This lab demonstrates a full attack lifecycle including pivoting, exploitation, post-exploitation, and client-side attacks.
- SMB Pivoting
- Metasploit Exploitation (psexec)
- Meterpreter Access
- Post-Exploitation
- File Upload
- Event Log Detection
- Payload Creation
- Client-Side Attack
- Reverse Shell
| Machine | Role |
|---|---|
| Kali Linux | Attacker |
| Ubuntu | Pivot |
| Windows 10 | Target |
✔ Created a Netcat listener on Ubuntu to forward SMB traffic to Windows (port 445).
✔ Established a pivot tunnel between Kali → Ubuntu → Windows.
✔ Configured exploit/windows/smb/psexec
✔ Used credentials and pivot port (3333) to authenticate
✔ Successfully triggered exploitation
✔ Meterpreter session opened on Windows target
✔ Confirmed SYSTEM-level access
✔ Executed:
sysinfogetuidpspwdshell
✔ Verified system details and running processes
✔ Uploaded file to C:\tools directory
✔ Verified successful transfer on target machine
✔ Observed:
- Event ID 7045 → Service creation (psexec)
- Event ID 4672 → Privileged login
✔ Demonstrates detection capability from logs
✔ Generated malicious executable using msfvenom
✔ Configured reverse shell payload
✔ Started Python HTTP server on port 8080
✔ Hosted payload for download
✔ Target downloaded and executed malicious file
✔ Triggered reverse shell callback
✔ Configured Metasploit multi/handler
✔ Successfully received reverse connection
✔ Executed:
whoamitasklist
✔ Confirmed full system compromise
- Pivoting enables lateral movement across networks
- Metasploit simplifies exploitation workflows
- Post-exploitation is critical for control and persistence
- Windows logs provide strong detection indicators
- Client-side attacks are highly effective
- Disable SMB where unnecessary
- Monitor Event IDs (7045, 4672)
- Use EDR solutions
- Enforce strong authentication
- Restrict unknown executable execution
This project was performed in a controlled lab environment for educational purposes only.
Hitesh Chowdary
Aspiring Penetration Tester | Cybersecurity Enthusiast