Comprehensive guide for compromising network devices.
0 likes97 views
This document provides a comprehensive guide for compromising network devices through reconnaissance, scanning, exploitation, and privilege escalation. It discusses techniques such as port scanning and banner grabbing for active reconnaissance, as well as using tools like Shodan and Censys for passive reconnaissance. The document also covers hands-on examples of scanning with Nmap and Nikto, exploitation, and ways to hack into IoT devices and compromise routers on a network.
Comprehensive guide for compromising network devices.
- 1. The Art of Network Exploitation Comprehensive guide for compromising network devices.
- 2. To Brag ● Adithyan AK - Head of OWASP Coimbatore ● 6+ Years into infosec ● Expertise in web app security, reverse engineering, exploit dev, malware analysis ● Author of several exploits & cves ● Speaker at various conferences, workshops (IITM Research Park, Defcon Trivandrum etc) ● Hall of fame in Microsoft, Apple, Intel, Avira, Oppo, etc ● Passion for making and breaking stuffs
- 3. Reconnaissance covertly discover information about a target system Scanning Actively scanning the target for vulnerabilities Exploit Leveraging the vulnerabilities discovered to achieve foot hold Privilege Escalation Finding misconfigurations to leverage the access from normal user to root Agenda
- 4. IP Address ● Static IP - Cost - Websites ● Dynamic IP - Free - ISP ● Public IP ● Private IP (Local IP) - Router - DHCP
- 5. Hacker’s Laptop Hacker’s Phone Router ISP Internet Internet ISP Router TARGET Laptop TARGET Phone IP : 192.168.0.2 IP : 192.168.0.3 GATEWAY IP : 192.168.0.1 PUBLIC IP 216.58.216.54 GATEWAY IP : 192.168.0.1 PUBLIC IP 124.76.243.22 IP : 192.168.0.2 IP : 192.168.0.3 Airtel Jio LAN WAN
- 6. Terminologies ●Exploit - the code that delivers the payload ●Payload - a piece of code that triggers the vulnerability ●Vulnerability - flaw occurred due to fault in the design or implementation ●CVE ●NVD ●Zero-day ●Patch ●Malware ●Bot ●Shell PayloadExploit Attacker Vulnerability
- 7. Bug vs Vulnerability ● Bug - When a system isn’t behaving in a way it’s designed to ● Vulnerability - a flaw through which attacker can abuse the system ● Bug is a defect in the product ● Vulnerability allows for the malicious use of the product ● Vulnerabilities get you reward, bugs won’t
- 10. WAN Attacks ● Port Forwarding (Static IP) ● SSH Tunneling ● NGROK ● Portmap ● Serveo
- 11. Reconnaissance ● Active ○ Direct contact with the target system ○ Ex : Port Scan ○ Cons : Exposing yourself to the system admin ● Passive ○ Indirect ○ Ex : OSINT ○ Cons : False positives.
- 12. Active Reconnaissance ● Techniques : ○ Port scan ○ Banner grabbing ○ DNS Zone transfer ○ Port specific tools (smbclient, rpcwalk, snmpwalk..) ● Tools & Scripts: ○ Nmap, massscan, nikto, enum4linux, netcat, wpscan, dirbuster
- 14. Passive Reconnaissance ● Domain : ○ Whois, dnsdumpster, virustotal ● IP : ○ Shodan ○ Censys ● Email : ○ Have I been pwned ○ EmailRep
- 16. Scanning ● Nmap ● Nikto ● Nessus ● Burp ● nmap --script smb-enum-shares.nse -p445 ● https://nmap.org/nsedoc
- 18. Hardware Devices - LAN Turtle LAN Turtle Power Bank Ethernet ● Has nearly 30 PT modules ● Openvpn, dnspoof, Clonemac, autoSSH, nmap- scan, turtledump, urlsnarf
- 19. Hardware Devices - USB Rubber Ducky
- 20. Hardware Devices - HID Attacks
- 21. Hacking IOT devices in Network
- 22. Hacking IOT devices in Network
- 23. Hacking IOT devices in Network
- 24. Router Compromise ● AV can detect only surface level attacks (Ex: OS, Softwares) ● Hardware attacks like SPECTRE and MELTDOWN (Microprocessor) ● Malware infected firmwares, BIOS and Kernels ● Attacks targeting embedded devices like Routers ● Infected routers allows access to entire Network ● Router Security Testing Framework (RSTF)
- 25. 2017 2018 2019 Interesting Research Sub-domains ● MITRE and MELTDOWN ● Malware Analysis ● AV Evasion ● Sophisticated HID Attacks ● Custom Encoded payloads Cyber Attacks Growth Rate