193
Vulnerability Assessment
After we are done with enumerating the target, the next step is to check for vulnerabilities that
might exist in our target hosts. Armitage makes this process very simple.
From our targets, we can see that there is a machine running Windows XP, which is very
interesting, because it might be vulnerable to the infamous
ms08 _ 067 _ netapi
. Let’s try
exploiting it.
For performing a vulnerability assessment, we would select the target first and then click on
the “Attacks” tab at the top and click on “Find Attacks.”
Note
: If you are running an older version of Armitage, in the attacks menu, you would have
two options: “Find attacks by ports” and “Find attacks by vulnerabilities.” You can choose either.
Exploitation
So we have discovered potential attack vectors based upon the Armitage scanning feature. To see pos-
sible attack vectors, we will right click on our target and then click on the attack menu. The attack
vectors would be based upon the services that Armitage has found running upon the target such as
ftp, dns, ssh etc.
Since we can see the XP machine running “SMB” service, we can try to exploit it using the
ms08 _ 067 _ netapi
vulnerability. From the attack menu, navigate to SMB, and then in the
SMB menu, click on “
ms08 _ 067 _ netapi
”. The following screen appears:
194
◾
Ethical Hacking and Penetration Testing Guide
This screen is equivalent to the “
show options
” command in Metasploit. I have checked
the “use a reverse connection” option since I want to have a reverse shell because I want the victim
to connect to me. This is very helpful when the victim is behind a firewall or we cannot reach him
directly.
If you are able to successfully exploit the issue, our target will turn red, as shown in the fol-
lowing screenshot:
We can now interact with our target in the following ways:
Command shell
—This will open up a command prompt of the target computer, where we can
execute commands.
Meterpreter shell
—This will open up a Meterpreter session, which is what we will be learning
about in the “Post Exploitation ” chapter (Chapter 9).
Desktop
(
VNC
)—This will open up a VNC session, which can be used to interact with the tar-
get computer; not the best choice for stealth purposes, but certainly great for demonstration
purposes.
Remote Exploitation
◾
Dostları ilə paylaş: |