Monday, January 05, 2009

Metasploit 3.2 on Windows XP

I've been an infrequent yet admiring user of Metasploit for about four years, but I've never tried it on Windows. It strikes me as being something I "just shouldn't do," like running Nmap on Windows or (shudder) Snort on Windows. However, while preparing labs for my upcoming class, I thought I would give version 3.2 a try. It worked very well, at least for the simple test I ran.

After installing the .exe and launching the new app, I saw this window:



I decided to try exploiting a vulnerable Samba server:



When I set the parameters I ran the exploit:



When I got my session I interacted with a root shell on the victim.



By identifying the process started on the victim (PID 2216) and running lsof, you can see the vulnerable service which Metasploit attacked.

Incidentally, my take on why having these sorts of tools available is In Defense of HD Moore, from three years ago.

Great work Metasploit team!


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.

5 comments:

Antknee said...

Why would running nmap or snort on Windows not be a good idea?
I am a noob, so i am just wondering.
Thanks

todb said...

@Antknee: Performance drops off significantly. If you need high performance (and less interface hassle), you will either go with BSD or Linux, or alternatively, use scanline and BlackICE as nmap/snort replacements. (Those recommendations may be a bit dated, though, haven't been a "make it work on Windows" guy for a couple years now.

Fred said...

@Antknee : Plus, it just seems wrong to run security tools using an inherently insecure system.

marcom said...

If anyone in the DC/NoVA area is interested in learning more specifics on vulnerability testing of network components and services then check out this free seminar that my company is hosting on Jan 28th:

Invitation

Jerrod said...

Marcom,

Im in the DC/NoVA area and would be very interested in the seminar your company is hosting. I tried clicking on the link and it gave me an error. Any suggestions??

J