Ethical Hacking and Penetration Testing Guide
◾ Ethical Hacking and Penetration Testing Guide Exploiting Targets
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Prerequisites
|
270
◾ Ethical Hacking and Penetration Testing Guide Exploiting Targets We will not try to compromise other targets, which we discussed in detail in the “Remote Exploitation” chapter (Chapter 7). One great thing we can do is that we can use the hail mary tool to launch autopwn to compromise the other targets. However, it’s not recommended in real-world penetration tests for obvious reasons. Once you have compromised other hosts on the network, you would again employ the postex- ploitation process. You might have understood by now that postexploitation is a cyclic process. We will try to penetrate the network as much as we can and look for sensitive data. Conclusion The postexploitation process starts after we compromise the target; our first step would be to acquire situation awareness, and we learned some useful commands from both Windows and Linux to gain situation awareness. Our next immediate goal would be to migrate to a stable process so that our connection does not get lost. Once we have migrated to a stable process, our next goal would be to make our connection persistent so that even after the victim reboots the computer we will have access to it. We saw how this can be done by installing a backdoor on the target computer and using meterpreter scripts to make it persistent. We also looked at harvest- ing data once we had complete control of the target. Next we learned how to identify further targets and route the traffic from our compromised target in case the target is not directly reachable to us. 271 Chapter 10 Windows Exploit Development Basics This chapter will walk you through the process of developing a simple stack-based overflow exploit on Windows; though there is a lot to exploit development this should be a great place to get started. The key behind the exploit development process is to replace the programs instructions with our instructions. This could be accomplished by making the program crash or making it behave in an unexpected manner and therefore overwriting the memory segments with our own piece of code which otherwise is known as Shellcode. There are many types/classes of memory corruption such as buffer overflows and use-after-free. In this chapter we will focus on stack-based overflows, which are part of buffer overflows. Prerequisites ◾ Windows XP Machine Service Pack 2 ◾ Immunity Debugger ◾ Active Perl for running Perl scripts ◾ mona.py ◾ Fuzzer—Create one or use the ones built into BackTrack ◾ A vulnerable application For the sake of simplicity we will use Windows XP SP2 to demonstrate our exploit. There are many other security measures implemented in and bypasses developed for later versions of Windows; however, we won’t talk about them in this chapter. Yüklə 22,44 Mb. Dostları ilə paylaş:
|