Skip to main content

8. Perform Privilege Escalation, Hack the Windows Machine using Metasploit and perform Post-Exploitation using Meterpreter

Step 1: Introduction

In this practical, we will learn how to perform privilege escalation, hack a Windows machine using Metasploit, and perform post-exploitation using Meterpreter.

Step 2: Setting up the Environment

Before we begin, make sure you have the following:

  • Kali Linux machine (attacker machine)
  • Windows machine (victim machine)
  • Metasploit Framework installed on the Kali Linux machine

Step 3: Scanning the Target

  1. Open a terminal on your Kali Linux machine.
  2. Use the nmap command to scan the target Windows machine and identify open ports and services. 
    nmap -p- <target_ip>
    Replace <target_ip> with the IP address of the Windows machine.

Step 4: Exploiting Vulnerabilities

  1. Launch the Metasploit Framework by typing msfconsole in the terminal.
  2. Search for exploits related to Windows privilege escalation using the search command. 
    search windows privilege escalation
  3. Select an appropriate exploit from the search results.
  4. Set the required options for the selected exploit using the set command.
  5. Run the exploit using the exploit command.

Step 5: Post-Exploitation with Meterpreter

  1. Once the exploit is successful, you will have a Meterpreter session.
  2. Use the sessions command to list all active sessions.
  3. Select the session corresponding to the exploited Windows machine using the sessions -i <session_id> command. Replace <session_id> with the session ID of the exploited machine.
  4. Now, you have a Meterpreter shell on the Windows machine. You can perform various post-exploitation activities such as:
    • Gathering system information
    • Accessing files and directories
    • Capturing screenshots
    • Keylogging
    • etc.

Step 6: Cleanup

After completing the post-exploitation activities, it is important to clean up the traces of the attack. Use the following commands:

  • sessions -K to kill the Meterpreter session.
  • exit to exit the Metasploit Framework.

Conclusion

In this practical, we learned how to perform privilege escalation, hack a Windows machine using Metasploit, and perform post-exploitation using Meterpreter. It is important to use these techniques responsibly and only for ethical purposes.

That's it for Practical-08. Stay tuned for the next practical!