Exploitation of Metasploitable Linux- Ep 1

The video below shows a demo of how to exploit the Metasploitable Linux using a backdoor. After the gaining of access, we then show a few commands in Linux that a hacker can run. In addition to that, we also check the permissions associated with the user profile we have accessed and surprise, surprise, it's Amy Acker (read Root).

After that, we then show u the contents of /etc/passwd and /etc/shadow- which when brought together give u the passwords file. However, we won't be getting the passwords file that way. There is a much simpler way I call "Post-exploit exploits". Among these, is one nifty one called gather/hashdump used to gather/get a hashdump of the passwords file.

We then take this hashdump to john (also known as john-the-ripper to others) who then proceeds to crack the passwords. In our case, the passwords used are quite simple so the process of cracking won't take much time. However, the more difficult to guess the password is, the harder it is to crack.

After we get a set of passwords and their respective usernames, we then use one of them to connect to the Metasploitable VM using telnet. In this case we chose the userid "user" which has the password "user".... Anyway, so you basically enter those credentials when using telnet, ssh or any other remote connection protocol listed in the nmap scan we did initially and hey! bob's your uncle.

Comments

Part 4 - Static and Dynamic analysis of a Remote Access Trojan

Now we delve into the world of Malware analysis, This can be either Basic static, basic dynamic, advanced static or advanced dynamic malware analysis. By static we just mean we do not execute the malicious program but simply analyse it by looking at the headers, the linked libraries it calls, its resources, etc. When it is advanced, this would mean breaking it down and analysing it with tools such as IDA Pro. Dynamic means we run it in a safe environment and see what it does. Basic tools include Regshot which simply takes a snapshot of the registry before and after the malware was executed. It then returns only the changes made in between those two points in time. Advanced would involve the use of a sandbox that monitors all the calls the malware makes as well as the connection attempts it tries to make to outside terminals or C&C servers. The video below illustrates Basic Static and Dynamic malware analysis.

Password Cracking: RainbowCrack table generation, sorting and usage

I had to do this demo after one of my students asked for my assistance regarding how to use this tool. Usually, I just assign different tools to them individually depending on the aspect of penetration testing we are covering (session hijacking, vulnerability scanning, etc) and then tell them to submit a report and a video demo of how the tool is used. Anyway, after a brief one-to-one discussion I realized the student had actually done the research on how rainbow tables operate (above and beyond the material in the lecture slides) so I figured that if he was here asking for assistance, he genuinely needed it. The tool is available at the RainbowCrack site. A detailed description of this nifty tool can also be found here . So, firstly I had to generate the rainbow tables. The command line syntax is: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index where: hash_algorithm Rainbow table is hash algorithm sp...

Forensics: Recovery of Files Ep 2 - Data Rescue PC3

This is the second episode in the Recovery of Files series. Episode 1 has a little more background on the whole aspect of file recovery. The video below shows a demo of how to recover lost/deleted files using the proprietary tool commonly known as Data Rescue PC3 . As in episode 1, in the video, we format the USB drive, add stuff to it, and then format it again in order to recover the deleted files. Again, just like in episode 1, you will also note that not only the files we lost upon formatting are the ones that are recovered, but this will also include the files from previous drive formats too.

Robsec

Search This Blog