Credential Stuffing and Password Spraying
Credential stuffing means taking breached credentials (e.g. from Breach Parse or website like weleakinfo.to – before it was seized by law enforcement) and trying to use them to log in to an account on a target.
Brute Force Attacks
Attacking SSH is not easy. There are three approaches if we want to try it anyway: we can try to find login credentials by brute force or by weak or default credentials.
Manual Exploitation
After gaining root with MetaSploit, we will gain access to the Kioptrix machine with manual exploitation in this video, using the vulnerability of mod_ssl and an exploit called Open*uck.
Gaining Root with Metasploit
This is the culmination point of the previous lessons of PEH, the first popped shell, using MetaSploit on the Samba 2.2.1a vulnerability on port 139 (“trans2open”, remote buffer overflow).
Staged vs Non-Staged Payloads
A payload is code that is sent to a target machine to exploit a vulnerability and get a shell on that machine. There are different types of payloads: Windows payloads, Linux payloads, Meterpreter payload, Python payload, etc. They can be staged and non-staged.
Enumerating SSH
The nmap scan has revealed that SSH (OpenSSH 2.9p2) runs on the open port 22. If our scan does not show a software version, we can try to figure it out by connecting to the open port with ssh.
Scanning with Nessus
Nessus is a vulnerability scanner, a tool that is frequently used in penetration testing. It might even be the first tool that one uses in an external assessment.
Reverse Shell vs Bind Shell
This is the first section of the “Exploitation Basics” chapter.
In this section, different ways of “popping a shell”, which means getting access to a terminal on a target machine, will be discussed. In particular, the differences between a Reverse Shell and a Bind Shell will be discussed.
Researching Potential Vulnerabilities
This blog is about identifying and researching potential vulnerabilities, starting from the results that we have found for Kioptrix so far.
Enumerating SMB
SMB (Server Message Block) is a file-sharing protocol used in networks to up- and download files to a shared folder. SMB is typically used in work and internal environments.