Exploitation Techniques
Explore the world of exploitation through this detailed guide covering what exploitation is, classes of exploits, vulnerable applications, Metasploit configuration, triggering exploits, vulnerabilities, and more. Learn about leveraging software vulnerabilities to gain unauthorized access to computer systems.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Exploitation 101 Download the Containers! Github:/Microcentillion/snowfroc_metasploit Github:/Microcentillion/snowfroc_joomla
Exploitation 101 Brad Woodward Senior Engineer AppliedTrust bwoodward@appliedtrust.com
Exploitation 101 Agenda What is Exploitation? Classes of Exploits Hands-on Demonstration l Identifying Vulnerable Applications l Configuring Metasploit l 'Pulling the Trigger'
Exploitation 101 What is ? l What is Exploitation?
Exploitation 101 What is ? l What is Exploitation? l The process of leveraging software vulnerabilities to bypass security controls, with the intent of gaining unauthorized access to a computer system.
Exploitation 101 What is ? l What is Exploitation? l The process of leveraging software vulnerabilities to bypass security controls, with the intent of gaining unauthorized access to a computer system. l What is an 'exploit'?
Exploitation 101 What is ? l What is Exploitation? l The process of leveraging software vulnerabilities to bypass security controls, with the intent of gaining unauthorized access to a computer system. l What is an 'exploit'? l A software tool designed to take advantage of a flaw in a computer system.
Exploitation 101 What is ? l What is a vulnerability?
Exploitation 101 What is ? l What is a vulnerability? l A weakness in design, implementation, operation or internal control.
Exploitation 101 Classes of Exploits l Denial of Service l Unauthorized Data Access l Privilege Escalation l Local/Remote Code Execution
Exploitation 101 Hands-on Demo l The containers use your host IP l Disconnect from untrusted networks and set a static IP on the host before starting them. l Start the containers l Joomla: run_joomla.sh l Metasploit: start_metasploit.sh
Exploitation 101 Hands-on Demo l joomla_http_header_rce l Released Dec 14 l 'rce' = Remote Code Execution l Buffer overflow in X-Forwarded-For and User-Agent HTTP Headers l Affected l Joomla 1.5.0 3.4.5 l PHP < 5.5.9+dfsg-1ubuntu4.13 th 2015
Exploitation 101 Next steps?
Exploitation 101 Next steps? l Start simple l
Exploitation 101 Next steps? l Start simple l Watch for new CVEs and Exploits l
Exploitation 101 Next steps? l Start simple l Watch for new CVEs and Exploits l Practice 'off the field' l Re-use the containers!
Exploitation 101 Resources l cve.mitre.org l offensive-security.com l meetup.com l Denver OWASP l OWASP Boulder Chapter
