Intro to Exploitation
1 like118 views
The document discusses exploitation techniques used during penetration testing. It defines exploitation as getting unauthorized access or making unauthorized changes. The goal is typically to compromise systems and objectives, such as gaining administrative access to a website. Methods covered include fuzzing applications, accessing file systems and logs, using command injection to execute code, and establishing remote command shells. The exploitation cycle involves using information gained to get more access and make additional changes until objectives are met.
Intro to Exploitation
- 1. Intro to Penetration Testing: Exploitation October 18, 2017
- 2. Brown Bag Talks Friday at 11:00 AM
- 3. State Farm October 25th, 2017
- 4. What is Exploitation? Getting what you shouldn’t get Changing what you should change
- 5. Goal In general, the goal is to compromise the objective. This could be accessing a building, becoming the website admin, etc. For systems, remote shells allow you execute arbitrary commands, and are overall a convenient way to access a remote systems
- 6. Getting what you shouldn’t get ● Fuzzing applications ● Gaining access to the file system ● Getting system and service configuration ● Accessing protected pages
- 7. Linux File System Access ● /etc - General configuration directory ● /var/log - Log directory ● /etc/passwd - List of all users ● /etc/group - List of all groups ● /etc/shadow - List of all users and passwords (should require root) ● /etc/os-release - Information about the running OS
- 8. Getting what you shouldn’t get Enumeration on steroids Gaining enough information to change what you shouldn’t change
- 9. Changing what you shouldn’t change ● Breaking applications ● Command execution ● Changing permissions ● Modifying system configuration
- 10. Inline shell 'grep -m 1 ' + service + ' /etc/services' 'grep -m 1; whoami # /etc/services' 'grep -m 1 `ls > /tmp/test && echo 80`/etc/services'
- 11. Linux Shell Escapes ● # to comment out the rest of a line ● ; to enter another command ● > to redirect output ● < to redirect input ● | to chain commands ● ` ` to execute commands
- 12. Changing what you shouldn’t change Action on objectives Making it as easy as possible for you to continue getting what you shouldn’t get
- 13. Exploitation Cycle ● Getting enough information to change something ● Changing enough to get more information ● Repeat ● ??? ● Profit (get shell; have fun)
- 14. Payloads (or, why a shell?) ● Pivoting from an application exploit to a malicious payload give an attacker better persistence, more flexibility, and an overall more usable experience. ● Multiple shells can easily be controlled at once ● Shells can be incorporated into scripts and botnets, allowing automated control
- 15. Fun shells, if they aren’t on your machine ● Web shell ● Bind shell ● Reverse shell
- 16. Fun shells, if they aren’t on your machine ● Web shell - only require access to an application, no session ● Bind shell - require access through firewall, session ● Reverse shell - require local session handler, session
- 17. Shell payload generation ● Premade payloads (c99 shell, etc.) ● Payloads made with a builder (msfvenom, etc.) ● Handmade payloads