/

 

In this part, I run Metasploit against a Windows XP system running a vulnerable server

In this part, I use Meterpreter to run a hashdump and then crack the Windows passwords with John the Ripper

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published. Required fields are marked *