Description: Topics covered in this lecture include:
From information gathering to exploitation
Personal knowledge of attacks
Consulting databases of vulnerabilities and exploits
Online
Local
Automated analysis tools
Metasploit database and search
Vulnerability scanning/assessment
Automated attack tools
Personal knowledge of attacks
Never underestimate the importance of knowing
Enables problem solving based on context
Databases of exploits
You won't know everything about every possible vulnerability you will come across
Databases often provide code for exploits
Two examples:
SecurityFocus
The Exploit DB
SecurityFocus
Search for vulnerabilities by vendor, software title, and version
This is an exploit in the OS (rarer these days)
Versions vulnerable
Information
Exploit code
Solutions and so on
CVE...
Common Vulnerabilities and Exposures (CVE)
A dictionary for publically known security vulnerabilities
Public and free to use database
No technical details or exploits, mostly links to other databases and websites
Provides each vulnerability (or exposure) with a unique CVE identifier
Makes it easier to share information between various tools, databases, and services
CVE identifier
A CVE identifier is made up of:
CVE identifier number (such as CVE-2003-0352, which is for the DCOM RPC buffer overflow)
Short description
References to other sources of information
In 2014 the CVE-ID syntax changes to accommodate tracking over 10,000 vulnerabilities per year
Eg: CVE-2014-7654321
CVE
Exploit code
A vulnerability database (other than CVE), will often include or link to code for an exploit
How to compile and run a stand alone exploit
Download the .c file
Check it is compatible with your OS
Compile it (transforms the code into an executable program)
Run it against the target
Consider using a VM or sandbox, to protect your computer from the exploit
Stand-alone
Contains hard-coded exploit action and payloads, such as a bind or reverse shell
The result
Your very own remote shell
The Exploit DB
A database of exploits
Online website
Offline repository, included with Kali Linux
Offline, the command searchsploit
Exploit frameworks
Core Impact (~USD$30,000/year)
Similar to Metasploit w/GUI and reporting, can use Metasploit exploits
CANVAS (~USD$1,500/year)
Additional exploit packs can be purchased
Metasploit (Free MSF, Pro costs ~USD$15,000/year)
These are very rough pricing estimates
Metasploit exploit modules
Metasploit modules search
Metasploit contains over 1000 exploit modules
Search online
(http://www.rapid7.com/db/modules/)
or locally
Metasploit modules search
Metasploit can import scan results from various tools such as Nmap
db_import: import scan results
db_nmap: run a scan and save results
Commands can display the database contents:
hosts: shows IP addresses
services: shows ports
MSF includes its own scanners:
auxiliary/scanner/portscan/tcp
Metasploit modules search
The search command can be used to search through available exploits:
search type:exploit platform:'Windows 2000'
search type:exploit cve:2003-0352
Armitage: fast and easy hacking
Armitage is a FOSS GUI front-end for MSF
Exposes MSF features
Visualisation of targets
Recommends exploits
Can launch a barrage of attacks (although, this is usually not what you want)
Armitage: fast and easy hacking
Modules
Targets
Tabs
Armitage: fast and easy hacking
Vulnerability analysis
Automated shallower approach
Known as vulnerability analysis, vulnerability assessment, or vulnerability scanning
Vulnerability analysis
Automated tool that starts with network scans
Port scans, service identification
Checks whether each identified service are known to contain vulnerabilities
Compares detected version numbers to database(s)
Vulnerability scanners
Nessus:
client/server
relatively affordable
Nessus Attack Scripting Language
feeds of tests
OpenVAS: FOSS based on earlier version of Nessus, which were previously FOSS
Vulnerability scanners
Retina Network Security Scanner
NeXpose: by Rapid7, like many integrates with MSF
(related) Nmap scripting engine (NSE): extends Nmap with advanced tests, such as tests for specific vulnerabilities
Many vulnerability scanners integrate with Nmap and MSF
For More Information Please Visit:- http://z.cliffe.schreuders.org/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.