Ethical Hacking and Penetration Testing Guide


  Client Side Exploitation ...........................................................................................197



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə9/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   5   6   7   8   9   10   11   12   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

 8 
Client Side Exploitation ...........................................................................................197
Client Side Exploitation Methods ...................................................................................197
Attack Scenario 1: E-Mails Leading to Malicious Attachments .............................197
Attack Scenario 2: E-Mails Leading to Malicious Links ........................................197
Attack Scenario 3: Compromising Client Side Update ..........................................198
Attack Scenario 4: Malware Loaded on USB Sticks ...............................................198


xiv
◾ 
Contents
E-Mails with Malicious Attachments ....................................................................198
Creating a Custom Executable ......................................................................198
Creating a Backdoor with SET .....................................................................198
PDF Hacking ...............................................................................................201
Introduction ...................................................................................................................201
Header .................................................................................................................. 202
Body ..................................................................................................................... 202
Cross Reference Table ........................................................................................... 202
Trailer ................................................................................................................... 202
PDF Launch Action ....................................................................................................... 202
Creating a PDF Document with a Launch Action ......................................................... 203
Controlling the Dialog Boxes ............................................................................... 205
PDF Reconnaissance ............................................................................................ 205
Tools of the Trade .......................................................................................................... 205
PDFINFO ............................................................................................................ 205
PDFINFO “Your PDF Document” ............................................................. 206
PDFTK ................................................................................................................ 206
Origami Framework ...................................................................................................... 207
Installing Origami Framework on BackTrack ................................................................ 207
Attacking with PDF ....................................................................................................... 208
Fileformat Exploits ............................................................................................... 208
Browser Exploits ................................................................................................... 208
Scenario from Real World .............................................................................................. 209
Adobe PDF Embedded EXE ...........................................................................................210
Social Engineering Toolkit ..............................................................................................211
Attack Scenario 2: E-Mails Leading to Malicious Links ........................................213
Credential Harvester Attack ...........................................................................................214
Tabnabbing Attack .........................................................................................................215
Other Attack Vectors ......................................................................................................216
Browser Exploitation .......................................................................................................217
Attacking over the Internet with SET .............................................................................217
Attack Scenario over the Internet ....................................................................................217
Using Windows Box as Router (Port Forwarding) ......................................................... 220
Browser AutoPWN ............................................................................................... 220
Why Use Browser AutoPWN? ........................................................................................221
Problem with Browser AutoPWN ...................................................................................221
VPS/Dedicated Server ................................................................................................... 223
Attack Scenario 3: Compromising Client Side Update ......................................... 223
How Evilgrade Works .................................................................................................... 223
Prerequisites ................................................................................................................... 223
Attack Vectors ...................................................................................................... 223
Internal Network Attack Vectors .......................................................................... 223
External Network Attack Vectors ......................................................................... 224
Evilgrade Console ................................................................................................. 224
Attack Scenario..................................................................................................... 224
Attack Scenario 4: Malware Loaded on USB Sticks .............................................. 227


Contents
◾ 
xv
Teensy USB ................................................................................................................... 229
Conclusion ..................................................................................................................... 229
Further Reading ............................................................................................................ 229

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   5   6   7   8   9   10   11   12   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin