Electronic Books

16.1.40
438
Practical Hacking Techniques and Countermeasures
Set the target IP address for the RHOST by typing:
set RHOST 172.16.1.40
Some exploits allow you to check the target for the vulnerability prior to
launching the exploit itself. This is done by typing check and pressing Enter.
In this example the target appears to be vulnerable.
Vulnerability Scanning
439
To execute the exploit against the target, simply type exploit and press Enter.
If successful with this exploit, you should be looking at a C: prompt on
the target computer.
440
Practical Hacking Techniques and Countermeasures
To verify that you are actually connected to the target computer, type ipconfig
and press Enter. In this example, we receive the IP address of the target, which
verifies we are actually connected to a remote connection on the target.
*Note: An unauthorized remote shell to a target can be extremely dangerous. At this
point the attacker can do anything to the target as though he or she were sitting
behind the actual keyboard of the target computer.
*Note: Another technique to hide the connection is to change the ports the connection
takes place on. For example, by telling the remote computer to use port
2417 and connecting to the attacking computer on port 80, it would appear
to anyone from the target computer that he or she is connected to a Web site.
Vulnerability Scanning
441
On Linux
From the directory containing the compressed files, type tar ??“zxvf framework-
2.


Pages:
140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164