Exploiting the target — Ethical Hacking as a Beginner [06]

In post [04] we discussed the five stages of penetration testing, in post [05] we went through the first three stages:

1. Reconnaissance
2. Scanning
3. Vulnerability Assessment

In this article let’s see the fourth stage: Exploitation.

Understanding Exploitation

Exploitation means using the vulnerability (which we discovered in the last steps) to deliver a payload, which is, a program we deliver to target that allows us to execute commands on the target system and navigate through files and folders.

If we discovered no vulnerability, we go for social engineering, exploiting human error to get access to the target. This tells us that vulnerability doesn’t have to be of technical nature always, an employee can be a vulnerability of the company.

Techniques used to gain access to a vulnerable machine:

1. Reverse Shell — Listening happens on the attacker’s machine
   Reverse shells are often used when the target machine is behind a firewall, making it challenging for the attacker to establish a direct connection to the target. By initiating the connection from the compromised system, the attacker can bypass these network obstacles.
2. Bind Shell — Listening happens on the target machine
   Unlike a reverse shell, where the attacker initiates the connection, in a bind shell, the victim machine connects to the attacker’s listening service. This makes bind shells suitable for situations where the attacker has control over network configurations or when the victim’s system is directly accessible from the internet.

The Metasploit Framework

The Metasploit Framework is a powerful open-source tool used for developing, testing, and executing exploits (which is, a piece of software designed to take advantage of a vulnerability) against remote targets. Here’s a brief overview of some of its key components and commands:

1. Metasploit Framework Location:
   The Metasploit Framework is typically installed in the /usr/share/metasploit-framework/ directory on our kali machine.
2. Starting Metasploit Console:
   To start the Metasploit console, you can use the command msfconsole. This command launches the interactive command-line interface where you can interact with the framework.
3. Payloads:
   Metasploit provides a wide range of payloads that can be used to exploit vulnerabilities in target systems. These payloads include shellcodes, stagers, and stages.
   You can list available payloads using the command msfvenom -l payloads.
4. Modules:
   Metasploit organizes its functionality into modules. There are several types of modules, including exploit, auxiliary, post, and payload modules.

• Exploit modules are used to exploit vulnerabilities in target systems.
• Auxiliary modules perform various tasks such as scanning, reconnaissance, and information gathering. They are often used in the initial stages of a penetration test.
• Post modules are used for post-exploitation activities, such as gathering information, privilege escalation, and lateral movement. Payload modules generate payloads that can be used to exploit vulnerabilities or gain access to target systems.

Meterpreter:

• Meterpreter is a powerful payload used in Metasploit for gaining and maintaining access to compromised systems. It provides an extensive range of features, including file system manipulation, network reconnaissance, privilege escalation, and more.
• Once a target system is compromised, Meterpreter can be run to establish a communication channel between the attacker’s system and the compromised target, allowing the attacker to execute commands and perform various actions on the target system.

Metasploit is a versatile tool used by security professionals, ethical hackers, and attackers alike for various purposes, including penetration testing, vulnerability research, and exploitation. It’s essential to use such tools responsibly and within legal boundaries.

Alright, now let’s discuss how we will use Metasploitable framework to explore various vulnerabilities to gain access to the target, in our case, the Metasploitable VM, having the ip address of let’s say 192.168.43.201.

1. sudo nmap -sV 192.168.43.201, use searchsploit
2. Start the msfconsole
3. show exploitsto see the exploits to choose from, this is based on the type of OS running on the target machine, and the vulnerability we are going to exploit
4. use exploits/name_of_the_exploit
5. show info tells more about the exploit
6. show options to see what we’re required to provide
7. Set the options, for example, to set the remote host, set RHOSTS 192.168.43.201'
8. Setting the local host or LHOST is done automatically by Metasploit, however, be sure to double check it. set LHOST your_ip
9. show payloads, now only the usable ones are shown, set payload name
10. show targets, modules have targets, depending on the version, platform, configuration of the vulnerability.
11. set target <num>
12. exploit

These are the generalized steps we will be following while exploiting the target. In case of a successful exploit, we will have the root user access of our target machine.

There are multiple vulnerabilities in the Metasploitable VM, some are:

• vsftpd
• bindshell being already present (a misconfiguration), netcat
• telnet
• samba, we didn’t have the exact version of it, so we narrowed down our search using auxiliary modules
• bruteforce attack, since the username and password are the same, and weak
• distccd
• unrealircd
• drb
• vnc, using vncviewer

Using all these vulnerabilities, we obtained root privileges on the target we wanted to break into.

This was an overview of carrying out exploitation on the target, coming up next will be post exploitation tactics and exploiting different OSes.

Till then, change your passwords to something strong to stay protected.