ExploitationExploitation is unethical just as robbery is unethical, however viKid believes that we should speak openly about how system vulnerabilities are exploited by ill-intentioned people.
When you don't know how an intruder may attack you, you have no ability to build a defense. For example we know that House Robbers use doors and windows to get into houses. So, we put locks on them, and in some neighbourhoods, bars on windows too.
However you are only as secure as your weakest insecurity. Just as one leaky tiles leads to a roof leak, or one window on a latch that can easily be opened.
On a high level, there are 3 vectors used for exploitation:
The perpretator has direct access to the machine
He is on you Network
He is on the internet
- OS - does Authentication & Authorisation
- One can make a Live DVD/USB to go around the Host OS.
- Windows sticky keys exploit (press shift 5 times)
NetworkIn this scenario the attacker is on your network but does not have access to your machine.
The Typical Technics:
InternetSocial Engineering and other Internet Exploits
The SAM Database (Windows)
- UN - User Name eg. admin
- UID - User ID eg. 500
- LM - Lan Man Hash - MD5
- NTLM - password encrpty then hash, AES -> SHA1
Keylogging & Anti-KeyloggingCheck your AUP (Acceptable User Policy) of your company
Brute ForceTo gain access to encrypted files:
A Payload is a piece of code, which is going to be executed, once it is inside the target machine. Typically it is a malware, and specifically it is a backdoor.
Metasploit is an exploitation framework that has a huge repository of exploits and payloads
Armitage is a frontend GUI for the metasploit
Recommendations to Protect Yourself
- Check all ports
- Patch the system
- Zone Transfer files should be encrypted
- Community Name should be changed in SNMP
- Disable USB/CD/DVD drives on the system