LinkedInExploit ADHackTheBox

Exploitation

Its basically a lot of trial and error.

Middle circle of all the circles

We need to first prepare the exploit like changing the IP of the PoC for example. And during each stage we need to keep track of the stage we are in because its very easy to lose track specially if the pentest spans for weeks.

Prioritization of Possible Attacks

Once we have found one or two vulnerabilities during the Vulnerability Assessment stage that we can apply to our target network/system, we can prioritize those attacks. Which of those attacks we prioritize higher than the others depends on the following factors:

  • Probability of Success: CVSS Scoring can help us here, using the NVD calculator better to calculate the specific attacks and their probability of success.

  • Complexity: This is used to estimate how much time, effort, and research is required to execute the attack on the system successfully. Our experience plays an important role here because if we are to carry out an attack that we have never used before, this will logically require much more research and effort since we must understand the attack and the exploit structure in detail before applying it.

  • Probability of Damage: Attacking the running services live with exploits that can cause damage to the software or the operating system is something that we must avoid at all times.

In addition, we can assign these factors to a personal point system which will allow the evaluation to be more accurately calculated based on our skills and knowledge. For example add these numbers:

  • Buffer Overflow [Probability of Success (8), Complexity hard-easy(1-5), Damage(-5)] = ?

  • RFI [Probability of Success (10), Complexity hard-easy(1-5), Damage(0)] = ?

Preparation for the Attack

Sometimes we will run into a situation where we can't find high-quality, known working PoC exploit code. Therefore, it may be necessary to reconstruct the exploit locally on a VM representing our target host to figure out precisely what needs to be adapted and changed. Once we have set up the system locally and installed known components to mirror the target environment as closely as possible (i.e., same version numbers for target services/applications), we can start preparing the exploit by following the steps described in the exploit. Then we test this on a locally hosted VM to ensure it works and does not damage significantly. In other situations, we will encounter misconfigurations and vulnerabilities that we see very often and know exactly which tool or exploit to use and whether the exploit or technique is "safe" or can cause instability.

PreviousVulnerability AssessmentNextPost-Exploitation

Last updated