Ethical Hacking and Penetration Testing Guide
Attack Scenario 3: Compromising Client Side Update
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Attack Scenario 3: Compromising Client Side Update
- Attack Scenario 4: Malware Loaded on USB Sticks
- E-Mails with Malicious Attachments
|
Attack Scenario 3: Compromising Client Side Update
In this scenario, we will utilize our previously learned skills to compromise the client side updating process. It means that whenever our victim updates a particular software, he will download our malicious code instead. We will discuss this in detail later. Attack Scenario 4: Malware Loaded on USB Sticks This method can be used if you have physical access to the victim’s machine: We could load up a malicious PDF file or a malicious executable code via a USB stick. Once the USB stick is inserted, our malicious code will automatically be executed and we would get a meterpreter session opened on the victim’s machine. Next, we will discuss each of these methods in detail. We will use “Social Engineering Toolkit”—a neat software written by David Kennedy for performing social engineering attacks. The SET can be used to perform most of the attacks we have talked about earlier. First let’s discuss the methods we can use for the first scenario. E-Mails with Malicious Attachments In this section, we will discuss creating a custom executable and sending it to the victim and will also talk about some of the PDF attacks. So let’s start by creating a custom executable with SET. Creating a Custom Executable This attack can be a bit difficult to accomplish, as you need to convince the victim to execute your .exe file. Another major hurdle would be the victim’s antivirus, which you need to bypass. Luckily, Metasploit has some built-in encoding mechanisms that, when used effectively, can evade some antiviruses, and if used effectively. However, all this is based on trial and error. Alternatively, you can buy a paid crypter, which you can find on black hat forums such as hack- forums.net; the crypters are pretty cheap and can help you make your executable FUD, that is, fully undetectable. If you want to go with the first option, you need to make sure that your executable is able to bypass the antivirus the victim is using. Creating a Backdoor with SET SET, in my opinion, is one of the best tools to perform client side attacks. It harnesses the power of Metasploit to carry out a wide variety of client side attacks. In this chapter, we will use the SET to perform multiple client side attacks. So let us start by creating a backdoor from SET. Step 1 —Navigate to the /pentest/exploits/set directory in BackTrack and run the following command from the /set directory: root@bt:~# cd/pentest/exploits/set root@bt:~#./set Client Side Exploitation ◾ 199 Step 2 —Press “1” and it will display all the social engineering attack vectors and then press the fourth option that states “Create a payload and a listener.” Note : It is always good practice to update the SET before using it, which you can do by pressing “5” on your keyboard. Step 3 —Next, it will ask for your reverse IP, which in this case is my local IP address for my BackTrack box. If you are attacking over the Internet, you need to do port forwarding on your router, which we will discuss in Attack Scenario 2. Step 4 —Next, you need to choose the appropriate payload. You can choose any one of them based on your requirements. For the sake of simplicity, I would be choosing the first one, “Windows Shell Reverse_TCP”, which will send a reverse shell back to my IP, which in this case is 192.168.75.144. 200 ◾ Ethical Hacking and Penetration Testing Guide Step 5 —Next, it will ask you what type of encoding you want. In this case, we will use shikata_ga_nai. Notice that the SET has suggested that “backdoored executable” is the best type of encoding. In real-world scenarios, you need to encode them multiple times before you get past multiple antiviruses. Step 6 —Next, it will ask you on what port to listen for connections. In my case, I would choose port “4444”; you can select any port you want. This might take some time, since it would start up Metasploit in the back end, which itself takes much time to launch. Step 7 —Now, our backdoor would be created on root directory our/pentest/exploits/ set named msf.exe. Now you need to convince the victim to execute it inside his system; once he executes it, you will have a session opened. You can now interact with the shell, by using the following command: sessions –i 1 Using an executable may not be the best method, so we will talk about an approach that is more useful in real-world scenarios. Client Side Exploitation ◾ 201 PDF Hacking PDF hacking is one of the topics on ethical hacking and penetration testing that is close to my heart. I was totally unaware of the power of PDFs for a long time. Once I learned about them and familiarized with them, PDF hacking became one of my favorite subjects in ethical hacking. Lots of penetration testers are unaware of the power of PDFs and their effectiveness in penetra- tion tests. PDF hacking and PDF reconnaissance are most of the times ignored by penetration testers, even those at an advanced level. Yüklə 22,44 Mb. Dostları ilə paylaş:
|