OLD DOMINION UNIVERSITY

CYSE 301 CYBERSECURITY TECHNIQUES AND OPERATIONS

Assignment #3 Penetration Test

Briana Drew
01107622
 TASK A: HACK WINDOWS 7 USING METASPLOIT
1. Listening Port: Use your last four digits of your UIN (non-zero). For example,
11000598 -> 1598.

LHOST ip address was located by the ifconfig on the terminal. LPORT is “7622” is the last four
digits of my UIN, which was set as LPORT.
2. Payload Name: Use your MIDAS ID (for example, pjiang.exe).

Using msfvenom, the payload was created by letting the program know what payload I wanted
using “-p,” the listening host “192.168.10.13,” the listening port “7622,” the file type “exe,” and
what to name the file “bdrew004.”
Payload file “bdrew004” is copied to Apache2 web server. I also removed the index files using the rm
command.

Using Google Chrome on Windows 7, I entered the internal kali ip address and the payload was
displayed.
Meterpreter shows that there was a hit and session 1 is opened
 TASK B: Privilege Escalation
1. Gain administrator-level privileges on the remote system after you received the
reverse shell connection from the Windows 7 target machine.

The following screenshots show the exploit that is being run in Windows 7. Session 1 has been sent to the
background and now an exploit is being configured to run Session 2. I am now in administrator mood and
can make changes.
 2. After you escalated the access, create a malicious account with your name and add
this account to the administrator group.

After accessing the administrator privileges, I created a malicious account using the command “net user”
and named the account BrianaDrew with the password bnd1800. I used the “net localgroup” command
to add the account to the administrator group.
 TASK C: Information Harvesting
1. Take a screenshot of the target machine

Exit out of Windows shell, use the command screenshot to screenshot the machine.
Screenshot is saved to the root folder.

2. Collect target system info

Using sysinfo command, the windows information is displayed.

3. Collect the IP address of the target machine

Using the ipconfig command, I was able to display the Windows 7 IP address
“192.168.10.9”
4. Collect the list of running processes on the target machine

Using the ps command, I was able to display all of the running processes
 5. Collect the password hashes of the current users

Using the hashdump command, I was able to display the password hashes of the current
users
6. Remote access to the malicious account created in task B

Using the rdesktop command, I was able to gain access to Windows 7 though the malicious
account that was created: BrianaDrew pwd: bnd1800
 TASK D: Another Approach
3. ms08_067_netapi is an exploit that has been widely used to explore the windows samba
service called ms08-67 on Windows XP. Locate this exploit and take advantage of this
vulnerability to penetrate the Windows XP. Create a malicious account remotely with
your own name.

Set RHOST by using Windows XP IP address “192.168.10.14” then use the exploit command to
begin the reverse TCP handler
Using the same steps as before, after accessing the target machine, I created a user name and
password for the account then made it into a malicious administrator account.