This action might not be possible to undo. Are you sure you want to continue?
Daniel Simons IAE 611-L22 03/21/2010
The purpose of Footprinting is to gather information network topology and active hosts. The tool used in this scenario is Angry IP Scanner. We have discovered an active host that replied to an ICMP echo request with an IP address 192.168.3.4.
The purpose of Fingerprinting is to gather detailed information about the operating system, open ports, and network services running on the target system. The tool used in this scenario is Nmap. We have discovered that the target system is running Microsoft Windows XP and the File and Print Sharing service is running. This is evident because the associated ports 135,139,445 were detected by Nmap.
The objective of Enumeration is to determine what exploits exist on the vulnerable system. The tool used in this scenario is Nessus. We have discovered 2 high severity vulnerabilities.
We have selected to exploit the MS08-67 RPC vulnerability. Here we see the detailed high severity vulnerability discovered by Nessus.
MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check) This script is Copyright (C) 2008-2010 Tenable Network Security, Inc. Family Windows Nessus Plugin ID 34477 (smb_kb958644.nasl) Bugtraq ID 31874 CVE ID CVE-2008-4250 Description: Synopsis : Arbitrary code can be executed on the remote host due to a flaw in the 'Server' service. Description : The remote host is vulnerable to a buffer overrun in the 'Server service that may allow an attacker to execute arbitrary code on the remote host with the 'System' privileges. Solution : Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008 : http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx Risk factor : Critical / CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
The objective of Research is to investigate how the vulnerable system can be exploited. In this scenario we can learn more by looking up the detected vulnerability in the CVE database, the Microsoft security bulletin, and the Nessus website.
The objective of Escalation is to obtain access. The tool used in this scenario was Metasploit. Using the builtin exploits we can launch one of several payloads on the vulnerable system. In the example above I launched a command window. From the payload modules I could just have easily added an administrator account on the system, installed remote control software, etc.
The goal of repeat visits is to maintain access. We could install any number of backdoor programs or remote access software for this purpose. I.E. Dameware, VNC, Back Orifice, ect
The goal of covering tracks is to reduce the possibility of discovery. We could use a variety of software such as HXDefRootkit and AFX Rootkit to hide services and ports associated with remote software and backdoors installed in the previous step.