System hacking is the process of trying to compromise the target system with the help of the information we collect from the pre-attack phases (Footprinting and scanning).
Metasploit is a framework used for developing and executing exploit code against a remote target machine. Metasploit Framework contains the following modules.
| · Exploits | · Encoders |
| · Payloads | · Post |
| · Auxiliary | · Nop’s |
An exploit is the means by which an attacker, or pen tester for that matter, takes advantage of a flaw within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never intended. Common exploits include buffer overflows, web application vulnerabilities (such as SQL injection), and configuration errors.
Exploits can help gain super user-level access to a computer system. Hackers manage to gain low-level access; then they try to escalate privileges to the highest level (root). The exploit becomes unusable; once the vulnerability is fixed through a patch.
Exploits are classified based on how the exploit communicates with the vulnerable software.
A payload is a code that we want the system to execute and that is to be selected and delivered by the framework. For example, a reverse shell is a payload that creates a connection from the target machine back to the attacker as a window command prompt whereas a bind shell is a payload that “binds” a command prompt to a listening port on the target machine, which the attacker can then connect. A payload could also be something as simple as a few commands to be executed on the target operating system.
The Metasploit framework has three different types of payloads
Singles are self-contained payloads. They perform a simple task like adding a user to the target computer and running executable files in the victim’s computer. These kinds of payloads can be caught with non-Metasploit handlers such as netcat. These payloads are more stable because they contain everything in one.
Stager payloads are used to set up a network connection between the attacker and victim and provide the remote connection to execute commands. It is difficult to do both of these well, so the result is multiple similar stagers. Metasploit will use the stagers to create the buffer memory in a small portion of memory; these stagers are responsible for downloading a large payload (the stage), injecting it into memory, and passing execution to it.
Stage Payloads are the components of the stagers that are downloaded in the exploited pc by the Stagers. The various payload stages provide advanced features with no size limit such as Meterpreter, VNC injection, etc.
Shellcode
Shellcode is a set of instructions used as a payload when exploitation occurs. Shellcode is typically written in assembly language. In most cases, a command shell or a Meterpreter shell will be provided after the series of instructions have been performed by the target machine, hence the name.
Module
A module in the context of this book is a piece of software that can be used by the Metasploit Framework. At times, you may require the use of an exploit, module, a software component that conducts the attack. Other times, an auxiliary module may be required to perform an action such as scanning or system enumeration. These interchangeable modules are the core of what make the Framework so powerful.
Listener
A listener is a component within Metasploit that waits for an incoming connection of some sort. For example, after the target machine has been exploited, it may call the attacking machine over the Internet. The listener handles that connection, waiting on the attacking machine to be contacted by the exploited system.
Privilege escalation is a technique to exploit existing vulnerabilities in design, misconfigurations in an operating system or in any installed applications to gain elevated access to resources that are usually protected from an application or user.
The attacker grants himself higher privileges. Privilege escalation is typically achieved by performing kernel-level operations that allow the attacker to run unauthorized code.
Attacker’s use the same level of privileges he already has been granted, but assume the identity of another user with similar privileges.
In password cracking, hackers use a different kind of attacks to know the target computer login password so that they can gain complete access.
Passwords with only letters Ex: admin
Passwords with letters and numbers Ex: admin123
Passwords with letters and special characters Ex: [email protected]
Passwords with only numbers Ex: 6842
Passwords with only special characters Ex: @!#$%%^
Passwords with numbers and special characters Ex: [email protected]#$ Passwords
with letters, numbers and special characters Ex: [email protected]
Password Guessing – Not a technique, but usually the first thing that every criminal will try to do.
Brute Force Attack – All possible permutations & combinations of the keyboard are tried as the victim’s password. All passwords have to be some permutation or combination of victim’s keyboard characters.
Dictionary Based Attack – All words in the dictionary are tried as the victim’s password.
Syllable attack – Combination of both, brute force attack and a dictionary attack. This is often used when the password is a nonexistent word.
Default Passwords – Manufacturers configure the hardware or software with default passwords and settings. We can get default passwords online for devices (http://defaultpassword.us/).
Data Sniffing – Data sniffer to record passwords being sent across the LAN network in plaintext format.