CEH Lab Manual Hacking Web Servers Module 12 Module 12 - Hacking Webservers Hacking Web Servers A web server, which can be referred to as the hardware, the comp.liter, or the software, is the computer application that helps to deliver content that can be accessed through the Internet icon key ~ Lab Scenario [£Z7 Valuable information S Test your knowledge =‫־‬ Web exercise m Workbook review T o d ay , m o s t o f o n lin e services are im p le m e n te d as w e b ap p licatio n s O n lin e banking, w eb search eng in es, em ail ap p lica tio n s, a n d social n etw o rk s are just a few exam ples o f su ch w e b services W e b c o n te n t is g e n e te d 111 real tim e by a so ftw are ap p lica tio n ru n n in g at server-side So h ack ers attac k 011 th e w e b serv er to steal cre d en tial in fo rm a tio n , p assw o rd s, a n d b u sin ess in fo rm a tio n by D o S (D D o s) attacks, S Y N flo o d , p in g flo o d , p o r t scan, sn iffin g attack s, a n d social en g in ee rin g attacks 111 th e area o f w e b security, d esp ite stro n g en c ry p tio n 011 th e b ro w se r-se rv e r ch an n el, w e b u sers still h av e 110 assu n ce a b o u t w h a t h a p p e n s a t th e o th e r end W e p re s e n t a secu rity ap p lica tio n th a t a u g m en ts w eb servers w ith tru ste d co -se rv e rs c o m p o s e d o f h ig li-assu ran ce secure co p ro c e sso rs, co n fig u red w ith a p u blicly k n o w n g u ard ian p ro g m W e b users can th e n estab lish th e ir a u th e n tic a te d , en c ry p ted ch an n els w ith a tru ste d co server, w h ic h th e n ca n act as a tru ste d th ird p a rty 111 th e b ro w se r-se rv e r in te c tio n S ystem s are c o n stan tly b ein g attack ed , a n d I T secu rity p ro fe ssio n a ls n ee d to b e aw are o f c o m m o n attack s 011 th e w eb serv er ap p licatio n s A tta ck e rs use sn iffers o r p ro to c o l analyzers to c a p tu re a n d analyze p ack ets I f d ata is sen t across a n e tw o rk 111 clear text, an attac k er ca n c a p tu re th e d ata p ac k ets a n d use a sn iffer to re a d th e data 111 o th e r w o rd s , a sn iffer ca n ea v esd ro p 011 electro n ic co n v e rsatio n s A p o p u la r sn iffer is W iresh ark , I t ’s also u se d b y ad m in istra to rs fo r legitim ate p u rp o se s O n e o f th e ch allen g es fo r an attac k er is to g am access to th e n e tw o rk to c a p tu re th e data If attack ers h av e phy sical access to a ro u te r 01‫ ־‬sw itch, th ey ca n c o n n e c t th e sn iffer a n d ca p m re all traffic g o in g th ro u g h th e system S tro n g p hysical secu rity m e asu res h elp m itigate tins risk A s a p e n e tra tio n te ste r a n d eth ical h ac k er o f an o rg an iz atio n , y o u m u s t p ro v id e security to th e c o m p a n y ’s w e b server Y o u m u s t p e rfo rm ch eck s 011 th e w eb serv er fo r M ilner abilities, m isco n fig u ratio n s, u n p a tc h e d secu rity flaw s, an d im p ro p e r a u th e n tic a tio n w ith ex tern al system s Lab Objectives T h e o b jectiv e o f tins lab is to h elp stu d e n ts learn to d e te c t u n p a tc h e d secu rity flaw s, v e rb o se e rro r m essag es, a n d m u c h m o re T h e o b jectiv e o f this lab is to: C E H L ab M an u al Page 731 ■ F o o rin t w e b servers ■ C rack re m o te p a ssw o rd s ■ D e te c t u n p a tc h e d secu rity flaws E th ical H a ck in g a nd C o untenneasures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webservers Lab Environment T o earn ‫ ־‬o u t tins, you need: & Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 12 Hacking W ebservers ■ A co m p u ter ru n n in g Window Server 2012 a s H o s t m achine ■ A co m p u ter ru n n in g w in d o w server 2008, w indow s and w in d o w s as a V irtual M achine ■ A w eb brow ser w ith In tern et access ■ A dm inistrative privileges to 11111 tools Lab Duration Tim e: 40 M inutes Overview of Web Servers A w eb server, w h ich can be referred to as die hardw are, the com p u ter, o r die softw are, is the co m p u ter application d ia t helps to deliver c o n ten t th at can be accessed th ro u g h the Intern et M o st people d u n k a w eb server is just th e hardw are com puter, b u t a w eb server is also the softw are co m p u ter application th a t is installed 111 the hardw are com puter T lie prim ary fu nction o f a w eb server is to deliver w eb pages o n the request to clients using the H y p ertex t T ran sfer P ro to co l (H T T P) T ins m eans delivery o f H T M L d o cu m en ts an d any additional co n ten t th at m ay be included by a d o cum ent, such as im ages, style sheets, an d scripts M any generic w eb servers also su p p o rt server-side scnpting using A ctive Server Pages (ASP), P H P , o r o d ie r scnpting languages T ins m eans th a t the behavior o f th e w eb server can be scripted 111 separate files, w lule the acm al server softw are rem ains unchanged W eb servers are n o t always used for serving th e W o rld W ide W’eb T h ey can also be fo u n d em bed d ed 111 devices such as printers, routers, w ebcam s an d serving only a local netw ork T lie w eb server m ay d ien be used as a p a rt o f a system for m o n ito rin g a n d /o r adm inistering th e device 111 question T ins usually m eans d ia t n o additional softw are has to be m stalled o n the client co m p u ter, since only a w eb brow ser is required m T A S K Overview C E H L ab M an u al Page 732 Lab Tasks R ecom m ended labs to dem o n strate w eb server hacknig: ■ F o o rin tin g a w eb server usnig the httprecon tool ■ F o o m itn ig a w eb server using the ID Serve tool ■ E xploiting Java vulnerabilities usnig M etasploit Framework E th ical H a ck in g a nd C ountem ieasures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webserver's Lab Analysis A nalyze an d d o cu m en t the results related to die lab exercise G ive your o p in io n 011 your target’s security p ostu re an d exposure PLEASE TALK TO YOUR I N S T R U C T O R IF YOU HAVE Q U E S T I O N S R E L A T E D TO T H I S LAB C E H L ab M an u al Page 733 E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Comicil All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webservers Footprinting Webserver Using the httprecon Tool The httpreconproject undertakes research in thefield of web serverfingerprinting, also known as httpfingerprinting I CON KEY / Valuable mtormadon Test your ** W e b exercise m W o rk b o o k re\ Lab Scenario W e b ap p licatio n s are th e m o s t im p o rta n t w ays to r an o rg an iz atio n to p u b lish in fo rm a tio n , in te c t w ith In te rn e t u se rs, a n d estab lish an e - c o m m e rc e /e g o v e rn m e n t p rese n ce H o w e v e r, if an o rg an iz atio n is n o t rig o ro u s in co n fig u rin g a n d o p e tin g its p u b lic w eb site, it m ay be v u ln e b le to a v ariety o f security threats A lth o u g h th e th rea ts 111 cy b ersp ace re m a in largely th e sam e as 111 th e physical w o rld (e.g., frau d , th e ft, v an d alism , a n d te rro rism ), th e y are far m o re d a n g e ro u s as a result O rg a n iz a tio n s can face m o n e ta ry lo sses, d am ag e to re p u ta tio n , 01‫ ־‬legal ac tio n if an in tru d e r successfully v io lates th e co n fid en tiality o f th e ir data D o S attack s are easy fo r attack ers to a tte m p t b ecau se o f th e n u m b e r o t p o ssib le attac k v e c to rs, th e v arie ty o f a u to m a te d to o ls available, an d th e lo w skill level n e e d e d to use th e to o ls D o S attack s, as w ell as th re a ts o f in itiatin g D o S attacks, are also in creasin g ly b e in g u se d to blackm ail o rg an iz atio n s 111 o rd e r to be an e x p e rt eth ical h ac k er a n d p e n e tra tio n tester, }‫׳‬o il m u s t u n d e rs ta n d h o w to p e rfo rm fo o rin tin g 011 w e b servers Lab Objectives T h e o b jectiv e o f this lab is to h elp sm d e n ts le arn to fo o rin t w eb se rv e rs I t will te ac h y o u h o w to: H Tools dem onstrated in this lab are available D:\CEHTools\CEHv8 Module 12 Hacking W ebservers C E H L ab M an u al Page 734 ■ U se th e h ttp r e c o n to o l ■ G e t Webserver fo o rin t Lab Environment T o carry o u t th e lab, y o u need: ■ httprecon to o l lo c a te d at D:\CEH-T0 ls\CEHv8 Module 12 Hacking W ebservers\W ebserver Footprinting Tools\httprecon E th ical H a ck in g a nd C ountem ieasures Copyright © by EC-Comicil All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webservers ■ Y o u can also d o w n lo a d d ie la test v e rsio n o f httprecon fro m th e link http://w w w com putec.ch/projekte/httprecon ■ I f y o u d ecid e to d o w n lo a d th e la te st version, th e n sc re e n sh o ts sh o w n 111 th e lab m ig h t d iffer m H ttprecon is an open-source application that can fingerprint an application o f webservers ■ R u n tins to o l 111 W indows Server 2012 ■ A w e b b ro w se r w ith I n te r n e t access ■ A d m in istra tiv e privileges to r u n to o ls Lab Duration T im e: 10 M inutes Overview of httprecon h ttp re c o n is a tool for advanced w eb server fingerprinting, similar to httprint T h e h ttp re c o n p roject does research 111 th e held o f w eb server fingerprinting, also k n o w n as http fingerprinting T h e goal is lughlv accurate identification o f given httpd im plem entations TASK Footprinting a Webserver Lab Tasks N av ig ate to D:\CEH-Tools\CEHv8 Module 12 Hacking W ebservers\W ebserver Footprinting Tools\httprecon D o u b le-c lick h ttp recon exe to la u n c h httprecon T h e m a in w in d o w o f h ttp re c o n ap p e ars, as sh o w n 111 th e fo llo w in g figure 11 httprecon 7.3 File Configuration Fingergrinting Reporting I —1 Help Target |http;// | |80 T ] "*” | GET existing | GET long request | GET nonexistag | GET wrong protocol | HEAD existing | OPTIONS com * I * £G1 Httprecon is distributed as a ZIP file containing the binary and fingerprint databases Full Matchlist | Fingerprint Details | Report Preview | | Name j Hits Match % FIGURE 1.1: httprecon main window C E H L ab M anual P ag e 735 E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webservers E n te r th e w eb site (URL) w w w juggyboy.com th a t y o u w a n t to footprint a n d select th e port number Click Analyze to s ta rt analyzing th e e n te re d w eb site Y o u sh o u ld receiv e a fo o rin t o f th e e n te re d w eb site httprecon 7.3 - http://juggyboy.com:80/ File Configuration Fingerprinting Reporting Help Target (Microso(( IIS 6.0) tewl Httprecon vises a simple database per test case that contains all die fingerprint elements to determine die given implementation I http:// ▼1 |juggyboy ccxn‫|־‬ GET existing | GET long request | GET non existing | GET wrong protocol | HEAD existing | OPTIONS com * I * I HTTP/1.1 200 OK bate: Thu, 18 Oct 2012 11:36:10 GMT bontent-Length: 84S1 Content-Type: text/html Content-Location: http://‫כ‬uggyboy.com/index.html Last-Modified: Tue, 02 Oct 2012 11:32:12 GMT Accept-Ranges: non• ETag: "a47ee9091a0cdl:7a49" Server: Microsoft-IIS/6.0 K-Powered-By: ASP.NET Matchlst (352 Implementations) | Fingerprint Details | Report Preview | | Name Microsoft IIS 6.0 ^ Microsoft IIS 5.0 Microsoft IIS Microsoft IIS 5.1 ^ •22 Sun ONE Web Server 61 V , Apache 1.3.26 O Zeus 4.3 V m The scan engine o f httprecon uses nine different requests, which are sent to the target web server Apache 1.3.37 I Hits | Match % | 88 71 S3 100 80.68 71 59 63 63 62 71 59 71.59 70.45 62 60 70.45 6818 v £ FIGU RE 1.2: Tlie footprint result o f the entered website Click die GET long request tab, w h ich will list d o w n die G E T request T h e n click die Fingerprint Details httprecon 7.3 - http://juggyboy.com:80/ File Configuration Fingerprinting Reporting 1- l‫ ״‬L»J | Help Target (Microsoft IIS 6.0) I N ip;// j ‫׳‬J ^ juggyboy com| [* - ‫פ‬ GET existing | GET long request ] GET non existing | GET wrong protocol | HEAD existing | OPTIONS com * I * I HTTP/1.1 400 Bad Request Content-Type: text/html Data: Thu, 18 Oct 2012 11:35:20 GMT Connection: close Content-Length: 34 Matchlst (352 Implementations) i~~ H ttprecon does not rely on simple banner announcements by the analyzed software P r o t o c o l V e r s io n S ta tu sc o d e S ta tu sta x t B anner K -P o v e r e d -B y H eader S p aces C a p i t a l a f t e r D a sh H e a d e r-O r d e r F u l l H e a d e r -O r d e r L im it Fingerprint Details | Report F^eview | HTTP 1 400 1 C o n t e n t -T y p e ,D a t e ,C o n n e c t io n ,C o n t e n t- L e n g t h C o n t e n t -T y p e ,D a t e ,C o n n e c t io n ,C o n t e n t- L e n g t h Ready FIGURE 1.3: The fingerprint and G E T long request result o f the entered website C E H L ab M anual Page 736 Etliical H a ck in g a nd C o untenneasures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webservers Lab Analysis A nalyze an d d o cu m en t die results related to the lab exercise G ive your o p in io n 011 your target’s secuntv p ostu re an d exposure PLEASE TALK TO YOUR I N S T R U C T O R IF YOU HAVE Q U E S T I O N S RE L A T E D TO T H I S LAB T o o l/U tility Information C o llected /O b jectives Achieved O u u t: F o o rin t o f th e juggyboy w eb site ‫י‬ h ttp r e c o n T o o l ‫י‬ ‫י‬ ‫י‬ ‫י‬ C o n te n t-ty p e : te x t/h tm l c o n te n t-lo c a tio n : h tt p : / / ju g g v b o v c o m / 1n d e x h tm l E T ag : "a ee 9 1eOcd 1:7a49" server: M ic ro s o ft-IIS /6 X -P o w ered -B v : A S P N E T Questions A nalyze th e m a jo r d iffe ren ce s b e tw e e n classic b a n n e r-g b b in g o f th e serv er line a n d littp re c o n E v alu ate th e type o f te s t req u e sts se n t b y littp re c o n to w e b servers Internet Connection Required Y es □ No P la tf o r m S u p p o r te d C la s s r o o m C E H L ab M an u al Page 737 □ !Labs E th ical H a ck in g a nd C ountem ieasures Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Module 12 - Hacking Webservers Lab Footprinting a Webserver Using ID Serve ID Serve is a simple,free, small (26 Kbytes), andfastgeneral-purpose Internet server identification utility I CON KEY / Valuable information Test your ** Web exercise m Workbook re\ Lab Scenario 111 th e p rev io u s lab y o u h av e le arn ed to u se th e h ttp r e c o n tool, h ttp r e c o n is a to o l fo r a d v a n ce d w e b serv er fin g erp rin tin g , sim ilar to h ttp rin t It is v ery im p o rta n t fo r p e n e tra tio n testers to be fam iliar w ith b an n e r-g b b in g te ch n iq u e s to m o n ito r servers to en su re co m p lia n ce a n d a p p ro p ria te security u p d ates U sin g this te c h n iq u e y o u can also lo cate ro g u e serv ers 01‫ ־‬d e te rm in e th e role o f servers w ith in a n e tw o rk 111 tins lab y o u w ill learn th e b a n n e r g b b in g te c h n iq u e to d e te rm in e a re m o te ta rg e t system u sin g I D Serve 111 o rd e r to b e an e x p e rt ethical h ac k er an d p e n e tra tio n te ste r, v o u m u s t u n d e rs ta n d h o w to fo o rin t a w e b server Lab Objectives T h is lab w ill sh o w y o u h o w to f o o rin t w eb serv ers a n d h o w to u se ID Serve It w ill te ac h v o u h o w to: H Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 12 Hacking W ebservers ■ U se th e ID Serve to o l ■ G e t a w eb serv er fo o rin t Lab Environment T o carry o u t th e lab, y o u need: ■ ID Serve lo c a te d at D:\CEH-T0 ls\CEHv8 Module 12 Hacking W ebservers\W ebserver Footprinting Tools\ID Serve ■ Y o u can also d o w n lo a d th e la test v e rsio n o f ID Serve fro m th e link h ttp : / / w w w g rc c o m / i d / 1d se rv e h tm ■ I f v ou d ecid e to d o w n lo a d th e la te st version, th e n sc re e n sh o ts sh o w n 111 th e lab m ig h t d iffer C E H L ab M an u al Page 738 E th ical H a ck in g a nd C ountem ieasures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webservers ■ R u n diis to o l o n W indows Server 2012 as h o s t m a ch in e ■ A w e b b ro w s e r w ith Internet a c c e s s ■ A d m in istra tiv e privileges to r u n to o ls Lab Duration Tim e: 10 M inutes m ID Serve is a simple, free, small (26 Kbytes), and fast general-purpose Internet server identification utility T A S K Footprinting a W ebserver Overview of ID Serve ID Serve attem pts to determ ine die domain name associated w idi an IP Tins process is kno w n as a reverse DNS lookup an d is h an d y w h e n checking firewall logs o r receiving an IP address fro m som eone N o t all IP s th at have a forward direction lookup (D om ani-to-IP ) have a reverse (IP -to-D om ain) lookup, b u t m any Lab Tasks 111 W in d o w s S erver 2012, n av ig ate to D:\CEH-Tools\CEHv8 Module 12 Hacking W ebservers\W ebserver Footprinting Tools\ID Serve D o u b le-c lick id serv e.ex e to la u n ch ID Serve T h e m ain w in d o w ap p ears C lick th e Server Query tab as sh o w n in th e follow ing figure ID Serve Internet Server Identification Utility, v l 02 Personal Security Freeware by Steve Gibson ID Serve Background | Copyright (c) 2003 by Gibson Research Corp Seiver Query Q & A /H elp Enter or copy I paste an Internet server URL a IP address here (example: www.microsoft.com): ™ Query The Server m ID Serve can connect to any server port on any domain or IP address W hen an Internet URL or IP has been provided above press this button to initiate a query of the specified seiver Server query processing: The server identified itself a s : Copy | Goto ID Serve web page FIGU RE 2.1: Welcome screen o f ID Serve C E H L ab M anual Page 739 111 o p tio n 1, e n te r (01‫ ־‬c o p y /p a s te an In te r n e t serv er U R L o r IP address) th e w e b site (URL) y o u w a n t to footprint E n te r h t t p : / / 10.0 /re a lh o m e (IP ad d re ss is w h e re th e real h o m e site is h o ste d ) in step E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webservers This Security Alert addresses security issues CYE-2012-4681 '(USCERT Alert TA12-240A and Vulnerability Note VU#636312) and two other vulnerabilities affecting Java running in web browsers on desktops Enter your valid email address 111 the Metasploit Community option and click GO ‫׳‬ These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications They also not affect Oracle serverbased software 4‫■ ־‬ ‫־‬F ! Product mv‫־‬e^V.e «t*s?ot-pp^p«^xJuct_k*y‫־‬Ikf>‫׳‬jtN»rne ikLutName iStLrnsilAddieii c«01g»■‫׳‬ Choose between two FREE Metasploit Offers (J)metasploit G Dmetasploit ~ community Mefa1.pl04Pro mipi \+am*! * ‫ גי‬IT pror*tnon*l11r *‫ ׳‬:«•»*> c‫ *־♦*־‬u i bteacftet by ematr*, cc-nix&M) btojd t&op• p»n«k«1>»alMt» pnottong «yin*‫־‬jD111t*1 *no ‫*׳‬nf.-nj :00*0*1 tnc mitigatar! Mct.1r.p10HCommunityEdMiontimplifiot r♦fACfKd1» 33 0ra*ta commgn^tfaiorWlicenseproductkt/.‫׳‬oucansupthisslep Enter Product Key You've Received by Email Paste ■nthe product fcej‫־‬t*al was sent to fte «13‫‫ ׳‬Modules Tags r , Reports ~ Tasks 2012-4681 Module Statistics show Search Keywords show Found 10 matching modules Module Type Amatory AiMlffy StW Expbi OS ra C M StM ?0113 local nie maaon vunersMty WMWfee'yne S««xrrjN9n67sK//'loC*i»c«ti79Qp'1*o»i3p«ccv£t»W ^7 ▼C 11Google GDcommunity1 metasploit' b Overview Analysis ‫ ־‬Sessions Campaigns *‫ ־‬Web Apps Modules lags _J Reports Tasks Q Project Management A Metasploit Pro project contains die penetration test diat you want to run A project defines die target systems, network boundaries, modules, and web campaigns diat you want to include in die penetration test Additionally, within a project, you can use discovery scan to identify target systems and bruteforce to gain access to systems FIGURE 3.23: Metasploit Capturing die reverse connection of targeted macliine 27 Click die S essio n s tab to view die captured connecdon of die target macliine C E H L ab M anual Page 754 E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webservers User Management Administrators can assign user roles to manage the level of access that the user has to projects and administrative tasks You can manage user accounts from die Administration menu FIGURE 3.24: Metasploit Session tab 28 Click die captured session to view die information of a target machine as shown 111 die following screenshot ‫ ן‬- ‫י‬a ‫ ״‬x ‫י‬ 1‫ ׳‬r, A Ipi;• loiafttost '!C e •1 ‫ ־‬Google p { • ‫ ם‬- GDcommunity metasploit (>v Web Ap|n V Modules lags Repoits CZ fasks Q ttiin n i (J CMafwp Active Sessions | * S cmcm OS Moat J #012 100 ‫׳‬-wndewad Typv Melerpffier Agw 4m m Dvet1«U011 *•■*‫ יי‬v! ‫׳‬v*mse Attack Modulo + JAVA_JHE17JLXEC Closed Sessions Global Settings Global settings define settings that all projects use You can access global settings from the Administration menu From the global settings, you can set die payload type for die modules and enable access to die diagnostic console through a web browser Additionally, from global settings, you can create API keys, post-exploitation macros, persistent listeners, and Nexpose Consoles C E H L ab M anual Page 755 I Ueissploit Commune? 4.4.0 - U&dato2012103101 © 2010-2012 R8pitf7Inc B03K* U* •‫״‬-' R A P ID FIGURE 3.25: Metasploit Captured Session of a Target Machine 29 You can view die information of the target machine E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 12 - Hacking Webservers System Management As an administrator, you can update the license key and perform software updates You can access die system management tools from the Administration menu FIGURE 3.26: Metasploit Target Machine System information Host Scan A host scan identifies vulnerable systems within the target network range that you define When you perform a scan, Metasploit Pro provides information about die services, vulnerabilities, and captured evidence for hosts that the scan discovers Additionally, you can add vulnerabilities, notes, tags, and tokens to identified hosts 30 To access die tiles of die target system, click A c c e ss Filesystem I -Sesac1‫״‬ c (u) metasploit ^ Y r community \ Overview ^ A n ily ib >1 (1‫־‬ — I ~ Stw toM Q ',/Campaigns ‫ •׳‬Wob Apps V I Session on 10.0.0.12 & a k > n T y i n i « 41 ‫׳‬ * 'n a t a i p i < p « j— 1* ' O Infoi mallon * 1‫ «יי‬O A t t a c k M o d u l o ‫י‬ io » Ipv Available Actions (■‫ ג‬Collect System CoeeasrstHr anasensitiveaaia iscresnshois, passwords s>»t*mirtformMon) o*rseVieremoteJif systemandupload, download, and OeleteHies 1ntM»aw«1aremctecommand snell or 6‫ וזו‬taro6t !advanced users! ‫ ״‬C1«M Piory P‫»׳‬ot Ptolatacts using V* rtmote host as a gateway (TCPAJDP) i Gos« t»s session Furmsrmteracaonieijuires aapioitaDon 2010-2012 R3P«d7me Be‫׳‬ Bruteforce uses a large number of user name and password combinations to attempt to gain access to a host Metasploit Pro provides preset bruteforce profiles that you can use to customize attacks for a specific environment If you have a list of credentials diat you want to use, you can import the credentials into the system C E H L ab M anual Page 756 •VR APID FIGURE 3.27: Metasploit Accessing Filesystem of a Target Machine 31 You can view and modify die files from die target macliine E th ical H a ck in g a nd C o untenneasures Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Module 12 - Hacking Webservers fik 1M01? '‫־‬ P A ,'ttpi tocdhoit % m »• '1,tilo'ptfh-iViridavn If a bruteforce is successful, Metasploit Pro opens a session on die target system You can take control of die session dirough a command shell or Meterpreter session If there is an open session, you can collect system data, access die remote file system, pivot attacks and traffic, and run postexploitation modules Modules expose and exploit vulnerabilities and security flaws in target systems Metasploit Pro offers access to a comprehensive library of exploit modules, auxiliary modules, and postexploitation modules You can run automated exploits or manual exploits Automated exploitation uses die minimum reliability option to determine the set of exploits to run against die target systems You cannot select die modules 01 define evasion options diat Metasploit Pro uses C E H L ab M an u al Page 757 C Sal SpMCti Sy»W0W5« U System L» Sy8tem32 L* X4P1 L ‫«&־‬ls t* Ten© ‫־‬oasCala Li V« L_ GmWmSlot* AtaS*S { •*Ins ‫» ן‬s»s«tch >■■«■» •n-ys Li, •ChMNM _ ••cutty _fr-aong Qllwax.fi 90C70912K23IC lyt ‫ ־‬OKMalalb* □ MMpfW exe ‫־‬ PfROb* PrefMvrnal *1‫יי‬ carter » 1720 &&24a 14a6 718 ‫מגוב‬ j-iseb 2012-05-19093340UTC 2012-11-15135852ITTC 201205-18093341 UTC 2012-11-15135652UTC 201205-1909413‫ ג‬UTC 20120918 09272\ -TC 2012-11-1514.13.50UTC 2012-05-190ft 3£7‫ ג‬UTC 2012-05-19Oft40‫ גג‬UTC 2012-05-19Oft33.