part 3

txt

School

Northeastern University *

*We aren’t endorsed by this school

Course

5001

Subject

Information Systems

Date

Dec 6, 2023

Type

txt

Pages

2

Uploaded by CaptainMantisMaster664

Report
Part 3 – Exploitation Gaining Access through A vulnerability identified during the vuln scan (Week 6) PROJECT SECTION 3 DETAILS The third part of your project requires you to exploit a vulnerability of your choosing based on the previous section’s scanning. The exploit should be through a Metasploit Module or other open-sourcecommercial tool or custom scriptcode. Select your vulnerability carefully. You should thoroughly research your vulnerability before you start to exploit it – which is the same process you would use in a professional capacity. The vulnerability MUST RESULT IN GAINING SYSTEMROOT ACCESS on the target host. Compromised credentials (including no password or weak password) is not a sufficient vulnerability to exploit. During the course labs, you will have completed labs that require you to exploit a vulnerability. You must choose an exploit that we have not done in class. I suggest doing a web search on “Metasploitable Walkthrough” for additional ideas on Metasploit modules that could be used (if you have selected Metasploitable as your vulnerable target), or research vulnerabilities specific to your vulnerable framework. Keep in mind that your vulnerability should have been flagged during the vulnerability scanning portion. Option 1 – Local Lab Depending on your chosen vulnerable target host, you may have many more vulnerabilities to choose from. I recommend that you keep it simple and stick with a vulnerability that is well documented so there is sufficient write-ups and posts to follow. With that said, creativity and rigorous exploit research is always welcomed and appreciated. Option 2 – Remote Lab Your choices are surprisingly not limited here. There are, of course, vulnerabilities in some of the web applications that will not show up in a vulnerability scan with a tool like Nessus due to what Nessus is actually looking at. With that said, web application vulnerabilities are a bit more complex than some of the other software vulnerabilities that are well documented for Metasploitable. I recommend you stick with a well-documented vulnerability. Here are some steps on how to exploit a vulnerability identified during a vulnerability scan: Identify the vulnerability. This can be done by using a vulnerability scanner, such as Nessus or Nmap. The scanner will scan the target machine and identify any known vulnerabilities. Research the vulnerability. Once the vulnerability has been identified, it is important to research it in detail. This includes reading the vulnerability report, as well as any other available information, such as blog posts or exploit write- ups. Choose an exploit. There are many different ways to exploit a vulnerability. The best way to exploit a vulnerability will depend on the specific vulnerability. Some common exploits include Metasploit modules, custom scripts, and manual exploitation. Exploit the vulnerability. Once an exploit has been chosen, it can be used to exploit the vulnerability. This will usually involve running the exploit against the target machine.
Gain access to the target machine. If the exploit is successful, it will give access to users to the target machine. This means that the user will be able to control the machine and run commands on it. Here are some additional tips for exploiting vulnerabilities: Use a safe environment. It is important to exploit vulnerabilities in a safe environment, such as a virtual machine. This will help to protect your computer from being infected. Be careful about what users do. Once the user has gained access to the target machine, it is important to be careful about what you do. You do not want to do anything that could damage the machine or expose your own identity. Document your findings. It is important to document your findings when you exploit a vulnerability. This will help you to remember what you did and to share your findings with others. Here are some vulnerabilities that you can exploit in Metasploitable Shellshock. This vulnerability affects the Bash shell and allows an attacker to execute arbitrary commands on the target machine. Heartbleed. This vulnerability affects the OpenSSL library and allows an attacker to read sensitive information from the target machine's memory. Joomla! SQL injection. This vulnerability affects the Joomla! content management system and allows an attacker to execute arbitrary SQL commands on the target machine. Apache Tomcat remote command execution. This vulnerability affects the Apache Tomcat web server and allows an attacker to execute arbitrary commands on the target machine. Vulnserver stack overflow. This vulnerability affects the Vulnserver Windows application and allows an attacker to execute arbitrary code on the target machine.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help