Electronic Books

446
Practical Hacking Techniques and Countermeasures
The next step is to identify what is required and what is optional for this
exploit. This is done by typing show options and pressing Enter.
This exploit requires three parameters to work:

RHOST (Target IP address)

PASS (Password for the new user)

USER (Username for the new user)
Vulnerability Scanning
447
Set the target by typing set RHOST 172.16.1.40.
Set the password by typing set PASS 123456.
448
Practical Hacking Techniques and Countermeasures
Set the username by typing set USER virtualhacking.
This exploit does not come with a check function so it is either going to
work or not. To execute the exploit type exploit and press Enter.
Vulnerability Scanning
449
If no error is displayed, the exploit was probably successful. We will verify.
From the target machine, type ipconfig and press Enter. This will identify
the IP address as 172.16.1.40 (our actual target).
450
Practical Hacking Techniques and Countermeasures
By checking Computer Management on the target, we can identify that
indeed a new user account named virtualhacking has been created on the
target machine.
*Note: As you might imagine the ability for an attacker to create accounts on a remote
system ???at will??? is like giving the keys to the kingdom away.
Vulnerability Scanning
451
Lab 69: Web Server Target Assessment
Assessment of Web Server Security: Nikto
Prerequisites: ActivePerl for Windows Version, none for the target
Countermeasures: Secure ACLs, Bastion computers
Description: Nikto is a tool for finding default Web files and examining
Web server and CGI security.


Pages:
142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166