Exploitation

Introduction To Exploitation

• Exploitation consists of techniques and tools used by adversaries/penetration testers to gain an initial foothold on a target system or network.

• Successful exploitation will heavily depend on the nature and quality of information gathering and service enumeration performed on the target.

  We can only exploit a target if we know what is vulnerable - Unknown

• So far, we have covered exploitation of Windows & Linux systems both manually and automatically, however, we still need to get a clearer picture of the exploitation methodology and the tools and techniques involved in the process.

The Penetration Testing Execution Standard (PTES) is a penetration testing methodology that was developed by a team of information security practitioners with the aim of addressing the need for a comprehensive and up-to-date standard for penetration testing.

Penetration Testing Phases

The following diagram outlines the various phases involved in a typical penetration test.

1. Information Gathering:

   • This initial phase involves collecting as much data as possible about the target system or network. Techniques include scanning, reconnaissance, and OSINT (Open Source Intelligence) to identify potential vulnerabilities and entry points.

2. Enumeration:

   • During enumeration, attackers actively probe the network to identify and extract detailed information about network resources, services, and active devices. This phase often includes identifying usernames, shares, and software versions.

3. Exploitation:

   • In the exploitation phase, attackers leverage identified vulnerabilities to gain unauthorized access. This step often involves using tools and techniques to exploit weaknesses, such as buffer overflows, SQL injection, or cross-site scripting.

4. Post Exploitation:

   • Post exploitation focuses on maintaining access, gathering further data, and escalating privileges. This phase includes activities like lateral movement within the network and installing backdoors for persistent access.

5. Privilege Escalation:

   • Attackers attempt to increase their access rights within the system. By exploiting system misconfigurations or vulnerabilities, they elevate their privileges from a lower-level account to an administrator or root level.

6. Maintaining Persistent Access:

   • Techniques are used to ensure ongoing access to the compromised system, even after reboots or attempts to remove the attacker. Methods include installing rootkits, creating hidden user accounts, and establishing backdoors.

7. Clearing Tracks:

   • The final phase involves removing evidence of the attack to avoid detection. This can include deleting logs, modifying timestamps, and clearing command history to ensure the attacker’s presence remains unnoticed.

Exploitation Methodology:

1. Identify Vulnerable Services:

   • Scan the target system to find services that are running and identify any known vulnerabilities associated with those services. This step is crucial for finding potential entry points.

2. Identify & Prepare Exploit Code:

   • Once vulnerabilities are identified, the next step is to find or develop exploit code that can take advantage of those weaknesses. This might involve using pre-existing exploit scripts or writing custom code.

3. Gaining Access:

   • Automated - MSF (Metasploit Framework): Use automated tools like Metasploit to launch exploits against the target system, which simplifies the process of finding and exploiting vulnerabilities.

   • Manual: Manually execute the exploit, which may require a deeper understanding of the vulnerability and the target system's architecture.

4. Obtain Remote Access on Target System:

   • Successfully executing the exploit to gain a foothold in the target system. This often involves creating a remote shell or backdoor to maintain access.

5. Bypass AV Detection:

   • Implement techniques to avoid detection by antivirus and other security measures. This could involve obfuscating the payload, using encryption, or leveraging zero-day exploits.

6. Pivot on to Other Systems:

   • Use the compromised system as a stepping stone to access other systems within the same network. This involves mapping the network and exploiting other machines to expand control and access sensitive data.

Hacker's Mantra:Hackers are people, right? They really are; you know they mow lawns! What’s a hacker documentary? It’s a guy doing his laundry. - Flea