Metasploit Pro is an advanced and automated penetration testing tool developed by rapid7. All Group of hackers knows Metasploit is a popular open-source penetration testing or hacking tool. Using Metasploit community edition we can test a remote network very easily. But if we want more advanced features of a hacking tool, then Metasploit professional is the right tool to pick.
Hacker Forces is an ethical hacker team that armed with all open-sources and commercial hacking tools to provide the best hackers for hire services. Gradually we will reveal what tools are being used by hacker forces and why our hacking service is best. In this post, we are going to hack windows server 2008 R2 just to show you how this commercial tool works.
Difference between Metasploit and Metasploit Pro
We want to brief a few differences between the two versions of Metasploit.
Metasploit is an open-source penetration testing framework without GUI that has 1960 Exploits, 1094 Auxiliary and 336 Post exploitation. These are a collection of ruby script coded by many contributors around the world.
Metasploit Pro has a fancy web GUI interface with a few extra features, Such as pivot, antivirus bypass modules, etc.
Hacking Windows Server 2008 R2
We are going to show you how easily Metasploit Pro can exploit a vulnerable machine. After seeing this example, don’t tell happy hacking localhost. Hacking and Penetration Testing is a complicated task. Only a public IP address is not enough for a successful hack. We need various ways to learn the target. For example, if we can’t find an exploitable vulnerability with the public IP address, how about hack wifi and get a private IP address then scan for vulnerability?
Just imagine, We have penetrated a corporate WIFI network, connected to the hacked WIFI Access Point and now up to own some of the operating systems. In our case, we found a machine IP 192.168.27.137 which is vulnerable to MS17-010.
Using Nmap to verify if the system is vulnerable
Nmap has scripts to verify if the target windows operating system is vulnerable. To check if it is vulnerable we can run following Nmap command:
$sudo nmap -Pn -v -p445 --script vuln 192.168.27.137 [sudo] password for exploiter: Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-18 13:40 EST NSE: Loaded 105 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 13:40 Completed NSE at 13:40, 10.00s elapsed Initiating NSE at 13:40 Completed NSE at 13:40, 0.00s elapsed Initiating ARP Ping Scan at 13:40 Scanning 192.168.27.137 [1 port] Completed ARP Ping Scan at 13:40, 0.05s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 13:40 Completed Parallel DNS resolution of 1 host. at 13:40, 0.17s elapsed Initiating SYN Stealth Scan at 13:40 Scanning 192.168.27.137 [1 port] Discovered open port 445/tcp on 192.168.27.137 Completed SYN Stealth Scan at 13:40, 0.05s elapsed (1 total ports) NSE: Script scanning 192.168.27.137. Initiating NSE at 13:40 Completed NSE at 13:40, 5.02s elapsed Initiating NSE at 13:40 Completed NSE at 13:40, 0.00s elapsed Nmap scan report for 192.168.27.137 Host is up (0.00051s latency). PORT STATE SERVICE 445/tcp open microsoft-ds |_clamav-exec: ERROR: Script execution failed (use -d to debug) MAC Address: 00:0C:29:55:3C:51 (VMware) Host script results: |samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED |_smb-vuln-ms10-054: false |_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED | smb-vuln-ms17-010: | VULNERABLE: | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) | State: VULNERABLE | IDs: CVE:CVE-2017-0143 | Risk factor: HIGH | A critical remote code execution vulnerability exists in Microsoft SMBv1 | servers (ms17-010). | | Disclosure date: 2017-03-14 | References: | https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143 | https://technet.microsoft.com/en-us/library/security/ms17-010.aspx NSE: Script Post-scanning. Initiating NSE at 13:40 Completed NSE at 13:40, 0.00s elapsed Initiating NSE at 13:40 Completed NSE at 13:40, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 15.71 seconds Raw packets sent: 2 (72B) | Rcvd: 2 (72B)
We can see the target operating system is vulnerable. Let us exploit the vulnerability with Metasploit Pro.
Prepare and Create a new project in Metasploit pro:
Metasploit pro uses nmap to scan the target machine to discover open ports. We need to first scan the target system.
After scanning is complete, we click on the Exploit button. Here we want to manually set Reliability, LHOST, and LPORT. Then click on Exploit button at the bottom(This will take some time):
Finally, we got a meterpreter session:
Some Post Exploitation With Metasploit PRO
Metasploit Pro has successfully opened a session. To do some post-exploitation, click Session(1) Menu, Then we click on our Project Name under Active Sessions.
We want to finish this post by installing persistence backdoor:
Metasploit Pro is a Good Commercial tool used by Hacker Forces. As a professional and ethical hacking service provider, we always keep our tools and skills updated. If you have any questions, want to know more about our hacker for hire service, feel free to contact us!