Remote Exploitation Part-0001 Tools

-

We are Here! Exploitation.
What We do Here?
Use knowledge acquired so far to gain access to the target machine.
Exploitation can be both side Client side and server side.
Server Side - direct contact with the server it does not involve user
            interaction.
Network Protocols

Why this is -> You just cannot attack a protocol without knowing how it works.

Come across only three protocols.
                    1. TCP (Transmission Control Protocol)
          2. UDP (User Datagram Protocol)
         3. ICMP (Internet Control Messaging Protocol)

TCP :
Most internet traffic is based upon TCP since it guarantees a reliable communication.
Ex:: FTP, SMTP, Telnet, HTTP
TCP is used we need to perform a reliable communication between a client and server.
TCP performs a reliable communication via three-way handshake;

UDP :
UDP is exact opposite of TCP;
Used for faster communication.
Ex : video streaming, such as Skype (VOIP) communication.
Advantage : Much faster and efficient
Disadvantage : UDP not guarantee that the packet will reach the destination, since ii does not perform the 3 way handshake, this causing reliability issue.
UDP protocols : DNS and SQL Server.

ICMP :
Run upon : Layer 3 (network Layer) of the OSI Model;
TCP and UDP : Layer 4
Developed for troubleshooting error messages on a network.
Connectionless protocol, which means that it gives us no guarantee that the packet will reach the destination.
Common Application : PING and Traceroute


Server Protocols

All servers protocols divide in Two categories.
 1. Text-based
 2. Binary protocols.

 1. Text-based protocols :
Human readable, and this is where you, as a penetration tester, need to spend most of your time.
Ex : HTTP, FTP and SMTP;

  2. Binary Protocols :
     Not human readable, and very difficult to understand;
     they are designed for efficiency across the wire.
     our focus would be on text/ASCII based protocols, not binary protocols.

 Need to Talk Text-based protocols :
FTP :
File Transfer protocol;
Runs on port No : 21
Used for : Uploading/downloading files from a server.
Weakest link in a network because it's unencrypted.

SMTP :
Simple Mail Transfer Protocol
Runs on port No : 25
Used for : Mailing servers nowadays.

HTTP :
Open browser and type URL, into the address what you type
Runs on Port No : 80 and HTTPS (443)

Read more on network protocols
Network Remote Services

We know how to enumerate open ports and services running upon those ports.
Now its time to Exploit….

Tools :
HYDRA, Medusa, And Ncrack
Network Services : FTP, SSH, RDP.


Common Target Protocols
FTP

SSH

SMB

SMTP

HTTP

RDP

VNC

MySQL

MS SQL
Generally, if you crack any one of these services, the methodology is same.

Tools :

THC Hydra :
   Tool : One of the oldest password cracking tools.
   Developed by : The Hackers Community
   Why used : most protocols coverage than other password cracking tool in my knowledge.

Basics Syntax :
Hydra -L username -P password file <Target IP> <service>   
   
              Ex:
Hydra -L user.txt -P password.txt <Target IP> <service>

We need to scan


Medusa :
Tool : Really fast password cracking tool.
  more stable and faster because it uses "Pthread". Meaning that won’t necessarily duplicate the information.

Syntax :
  Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file]    [-C file] -M module [OPT]

-M  = Service to Attack;

Cracking SSH with Medusa :



Ncrack :
Based upon nmap libraries.
It can be combined with nmap to yield great results.
Disadvantage it supports very few services
Names : FTP, SSH, Telnet, POP3, SMB, RDP, and VNC;

Basic Syntax :
Ncrack -u username -P password file -P port of the service to attack -f quit cracking after the first credential is found;

Comments

Post a Comment

Popular posts from this blog

Remote Exploitation Part-0011 Metasploit With Windows Host

-
Image
S o now we exploit over first machine or Host for understand the deep down of Metasploit Framework and how to scan weak host's with Metasploit and Nmap . $ run getting_started.sh OS Windows XP Weakness : ms08_067_netapi OS : Windows XP Service Pack 2 Type : Remote code execution vulnerability Released : Oct:2008 Available : Windows XP, Windows 2000 and old OS of Windows OS's; Working Of Vulnerability : Attacker send's a specially crafted RPC requests which forces the program to behave in manner it was never intended to be, so it can be tricked behave how the attacker wants it to be, by crafting RPC requests that overruns a fixed-length buffer inside code, resulting in memory corruption which can be tricked to execute arbitrary code inside the machine. Scan With Nmap : nmap contains NSE: $ nmap -v --script scriptname <target> $ nmap --script=smb-vuln-ms08-067<target IP>   We search with Metasp...
Read more

Metasploit Framework Exploitation Basics

-
Image
The ability to gain full control over a targeted machine is a great feeling. how to scan vulnerability's watch this... Basic Exploitation The framework contains hundreds of modules. Running " show " from msfconsole will display every module available in                                the framework. msf > show exploits  Exploit operates against the vulnerabilities that you discover during a Penetration test. This command display all exploits msf  > show auxiliary Auxiliary operate as scanners, dos modules, fuzzers, and much more. This command will display them and list their features. msf > show options Options control various settings needed for proper functionality of Framework modules. When you use module to scan or exploit something you can use "show options"  command to see what thi...
Read more