Ethical Hacking and Penetration Testing Guide
Vulnerability Assessment
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Exploitation
|
193
Vulnerability Assessment After we are done with enumerating the target, the next step is to check for vulnerabilities that might exist in our target hosts. Armitage makes this process very simple. From our targets, we can see that there is a machine running Windows XP, which is very interesting, because it might be vulnerable to the infamous ms08 _ 067 _ netapi . Let’s try exploiting it. For performing a vulnerability assessment, we would select the target first and then click on the “Attacks” tab at the top and click on “Find Attacks.” Note : If you are running an older version of Armitage, in the attacks menu, you would have two options: “Find attacks by ports” and “Find attacks by vulnerabilities.” You can choose either. Exploitation So we have discovered potential attack vectors based upon the Armitage scanning feature. To see pos- sible attack vectors, we will right click on our target and then click on the attack menu. The attack vectors would be based upon the services that Armitage has found running upon the target such as ftp, dns, ssh etc. Since we can see the XP machine running “SMB” service, we can try to exploit it using the ms08 _ 067 _ netapi vulnerability. From the attack menu, navigate to SMB, and then in the SMB menu, click on “ ms08 _ 067 _ netapi ”. The following screen appears: 194 ◾ Ethical Hacking and Penetration Testing Guide This screen is equivalent to the “ show options ” command in Metasploit. I have checked the “use a reverse connection” option since I want to have a reverse shell because I want the victim to connect to me. This is very helpful when the victim is behind a firewall or we cannot reach him directly. If you are able to successfully exploit the issue, our target will turn red, as shown in the fol- lowing screenshot: We can now interact with our target in the following ways: Command shell —This will open up a command prompt of the target computer, where we can execute commands. Meterpreter shell —This will open up a Meterpreter session, which is what we will be learning about in the “Post Exploitation ” chapter (Chapter 9). Desktop ( VNC )—This will open up a VNC session, which can be used to interact with the tar- get computer; not the best choice for stealth purposes, but certainly great for demonstration purposes. |