Another Walkthrough of the Windows Exploitation Series on Windows 7, This walkthrough will give a thorough idea about the security measure needed in the network and keep your system up-to-date with the latest updates.
So as a demonstration, we have used our own lab to have a proper setup with the prerequisites.
Overview
In this activity, we’ll use Nmap and Metasploit to scan the network and find the target available vulnerability to exploit remotely.
Here, we’re not going to make any kind of malicious payload to exploit, we’ll just use the reconnaissance skill to gather the target details and use it without interacting with the target machine physically.
The vulnerability
What is SMB?
SMB (or) Server Message Block is a protocol running on the application layer that allows us to share files between two OS within the network. SMB uses a client-server architecture to share files or even printers. Also known as Common Internet File System. SMB uses ports 139 and 445. We will be using port 445 for our SMB Pentesting
As a continuation of Windows XP Exploitation, we’ve got that the system Windows 7 IP Address was 192.168.29.211.
Now, I looked for all of the running services and their versions for all port numbers on Windows 7.
I have noted that port numbers 139 and 445 are opened where it was running an SMB service, and there are possibilities of vulnerability.
SMB is used for file and printer sharing on Windows, so will scan for the vulnerability available on port 445 by using NSE(Nmap Scripting Engine).
After a couple of minutes, we found that 445 is vulnerable to the remote code execution (ms08–067) and (ms17–010).
I searched for the ms17–010 exploit, and here we got the list of results of different exploits.
Use an auxiliary module to scan the system is vulnerable by ms17-010 or not
So, as result shows that it’s vulnerable.
Will use this exploit for the target Windows 7, which was “exploit/windows/smb/ms17_010_eternalblue“
So setting up the exploit, we can enter “show options” to check the required configuration is needed for the success of the exploitation
We have to set up the rhost IP address for the victim’s IP. In case any other required information is needed can be set by following commands, the in-default payload was set up, if want can be changed according to a suitable
will check if the lport which was 4444 is in use or not, it was in used.
Now I checked the other port 5555 which was not in used, have set the lport on 5555.
So now that everything is ready, we can run the exploit.
Successfully exploited the Windows 7 system,and and now we got the access.
got the meterpreter session, Now we can type the “help” command to see the other commands for utilizing the meterpreter sessions.
Cool, we’ve got the shell where we can have proper interaction with the Windows system.
Now if I want to switch to any other exploited system whose sessions were saved or keep that current session in the background, will go through the following steps below.
Way to avoid SMB exploitation and keep it secure against hackers
- Keep the SMB service up to date with the latest version and that all updates and security patches are applied.
- Disable the service if not in use.
- Enable SMB encryption to ensure that data transmitted over the network is secure and protected from interception by hackers.
- Implement firewalls to limit access to SMB traffic and block unauthorized access attempts.
- Limit access to SMB shares to only those users who need it, and ensure that access is granted on a need-to-know basis.
- Use strong authentication methods such as two-factor authentication to prevent unauthorized access to SMB shares.
- Monitor network activity for unusual or suspicious activity, such as repeated attempts to access SMB shares, which could indicate a potential attack.
I hope you’ve learned and enjoyed this Walkthrough.
So, You can connect with me on “LinkedIn & Twitter“ for more updates on Infosec.
Disclaimer:
We believe that these Practices will educate everyone about ethical hacking, and We do not promote, encourage, support, or excite any illegal activity or hacking.
We will not be responsible for your illegal actions.
