From the course: CompTIA PenTest+ (PT0-002) Cert Prep

Exploit resources and network attacks

From the course: CompTIA PenTest+ (PT0-002) Cert Prep

Start my 1-month free trial Buy for my team

Exploit resources and network attacks

- One of the tasks that's kind of a big task in pentesting is deciding what are the proper exploits or the best exploits to select. Once you have identified vulnerabilities, you want to construct exploits or choose exploits that are likely to succeed in realizing threats against vulnerabilities. So how do you find these exploits? There's lots of places you can find them. We've already touched on a few, but there's other areas you can go look to find exploits. Remember that an exploit is not the same as a vulnerability. A vulnerability is a weakness. An exploit is actually an action you can carry out to take advantage of one or more vulnerabilities, and so they're the attacks that you're actually going to carry out. So one place to go look is the exploit database. It's maintained by offensive security and it contains a list or, not just a list, but a database of CVE compliant archives of information of public exploits. So these exploits are located in the exploit database, making it easy to find. So if you know that your target is running a particular version of a web server, let's say the Apache web server, you can go to the exploit database and look up that version of Apache and see what kind of exploits exist. Then you pick the one that best suits your capability and your access for that particular target. It's very useful for pentesters and just security researchers in general to use this exploit database for good information. There's also Packet Storm, which is a global security resource. Packet Storm's main purpose is to provide a current repository of security threat information, and so they'll have a lot of exploit explanations there as well. The type of exploits you choose depend on where you're attacking and at what level you're attacking. We talked a little bit about some network attacks, but don't forget that there's more than just simple network attacks. Exploit chaining is the practice of combining exploits in a sequence that increases the probability of success. So if you have one exploit that kind of chips away a little bit, the next exploit picks up there and then chips away a little bit more at security. You can chain these exploits together to hopefully have a better potential of making it all the way into the protected resource as opposed to just having one brute force exploit hoping that it works. The idea is to incrementally compromise the system instead of doing it all at once. So another example would be to compromise admin password first. Then once you compromise that, use that password or those passwords to access systems to carry out attacks using elevated privileges. That's a simple example of exploit chaining. Different types of password attacks, so speaking of trying to compromise admin passwords, could be password spraying, which is an attempt to use a list of insecure passwords against many types of accounts. You may say that insecure passwords that are published on lists would never be used by administrators with elevated privileges, would they? You'd be surprised. Lots of admins use insecure passwords just because they have so many passwords to remember. You could also use just the old fashioned brute force. Brute force attacks are trying to use all or a filtered subset of possible options to attempt to find a match. You could also use dictionary attacks, which are more sophisticated than brute force, but not quite like password spraying. A dictionary attack attempts to explore password alternative using predefined list of known or weak passwords. So you start with basic weak passwords and you try tweaking them a little bit, maybe replacing Os with zeros, things like that. Those are variations of dictionary attacks. Regardless of the type of attacks that you attempt to use, the idea is to design exploits so that you can carry out those attacks that would have the highest probability of getting you closer to your final resource.

Contents