OLD DOMINION UNIVERSITY

CYSE 301 CYBERSECURITY TECHNIQUES AND OPERATIONS

Assignment #M3.1 Penetration Test on Windows XP

Jacob Crabtree

UIN: 00825439

Task A. Before we start (30 points) 

1. Follow the instruction discussed in the class and find all the possible vulnerabilities in Windows XP by using Nmap.

1. ran nmap intense scan on the windows xp address and I found the open ports 135, 139, and

445 which all are vulnerabilities to the system. 445 is the port that is open for remote desktop, 135 is used for remote procedure call, and 139 is used for printer services. They are all vulnerabilities if left unattended and left open when not in use.

• In Metasploit, search the detailed information and usage regarding the exploit:

ms08_067_netapi. Which port on the target system will be exploited if I use this exploit? Is this port available on the target Windows XP?

1. ran metasploit and then used the search and info commands to find the detailed information about the exploit. This particular exploit is used through the port of 445 which happens to be one of the ports that is open on our target windows xp machine.

Task B. Break into the system (20 points) 

1. Configure Metasploit framework to set up a meterpreter reverse shell connection to the target Windows XP by using the following configurations. • Listening Port: Use your UIN without zeros (for example, 01000598 -> 1598). 

I changed the lport to the correct listening port from my UIN. Initially I used 825439 which is my full uin but it wouldn’t work so I used 8254 and it allowed me to run the exploit properly.

Task C. Information harvesting (30 points) After you gained the reverse shell access, try to perform the following tasks: 

1. Take a screenshot of the target machine. 

I ran the screenshot command and then I went into my files to ensure that I screenshot an image from the targets machine.

• Collect the target system info.

1. ran the sysinfo command to display the system info of the target machine.

• Collect the list of running processes on the target machine. (hint: ps) 

1. used the ps command to display the current processes running on the targets machine.

• Collect the password hashes of the current users. (hint: hashdump) 

1. used the hashdump command to display the password hashes of the current users.

• Upload a file called “IMadeIT-YourMIDAS.txt” (replace YourMIDAS with your university MIDAS ID) to the target’s desktop. Login to Windows XP and checks if the file exists. 

I used the upload command to upload the file I created on external kali to the targets desktop. I used a separate command prompt in external kali to create the file using the touch command and then I went back to my main command prompt and then ran the upload file. Once uploaded, I went to the windows xp to make sure the file is where it should be.

Task D. Let’s catch them (20 points) Assume Internal Kali (the network admin) does not aware of this live attack. How to locate this session by checking the firewall logs and filter the related traffic in the Wireshark (running on Internal Kali)?

I used the pfsense firewall data and the wireshark tcp packets within internal kali to show that you can see the packets from external kali to the target machine of windows xp making the connection and once it is established you can see the external kali is using the exploit and sending more traffic.

Task E. Extra credit (20 points) Windows XP is very vulnerable. Search and use a different exploit to gain the reverse shell connection.

I researched and found the exploit for windows xp called windows/dcerpc/ms03_026_dcom. It is an exploit used to make use of the port 135 for the rpc protocol for windows xp. I set the rhosts to be the windows xp machine and then I also had to set the lhost to be the external kali. I also set the payload to: windows/meterpreter/reverse_tcp. Once that was completed, I ran the exploit. It says the exploit was completed but there was no session was created.