Exploitation Basics
Last updated
Was this helpful?
Last updated
Was this helpful?
➡️
Reverse shell - the victim/target connects back to the attacker
Attack machine - listening on a port
Target machine - connect to the attacker machine listening port
Bind shell - the attacker opens a port on the target (via exploitation) and connects to it
Attack machine - exploits target and opens port listening on target and connects to it
Target machine - listens for the attacker connection
Specially used on external assessment
Non-Staged payload - sends exploit shellcode all at once, larger in size and won't always work
Metasploit e.g. payload/windows/meterpreter_reverse_tcp
Staged payload - sends payload in stages, less stable
Metasploit e.g. payload/windows/meterpreter/reverse_tcp
This does not work, since it is using the linux/x86/meterpreter/reverse_tcp staged payload.
Try with another payload
Gained reverse shell via Metasploit
Follow usage instruction to compile the exploit and run it against the target machine
Brute-force attack SSH with weak/default credentials
Use the same with Metasploit
Setup FoxyProxy in the browser and start BurpSuite.
BurpSuite
Turn intercept ON and send the login request to intruder
Highlight the username and password values, and add them to the payload positions
Attack type - Pitchfork
Payloads
for each payload set, paste the usernames list and password
Start the attack
check the response for Status change and Length
Use to exploit -
➡️
- injecting breached account credentials (leaks, etc) in hopes of account takeover
- brute forcing logins based on a list of usernames with default passwords
Use local vulnerable webapp like
Open the login page -
