Automatic Exploit using Metasploit

Today topic of discussion is NIPrint exploitation using Metasploit.

Metasploit make the exploitation work easy for attackers by doing the exploit itself and initiating some terminal for the attacker to manipulate the target system.

Make sure, every time you run the Metasploit; don’t forget to update it first. Start the Metasploit Console session. It will load exploits, nops, auxiliary modes, payloads and encoders displayed on the screen along with prompt to execute commands.

For exploit related to specific application, you can find it using ‘search’ command. In this case, for NIPrint use command ‘search –t exploit ‘NIPrint’ ‘. This command lists the exploits which contains NIPrint in their name along with some description provided.

You can use the exploit using ‘use’ command followed by the complete path of exploit. For example: ‘use windows/lpd/niprint’. This loads the exploit for current operation. Use ‘info’ command to get detailed description about the exploit.

We can add payload to the exploit using ‘set’ command. If you don’t have an idea about which payload to use, you can take help using ‘show payloads’ command. You can choose from the list which payload you want to use with current exploit. The command for setting messagebox payload is: ‘set payload windows/messagebox’. Complete path of the payload should be defined to load it.

Further, you can check, see and set some of the attributes using ‘set’ command. All attributes will get listed with default values and after providing values for necessary attributes, you can run the exploit using ‘exploit’ command. An exploit triggers and you will see the results depending upon the payload.

In messagebox, a window will appear on the target machine displaying default message with alert.

In last, if eventually you misconfigured a value, which can be removed using ‘unset’ command followed by the attribute name.

Exploiting NIPrint using ncat

Now the topic of discussion is exploitation of NIPrint service using ncat command.

Download the NIPrint executable file from the link: http://www.computerdefense.org/class/nidemo.exe

And Immunity debugger executable file from the link:

http://debugger.immunityinc.com/register.html after providing some basic details.

After installation of both software programs in the VMware workstation, starts the debugger and NIPrint, then start both services: local and remote print service under ‘configuration’ tab and ‘general setting’ menu item. Also, install nmap on host machine to run ncat command.

From the host machine, open command prompt and run ncat <IP address of remote machine> 515. It will open command line for input from user. Try to enter as many A’s until the NIPrint on remote machine crashes by repetition of the above command.

Here Immunity debugger is used to prevent the exploit to occur, when we join the NIPrint application with debugger, any exploit attack results in pausing the application. Thus, we can track the exploit going on.

Moreover, to find the number of A’s required to do an exploit of stack buffer overflow in NIPrint is calculated using pattern_create.rb and pattern_offset.rb file. First file is used to generate string of different character and second is used to calculate its position in the string. We find the exact number of characters required by checking the overwritten EIP pointer with input characters in immunity debugger. That value is calculated as an offset value and total numbers of input characters are calculated before EIP to do buffer overflow for NIPrint program.

Installing Metasploit on Windows and Linux Operating System

Hi friends,
I would like to discuss the installation steps of Metasploit here on different operating systems.

Windows is obviously user friendly and setup (executable file) that comes for the framework is easy to download from the Metasploit website: http://www.metasploit.com/framework/download/
Installation is done in few easy steps by specifying the directory to install files for the Metasploit framework. It takes few minutes before complete installation and shortcuts appear in start menu. Try updating the framework before use.

Linux or other distributions require some additional steps for installing the framework. Higher privileges are required, so the command su can help in that case. Use su root command and provide password of root as super user, then use ./framework-3.5.1-linux-i686.run command in current directory, then installation progresses with few options asked from user. For updating the framework in Linux OS, move down to the directory as path: /opt/framework-3.5.1/msf3/ and run msfupdate file using su ./msfupdate command. Now it is ready to run the framework on the Linux operating system.
Additionally, ruby is required on Linux to run the framework which can be downloaded using command sudo apt-get install ruby.
For further information, you can refer to this page: http://www.metasploit.com/redmine/projects/framework/wiki/Install_Ubuntu