SCHOOL OF COMPUTING

ETHICAL HACKING TUTORIAL WORKBOOK

Name. Anshul Patidar Reg No.
21MEI10003

EXP-3 : Exploiting Windows machine using Metasploit

Date of the Session: 23/06/2023 Session Time: 10:05 to 11:40

Learning outcome:
 Understanding how the machines in the network are vulnerable
 Understanding how machines in network are exploited using Metasploit

Pre-Lab Task:
(i) What is GHDB?
GHDB stands for Google Hacking Database. It is a collection of search queries or
techniques, known as Google dorks, that can be used to find specific information
on the internet. These dorks are designed to reveal vulnerable or exposed
websites, servers, and other online resources. The GHDB helps security
professionals and hackers alike to uncover sensitive information that is not
intended to be publicly accessible

(ii) What do you meant by CVE?

CVE stands for Common Vulnerabilities and Exposures. It is a system used to
uniquely identify and track known vulnerabilities in software and hardware
products. Each vulnerability is assigned a unique CVE identifier, allowing
researchers, organizations, and users to reference and communicate about specific
security flaws. The CVE system provides a standardized method for sharing
information about vulnerabilities, facilitating better coordination and
collaboration among the cybersecurity community to address and mitigate these
issues.

(iii) Explain about the CVE score.

The CVE score, also known as the Common Vulnerability Scoring System
(CVSS) score, is a numerical value assigned to a vulnerability to indicate its
severity and potential impact on a system. The score helps security professionals
and users assess the urgency and prioritize their response to the vulnerability. It
takes into account factors such as the exploitability of the vulnerability, the
impact on confidentiality, integrity, and availability of the affected system, and
other relevant metrics. The CVE score typically ranges from 0 to 10, with a higher
score indicating a more severe vulnerability that requires immediate attention and
mitigation.
In Lab Task:
Finally you and Pardhu have discovered some vulnerabilities in the organization, Pardhu
assigned you a task to find the appropriate exploit packs in Metasploit to exploit those vulnerable
machines and finally gain access to those machines.
Writing space for the Problem:(For Student’s use only)

Step 1: Finding Vulnerable Script using NSE

Step 2: Launch Metasploit and start msfconsole

From Terminal, type exit.
Type clear.
To launch Metasploit, type msfconsole at the kali prompt.
Step 3: Launch Metasploit and start msfconsole

Step 3: Set the meterpreter payloads

 The payload needed is windows/meterpreter/reverse_tcp
 Step 3: Set the meterpreter payloads

 All that is left to do is launch the payload in the direction of the

victim. To do this, use the exploit command.

Step 3: Set the meterpreter payloads

 At the meterpreter prompt, type shell. The prompt changes to the
command prompt on victim machine. Type IPCONFIG.

 Meterpreter comes with a large number of commands that can be run against the victim.
Type exit to come back to the Meterpreter prompt.
Post Lab Task:
(i) What are some alternatives for Metasploit?
Armitage: A graphical user interface (GUI) for Metasploit that simplifies the
process of creating and executing penetration testing campaigns.
BeEF (Browser Exploitation Framework): A framework focused on exploiting
vulnerabilities in web browsers and their extensions, allowing for client-side
attacks.
Veil: A framework for generating undetectable payloads and shellcodes that can
bypass traditional antivirus and intrusion detection systems.

(ii) What do you mean by RHOST and LHOST?

RHOST (Remote Host): RHOST refers to the target or remote host, which is the
system or device that is being targeted for penetration testing or exploitation. It
represents the IP address or hostname of the remote system that is being assessed
or attacked.

LHOST (Local Host): LHOST refers to the local host or the attacker's system
from which the penetration testing or exploitation is being conducted. It
represents the IP address or hostname of the machine where the attacker is
running their tools or executing their attack.

(iii) List out some operations that can be performed after obtaining the
Meterpreter shell
Password Cracking and Sniffing: Meterpreter includes features for password
cracking and credential theft. You can attempt to crack stored passwords, sniff
network traffic for authentication credentials, or perform keystroke logging.
Network Exploration: Meterpreter enables network exploration and
reconnaissance. You can discover other hosts on the network, scan for open ports
and services, and perform network-level attacks like ARP poisoning or sniffing.
System Information Gathering: Meterpreter allows you to gather detailed
information about the compromised system, such as the operating system,
architecture, network configuration, running processes, and user accounts.

(For Evaluator’s use only)

Comment of the Evaluator (if Any) Evaluator’s Observation
Marks Secured: _______ out of ________

Full Name of the Evaluator:

Signature of the Evaluator Date of Evaluation: