I first installed Niprint and then opened it, so it was running and active as shown in the following screenshot:
I also recorded the IP address that the XP machine was using: 192.168.248.128.
Next I loaded up metasploit on the Linux machine which I did by typing "msfconsole" in a terminal window.
Once metasploit is running, we need to configure the IP address of the host we will be exploiting:192.168.248.128. The following screenshot shows this command:
I also pinged the host to ensure connectivity.
Next we need to select the exploit that we are going to use. The exploited service is Niprint. We add the exploit with the set exploit command as shown in the next 2 shot.
I was able to see the list of exploits using "show exploits" at the command line.
next we neet to apply a payload to the exploit. We can see the various paylaods using "show payloads"
I applied the VNC reflective injection payload with the command: "set payload [path to payload]
eg "set payload windows/vncinject/bind_tcp" (without the quotes). Then I ran the exploit with the "exploit command". Both are shown in the following screenshot.
This particular exploit did not work with Niprint, but finding one that did, would only require loading a new payload and trying again.
Metasploit is a very powerful tool for finding and exploiting vulnerabilites in software.
No comments:
Post a Comment