Computing | Computer Security | Linux Security | Industrial Control Systems Security | Penetration Testing | Exploitation | Social Engineering | Metasploit | wifi-penetration

Exploitation

Exploitation is unethical just as robbery is unethical, however viKid believes that we should speak openly about how system vulnerabilities are exploited by ill-intentioned people.

Why?

When you don't know how an intruder may attack you, you have no ability to build a defense. For example we know that House Robbers use doors and windows to get into houses. So, we put locks on them, and in some neighbourhoods, bars on windows too.

However you are only as secure as your weakest insecurity. Just as one leaky tiles leads to a roof leak, or one window on a latch that can easily be opened.

On a high level, there are 3 vectors used for exploitation:

System

Network

In this scenario the attacker is on your network but does not have access to your machine.

The Typical Technics:

Internet

Social Engineering and other Internet Exploits

The SAM Database (Windows)

To crack hashes - the prepetrator will use Rainbow Tables

Keylogging & Anti-Keylogging

Check your AUP (Acceptable User Policy) of your company

Brute Force

To gain access to encrypted files:

Metasploit & Armitage

An Exploit is a piece of code which is going to take the "payload" to the target machine and going to enter the target machine by exploiting the vulnerability.

A Payload is a piece of code, which is going to be executed, once it is inside the target machine. Typically it is a malware, and specifically it is a backdoor.

Metasploit is an exploitation framework that has a huge repository of exploits and payloads

Armitage is a frontend GUI for the metasploit

Recommendations to Protect Yourself

http:///wiki/?exploitation

30nov16   admin