Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Attacking over the Internet with SET
|
217
Browser Exploitation Browser-based exploits are one of the most important forms of client side exploits. Imagine a scenario where you are pentesting against an organization. If it’s an internal pentest, you would already own a box on the LAN. If it’s an external pentest you need to somehow gain access to a system. You can set up a malicious webserver and ask the victim to visit the server. As soon as he clicks your link, he gets compromised. Most of the employees of an organization frequently browse on social networking websites like Facebook and Orkut. We, as penetration testers, can take advantage of this and send malicious links to the employees and compromise them. On an internal network, the attacker could simply use a DNS poisoning attack to redirect victims to his malicious webserver. To sum up, there is a whole lot of attack surface when it comes to browser exploitation. Attacking over the Internet with SET We will now discuss how to use the SET and other methods to attack over the Internet. In this particular demonstration, I will walk you through the process of attacking over the Internet when you are behind a NAT. Attack Scenario over the Internet Backtrack box 192.168.3.2 73.67.123.85 88.45.56.14 Victim 192.168.1.2 SET server WAN So the attack scenario is pretty simple. Our malicious SET server hosting browser exploits would run on the public IP address 73.67.123.85. Whenever the victim having a local IP 192.168.1.2 and public IP 88.45.56.14 would try to connect at the SET server, it will redirect all the traffic coming to the attacker’s local IP address, 192.168.3.2, on a specific local port. Note : To be able to perform this attack, the attacker should control the router’s incoming and outgoing communications. Tip : For the malicious SET webserver, you should always use port 80 or port 443 because most of the times they are enabled by the firewall; if you specify a port that the firewall does not allow, the firewall will drop all the traffic coming to that port. Now you know the attack scenario; let’s prepare our machines for the attack. 218 ◾ Ethical Hacking and Penetration Testing Guide 1. Configuring the SET to Ask for Public IP The set_config file has an option called AUTO_DETECT. When the option is set to “ON,” the SET does not ask for the public IP; it will automatically use our private IP for the reverse handler. As we want to use the SET to attack over the Internet, we would need to set the AUTO_DETECT to “OFF” as we want the SET to ask for our public IP. The set_config file is located in the /pentest/exploits/set/config directory. You can use any text editor to edit it. 2. Making Your IP Address Static The second step would be to set your IP static. On Windows, you can do it by access- ing the properties of your network adapter and then clicking on the appropriate “Internet Protocol Version 4 (TCP/IPV4) Properties.” Here is an example: Client Side Exploitation ◾ 219 Since our attacker machine is a “BackTrack 5” machine, we would be only interested in making its IP static. We can do it by accessing the WICD manager. We can access it by going to Application → Internet → WICD Network Manager. Under WICD Network Manager, select the appropriate network interface and click on its properties and fill in the appropriate details (see the following screenshot). 3. Opening Ports on the Router Next, you need to open up two ports on your router: first, the one which the SET external webserver would be listening on (by default the SET webserver listens on port 80, but you can change it in the set_config file if you would like to), second, the one on which you would receive connections. The method for opening ports might differ based on what type of router you have. You can also use netcat to open up ports. Command : nc –lvp 80//For SET webserver nc –lvp 4444 | For Reverse Handler Make sure that you have disabled your antivirus and firewall, when opening the ports. 220 ◾ Ethical Hacking and Penetration Testing Guide We can verify the open ports by using a free website called canyouseeme.org. We will check if your ports are opened. Note : You really don’t need to open port 80, as the SET will automatically open it up for you. Yüklə 22,44 Mb. Dostları ilə paylaş:
|