Finding And Running Exploits - Kiddies Dream to becoming UberGenius
The easiest way to get inside a system(unpatched) is to run preformed exploits
You do not need to code ,scratch your head ,or experiment
just find exploit ,compile it , run it and you are done
This all sounds so simple but noone never tells how to find and execute an exploit . This guide will help you to do so. how to become a uber script kiddie way ahead the others
Tools u Need :-
1. A C/C++/C# compiler
U can get it from http://www.borland.com or gnu c compiler will do fine
2. Perl
Get perl interpreter from http://www.perl.com
3. Python - rarely needed
but it is not bad to have python interepreter too. http://www.python.com
Many exploits are written in bash programming or shell scripts so you sometimes need a linux/unix as an os to run exploit
also you may wan to get linux / unix as most of the language compilers and interpreters are inbuilt
Other tools:-
Some tools for victims for information gathering like nmap , hping , http print ,amap
Finding Exploits using Internet :-
Step 1.
Use nmap to find open ports
Usage nmap
eg .Lets say he is running VNC on port 5900
Step 2:-
Try to do banner grabbing and OS detection
know what kind of services they are running on different ports
telnet to these ports and send some arbitrary commands to do banner grabbing or you could use tools like http print ,amap etc. For OS detection nmap is ok
eg .By Banner grabbing we found that he is running realvnc 4.1
Step 3:- Now you know the OS ,the service you want to attack
go to milw0rm.com ,securityfocus.com etc. or simply use google to find
Search for the servie
in securityfocus go to vulnerabilities find it using drop down boxes
Many a times securityfocus wont provide with you with exploit code but milw0rm does
Now save the exploit that milw0rm gave us
For eg. milw0rm gave us the exploit for authentication bypass in real VNC 4.1
Step 4:-
Open the exploit the author usually provides you with details of the exploit in either comments or directly when you are execcting the exploit . the objective here is understand how the exploit work
Step 5:-
Compile the exploit
use GNU C compiler or any other compiler that you have . if the exploit is perl coded good for you
you are saved from the hassle of compilation and stuff
you need to directly run it
eg:- gcc exploit.c exploit
Step 6:-
Run the exploit
for c coded exploits
eg :- exploit.exe(windows) or ./exploit (linux)
For perl
eg: /path/to/perl/perl exploit.pl
for linux default is /usr/bin/
Now the exploit may ask you for various options or sometimes you have to provide parameters beforehand like
Step 7:- Now you have run the exploit you - the exploit may spawn a shell to you to give command line access to the system or do a vnc.dll inject to give reverse vnc access .Whatever, now you have total control over the system . DO not forget to clean the logs ,install backdoor and making everthing look non suspicious
Special Note:- This tutorial is not meant to be a spoon feed guide it is just a overview giving you an idea how to do such things, coz you can write pages on exploits since there are thousands of them (different ) out there.
USE YR KNOWLEDGE FOR CONSTRUCTION AND NOT FOR DESTRUCTION !
No comments:
Post a Comment