Tuesday 11 April 2017

Exploiting Software Based Vulnerabilities : Attacking Network - Pentesting Network

Exploiting Software Based Vulnerabilities : Attacking Network - Pentesting Network 

Vulnerabilities exist on a particular machine can be software and hardware based. Today we will see how we can Exploit Software Based Vulnerabilities to take over target machine.

Software based vulnerabilities are nothing, but just a coding/programming error exist in a Particular software version or series. Which can be hacked/compromise using a group of malicious code called as an "Exploit".

First we have identified a SMTP service on our target machine

SLmail smtpd 5.5.0 4433 is running in port 25 

By a quick google search we have found that this particular software is vulnerable to "Buffer Overflow" which allow a remote user to perform Code Execution.

Now its time to exploit this vulnerability on target machine, On the exploit page i have mention we can download that exploit to run against that machine.

We can quickly search for exploit in metasploit for a quick exploitation. 
And yes, we have found a perfect match.

I used this exploit and select windows meterpreter payload.

Now set the required values, RHOST=targetmachine, LHOST=attackerip, LPORT=attackerport.

After setting all values, Hit exploit and press enter.
If all goes well you will get a meterpreter reverse shell. :) 

No comments:

Post a Comment