RPC Service Exploitation in Windows XP
The exploitation technique that you will see in the following article already exists in many tutorials and videos across the Internet so if you are already familiar with that you can skip this article.The only reason that I am writing this tutorial is for those that they are not familiar enough with the Metasploit Framework or they want to use the information below for a practical examination of a certification.
While doing a penetration testing in a Windows XP machine you will surely need to test the machine against the two most common vulnerabilities that exists.One is a vulnerability in the netapi and the other one in the RPC service.So lets say the you perform a simple port scan with Nmap and you have identify that the remote host is a Windows XP machine running the RPC service on port 135.
Our next step will be to try to discover the available exploits that the metasploit framework has in his database.So we are opening the metasploit and we are searching for the dcom exploit with the command search dcom.
The exploit that we are going to use is the ms03_026_dcom.The next image is showing the available options for this exploit.
As we can see there is only one option which is blank the RHOST.In the RHOST we need to put the IP address of our target.Additionally we can see that this exploit will work from Windows NT until Windows 2003 version.But we haven’t finished yet.We need to select and configure the payload.For this example we have select the payload with the name shell_bind_tcp which will return to as a shell through a TCP connection.The payload needs also to set a local port and our local IP address.
Now it is time to exploit the target….
As we can see the exploit have worked and now we have a shell in the remote system.From the other hand the user can identify that someone has connected to his machine by using the command netstat -n in the command prompt.
This exploit allows the attackers to execute code on the remote system through a vulnerability in the RPC service.It is a very old vulnerability so it is very difficult to exploit this in nowadays.However most courses,training sessions and books in ethical hacking are starting with that exploit as an introduction to exploitation.So if you are a starter in that field or if you are studying for a certification and you want to be familiar with metasploit you will probably need that tutorial as a reference.