What is Metasploit ?
This is just an exploit framework which have many modules that can be used for exploitation, pivoting, scanning, etc etc
What is Meterpreter?
This is the feature of Metasploit, it's have a payload that offers a shell connection on the victim's computer but with extra features
Approach Privilege Escalation in Windows/Linux ⇒
the goal is -> to become a super admin of system , so from restricted/low shell to the administrator/high shell
For Linux, we check for :->
- Kernel exploits
- Programs running as root
- Installed software
- Weak/reused/plaintext passwords
- Inside service
- Suid misconfiguration
- Abusing sudo-rights
- World writable scripts invoked by root
- Bad path configuration
- Cronjobs
- Unmounted filesystems
For windows we check for ->
- First is checking the software version
- 2nd checking for their network [domain or workgroup]
- Checking for Active Directory related things
- Checking for their SMB,Kerberos, their SAM, etc etc
- Finding files
- Checking registry
- Checking what services are available
- Trying to run some exploits like hotpotato etc
What is Pivoting ?
In simple words, when you gain command execution on one box, then you can try pivot on that box to explore the networks from the same box which can lead to giving you access to additional areas of the network
So , you actually try to gain into the internal network access
EXAMPLE ⇒
Suppose you gain the shell on the victim machine which having ip like -> 192.168.1.12
After checking their network you see there is another network range is open like 10.10.10.2,
so just checking the whole network of 10.10.10.x and if you got the one ip range is open then you try to pivoting that network[10.10.10.3 suppose open] using 192.168.1.12 because directly 10.10.10.3 network is not accessible from your own network[h@ckers], so we now use pivoting technique
Steps for stack based buffer overflow →
Here are the steps ->
- First fuzzing service's parameter and the locate EIP
- Then finding bad characters
- Then finding return address and exploitation
Limited shell to full root shell ⇒ [Mean from Restricted Shell to Full Root Shell]
Common Restricted Shell ⇒ rbash, rzsh, rksh
Step 1 ⇒ Gathering Environment Information
- Check available commands either by trying them out by hand, hitting the TAB key twice or listing files and directories
- Check for commands configured with SUID permissions, especially if they are owned by root user.
- Check the list of commands you can use with sudo. This will let us execute commands with other user’s permissions by using our own password.
- Check what languages are at your disposal, such as python, expect, perl, ruby, etc
- Check if redirect operators are available, such as '|' (pipe), “>”, “>>”, “<”
- Check for escape characters and execution tags such as: “;” (colon), “&” (background support), “’” (single quotes), “” (double-quotes), “$(“ (shell execution tag), “${“
Step 2 ⇒ Common Initial Techniques
- Console Editors ⇒ ed,ne,nano,pico,vim ⇒ we can try ⇒ in vim ⇒
- :set shell=/bin/bash
- :shell
- :!/bin/bash
- Pager Commands ⇒ more or less
- man and pinfo Commands
- find command
- nmap command
Step 3 ⇒ Programming Techniques
- awk, expect, python, ruby, perl, php
In these above techniques , we need to use shell things and other techniques to get a root shell
Thanks for reading
To your success,
Aman Yadav
#metasploit #kalilinux #cybersecurity #linux #termux #python #anonymous #windows #cyberattack #pentesting #infosec #informationsecurity #secutiy #javascript #cybersecurityawareness #java #phishing #cybercrime #programming #computer #coding #bhfyp #amansays
0 Comments