NetworkExploitation

MamKoeunWeb Security at Trendsec Solution

I. AboutmeII. UnderstandingBasicMSF&TermsIII. Howdoesexploitationwork?IV. Howdoesexploitationwork?V. CommonStepsofacompromiseVI. ScanForportsandservicesVII.MetasploitFrameworkBasicsVIII.MeterpreterBasics

TableOfContents

ØMamKoeunØWebSecurity@TrendsecSolutionØCambodianMekongUniversity

AboutMe

• Payload:Actualcodesthattransmitdataordoanyactionsautomaticallyasitspurposes,itrunsafterexploitation

• Exploit:Codethatallowsattackertotakeadvantageofavulnerablesystem

• Vulnerability:Weaknessesthatallowsattackerbreakinto/compromiseasystem’ssecurity

UnderstandingBasicMSF&TERMS

1- Vulnerability 2- Exploit3- Payload

Robber

Vulnerable House

Understanding Basic MSF&TERMS

Howdoesexploitationwork?

Exploit + Payload

Upload/Download Data, malware, rootkit,..

Exploit run first, if succeed payload runs next

Howdoesexploitationwork?

- Scan ports and services running on that target IP

- Identify a vulnerability service / known exploit or private exploit

- Compromise, launch exploit, exploitation plan

CommonStepsOfaCompromise

- Scan a machine using tools like “nmap”- Use port scanner to scan for ports and

services running on remote system - Services scanning with version indentified

same time

ScanForPortsandServices

- Toolfordevelopmentandtestingofvulnerability- Canbeusedfor:

- Penetratingtesting- Exploitresearch- DevelopingIDSsignatures

- StartedbyH.DMoore,2003(Perl)- WasrewritteninRuby,2007- AcquiredbyRapid7,2009- OpenSourceandfreeforuse- Over770+testedexploit- Over228payloads

Metasploit Basics

CommandsdetailinDemontration(VulnerabilityonRPC

DCOM(MS03_026))- Scan a machine using tools like “nmap”

root@khnog#nmap –v –n [Target-IP]root@khnog#nmap –sV –n [Target-IP]

- root@khnog#gcc dcom -0 dcom (compile file)

- root@khnog#./dcom [target-ID] [target-IP]

THANK YOU