Network Hacking Post Exploitation
10 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following resources provides a web-based interface to access latest exploits?

  • Metasploit
  • Vulnerability-Lab
  • Exploit-Db
  • CXSecurity (correct)
  • What is the name of the exploit framework that is pre-installed with Kali?

  • Exploit-Db
  • CXSecurity
  • Vulnerability-Lab
  • Metasploit (correct)
  • Which of the following is a command line search tool for exploits in Kali?

  • Exploit-Db
  • Vulnerability-Lab
  • searchsploit (correct)
  • Metasploit
  • Which of the following exploits was developed by the U.S. National Security Agency (NSA)?

    <p>EternalBlue</p> Signup and view all the answers

    What is the name of the ransomware that used the EternalBlue exploit to attack unpatched computers?

    <p>WannaCry</p> Signup and view all the answers

    Which of the following is a online resource that provides a large vulnerability database complete with exploits and PoCs for research purposes?

    <p>Vulnerability-Lab</p> Signup and view all the answers

    Which of the following is a framework that provides tools to develop and execute exploits?

    <p>Metasploit</p> Signup and view all the answers

    What is the name of the group that released the EternalBlue exploit on April 14, 2017?

    <p>Shadow Brokers</p> Signup and view all the answers

    Which of the following is a online resource that provides a web-based interface to access latest exploits?

    <p>CXSecurity</p> Signup and view all the answers

    Which of the following is a search tool for exploits in Kali?

    <p>searchsploit</p> Signup and view all the answers

    Study Notes

    Fuzzing

    • Sending unexpected or malformed data to an application to see how it handles
    • Can lead to a possible DoS (Denial of Service)

    Post Exploitation

    • What happens after exploiting the target
    • Privilege escalation: gaining higher-level access and permissions
    • Password harvesting: collecting sensitive data
    • Pivoting: moving to other systems in the network to gain more access and information

    Privilege Escalation

    • Targeting high-permission accounts (e.g., root, administrators)
    • Gain access to system information and make changes to services and users

    Pivoting

    • Using a compromised system to access other systems in the network
    • Compromised targets may have multiple interfaces, allowing access to other networks

    Persistence

    • Maintaining access to compromised systems
    • Keeping access through repeated exploitation or other means

    Process Injection

    • Hiding malicious code inside existing processes
    • Using Metasploit Meterpreter migrate command

    Log Manipulation

    • Clearing logs on compromised systems
    • Deleting log files on Windows and Linux systems
    • Using Meterpreter to clear event logs

    Hiding Data

    • Using dot files and directories on Linux
    • Using alternate data streams (ADS) on Windows

    Summary

    • Searching for exploits
    • Cracking password hashes using John the Ripper and Lophcrack
    • Pivoting and privilege escalation
    • Covering tracks to avoid detection

    Exploit Resources

    • CXSecurity: web-based interface for latest exploits
    • Vulnerability-Lab: large vulnerability database with exploits and PoCs
    • Exploit-Db: online resource for exploits, including Exploit Database and Metasploit

    Metasploit

    • Preinstalled with Kali, a popular penetration testing framework
    • Provides tools for developing and executing exploits
    • Many modules available for testing systems and networks
    • Owned by Rapid7

    Exploits Search Tools

    • Search tools in Kali, including searchsploit command
    • Searching for exploits using searchsploit

    EternalBlue

    • Exploit developed by the U.S. National Security Agency (NSA)
    • Leaked by the Shadow Brokers hacker group in 2017
    • Used in WannaCry ransomware attacks on unpatched computers

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Learn about the next steps after exploiting a target system, including privilege escalation, password harvesting, and pivoting to other systems. Discover how to gain more sensitive information or access new areas of the network.

    More Like This

    Use Quizgecko on...
    Browser
    Browser