随笔分类 - 艺术
摘要:CLIENT SIDE ATTACKS - Backdooring exe' s Download an executable file first. VEIL - FRAMEWORK A backdoor is a file that gives us full control over the
阅读全文
摘要:CLIENT SIDE ATTACKS - Social Engineering Social Engineering Information gathering Tool: Maltego Gathering Information About Target's Facebook Account,
阅读全文
摘要:CLIENT SIDE ATTACKS Social Engineering Gather info about the user(s). Build a strategy based on the info. Build a backdoor based on the info.
阅读全文
摘要:CLIENT SIDE ATTACKS Protecting against smart delivery methods Ensure you're not being MITM'ed -> use trusted networks, xarp. Only download from HTTPS
阅读全文
摘要:CLIENT SIDE ATTACKS Backdoor delivery method2 - backdooring exe downloads Backdoor any exe the target downloads. We need to be in the middle of the co
阅读全文
摘要:CLIENT SIDE ATTACKS Backdoor delivery method1 - Spoofing Software Updates Fake an update for an already installed program. Install the backdoor instea
阅读全文
摘要:CLIENT SIDE ATTACKS - Listening for connections 1. Run Metasploit Move the backdoor file to the webserver folder. And download it on the target machin
阅读全文
摘要:CLIENT SIDE ATTACKS Use if server-side attacks fail. If IP is probably useless. Require user interaction. Social engineering can be very useful. Infor
阅读全文
摘要:Server Side Attack Nexpose - Analysing Scan Results and Generating Reports OS and Software Inforation. Services Information HTTP Service Detailed Info
阅读全文
摘要:Server Side Attacks NeXpose - configure and launch a scan Configure and initialize the application. Browse https://localhost:3780 and active the syste
阅读全文
摘要:Server Side Attacks - NEXPOSE NeXpose is a vulnerability management framework, it allows us to discover, assess and act on discovered vulnerabilities,
阅读全文
摘要:Server Side Attack Analysing scan results and exploiting target system. Go to the Analysis page and find the target host. Scan restult - services: Sca
阅读全文
摘要:Server Side Attack Install Metasploit cummunity/pro and active it. Create a new project for the target - Mestaploitable machine and start the scan. St
阅读全文
摘要:SERVER SIDE ATTACKS - METASPLOIT Metasploit is an exploit development and execution tool. It can also be used to carry out other penetration testing t
阅读全文
摘要:Sever side attacks code execution Let‘s analyze the Zenmap scan result first and search for something vulnerabilities about Samba smbd 3.x. We find th
阅读全文
摘要:Server Side Attacks - INFORMATION GATHERING Need an IP address. Very simple if target is on the same network (netdiscover or zenmap). If target has a
阅读全文
摘要:Gaining Access Introduction Everything is a computer Two main approaches (1)Server Side Do not require user interaction, all we need is a target IP! S
阅读全文
摘要:Detecting suspicious activities using Wireshark You can use make the MAC address of the router to static on the ARP table to prevent ARP attack. But i
阅读全文
摘要:Detecting ARP Posionning Attacks ARP main security issues: 1. Each ARP requests/response is trusted. 2. Clients can accept responses even if they did
阅读全文
摘要:MITM - Wireshark WIreshark is a network protocol analyser that is designed to help network administartors to keep track of what is happening in their
阅读全文
浙公网安备 33010602011771号