七、Kali Linux 2 渗透攻击

great MS08-067 Microsoft Server Service Relative Path Stack Corruption …… …… …… …… The column headings of the vulnerability penetration module are divided into four parts: name, disclosure date, threat level, and threat description. The names of all vulnerability penetration modules are composed of three parts, which are the targeted operating system, targeted service, and specific module name combined together.

Three, Attacking Operating Systems with Metasploit

Less than 10 years after the outbreak of the MS08-067 vulnerability, on the evening of April 14, 2017, the hacker group Shadow Brokers released a large number of network attack tools, including the "EternalBlue" tool, which exploits the SMB vulnerability (ms17_010) in Windows systems to gain the highest system privileges. Ukraine, Russia, Spain, France, the UK, and other countries have all been attacked using the "EternalBlue" tool.

Four, Attacking Applications with Metasploit

Easy File Sharing HTTP Server is a widely used HTTP server software. However, a vulnerability was discovered in this software in 2015. Metasploit promptly included penetration modules for this vulnerability. Now, let's use this vulnerability to penetrate a target operating system, which is Windows 7.

Five, Attacking Clients with Metasploit

Metasploit also provides a variety of passive attack methods. These attack methods often require the cooperation of the targeted user to succeed. However, in daily life, the success rate of these attack methods is often higher than active attacks, so they are also important targets to defend against. Many hacking cases occur because the victims clicked on malicious links. These malicious links have different purposes, but if the target uses a vulnerable browser or vulnerable plugins, it may lead to the compromise of the entire system. Metasploit integrates a large number of attack modules for various browsers and plugins.

1. Penetrating through browser plugin vulnerabilities: Browsers usually have many plugins that implement auxiliary functions, which are often the focus of hacker attacks. For example, Adobe Flash Player plugin, which is widely known for displaying web page animation effects, has been repeatedly found to have security vulnerabilities. Metasploit provides modules that can be used for exploiting these vulnerabilities.

2. Penetrating through HTA files: Due to the rapid development of browser security technologies, hackers often need to deal with secure browsers (those without known vulnerabilities). In such cases, they usually choose a method that does not rely on vulnerabilities. This method should appear as a normal behavior, such as tricking the victim into downloading a plugin from a forged website, claiming to improve the user experience or display content correctly. However, the file cannot be an easily detectable type like an executable, so HTA becomes the best choice.

3. Penetration testing using VBScript: Macro viruses are a special type of file-based virus. For example, Microsoft's Office product series provides the ability to write programs using the VBA programming language. VBA is based on Visual Basic and has similar language structures. VBA has been widely used to create small programs based on Excel and Word. However, macro viruses appeared after Microsoft introduced macros in WORD. Currently, Microsoft Office products are the most popular editing software and are available on multiple platforms. Macro viruses take advantage of this popularity to spread widely. Constructing a Word document containing a macro virus is not complicated. Just create a document with an autoopen function, and the virus will be triggered automatically when the document is opened, infecting other documents or directly deleting files, etc. Word macros and other styles are stored in template.dot files, so documents are always converted to templates and macros are stored.

4. Penetration attacks using the browserautopwn2 module: If selecting modules one by one is cumbersome, you can consider using the browserautopwn module. The idea of this attack is for the attacker to construct a web server for attacks and then send the address of this web server to the target user. When the target user opens this address using a vulnerable browser, the attack web server will send various attack scripts to the browser. If one of the attack scripts succeeds, a Meterpreter session will be established on the target host.

Six, Attacking Web Applications with Metasploit

Summary: This chapter explains how to send remote control software to the target host, which relies on vulnerabilities in the target system. Due to the complexity of vulnerability development, we choose to use pre-written penetration modules targeting vulnerabilities during the learning process. It also introduces the Metasploit network security penetration testing tool, which is a powerful tool that integrates penetration modules for most vulnerabilities in the world. It provides examples of using Metasploit and uses the classic MS17-010 vulnerability as an example to explain how to attack operating systems. It also provides ideas for penetrating Windows 7 and later operating systems, which are usually difficult to directly exploit. Instead, vulnerabilities in software running on the operating system are targeted for penetration. Finally, it introduces passive attacks against target browsers and office software. The next chapter will explain a simpler way for beginners to learn Metasploit, which is the graphical user interface of Metasploit.