Guide To Exploiting Vulnerable Technologies/Services: Fingerprinting.

Hello Friends!!. All is Well💫💫. Now, We are on the series of Web Penetration Testing. In this blog we could know How to Exploit the Vulnerable Technologies of our Target.. Okay., Lets we will Start our Journey Gracefully✨✨…

Exploiting the Target’s Vulnerable Tech Stacks…

Before we Start, I want to tell one Thing. If you already Read the Previous Identifying Technologies Of Our Target Blog, You could know how to Identifying/Enumerating All the Technologies of Our Target.

Fingerprinting♨♨: Identifying Technologies Of Our Target.

If you already know how to enumerate the technologies of your target then you don’t need to read the previous Blog, But If you don’t know then I recommend you to Read the Previous Blog. It will cover all the Techniques to Identifying ours Target’s Technologies.

As we previously seen In the Identifying Technologies Of Our Target Blog , We also have two Parts In Exploiting Fingerprinted Technology..,

We will see one by one techniques to get the better understand about Them..!!

1. IP Fingerprint:-Exploiting:- Exploiting the Vulnerable Technologies were used in our Target’s Computer(Server).
2. Web Application Fingerprint:-Exploiting:- Exploiting the Vulnerable Technologies were Used in our Target’s Web Application.

After we Identified our target’s Vulnerable Technologies we can exploit them by using Public Exploits.

Exploits💥💥:

Exploits are Programs that Created for Execute the Vulnerability on the specific Technologies.
Once the Researcher identified and executed script on vulnerable services, then they will upload the Exploits in the Internet. After that The Affected Technology’s Developer Team would solve the Vulnerability By Update their Technology to new version.

NOTE: After the Developers Updated their Technology or Services ,We Should Need to Download the New version and Update the Services in our Computer.

If the target missed to Update the Service then the Vulnerability would stay On the Targets Computer’s Services. By using the Exploits we would Execute Vulnerability in our Target.

1.IP Fingerprint:-Exploiting:

After we Identified the Technologies of our target then we will search for the exploits to Execute the Vulnerability on our Target’s Server. This Part is Also Called As Exploiting Services or Ports.

Remind:

Ports are Gateway for Various of Services Running On the Server. The Port Services are Provides different type of mechanism for the Server. Port Number are the Unique Identifier Number for Identify the unique port services running on the Server.
For example , The FTP(File Transfer Protocol) port service used to Share the files between the Servers(Computers).

In this Blog, We would Exploit the Metasploit2(An Vulnerable Machine). Its used by security Researchers to Practice And Hack in Real Time Machine from their own Computer. In this Exploitation Part we will see how to Exploit The FTP Port Service.

FTP-> File Transfer Protocol is used For Share the Files Between the Computers. If this Port Service Is Vulnerable then we can transfer the Files Between Target’s Server to Our Computer. Not only the File transfer vulnerability, In higher rate an Vulnerable service would Allow us to Access the Computer Remotely🧑‍💻.

Here is the Report That Nmap Identified Metasploit2 Mzchine’s Vulnerable Services in the Previous Fingerprinting Phase..!!

Nmap successfully founded open ports, version and vulnerabilities

Tools🛠:

We can Execute the exploits by using variety of Tools. In this Blog, We will see the Metasploit framework for Exploiting the Vulnerabilities..

1.Metasploit- The Metasploit Framework Allow security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.

https://www.metasploit.com/

Rapid7’s Metasploit Framework..

The Metasploit has Lots of Stuff to Do. But, Now we would learn how to exploit the Vulnerable target’s Services. In future blog we would cover the Guide For Using the Metasploit😃.

Install:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

Usage:

Start the Metasploit Framework..

msfconsole

Search the Exploits for the vulnerable Port Services.

In this case we Would find vulnerabilities that are available for the FTP Server’s Version vsftpd 2.3.4.(Our Nmap founded Port’s Service version(see the image On over the Paragraphs))

search type:exploit vsftpd 2.3.4

Exploits For The Vulnerable Services..

The Metasploit Returns this Backdoor Exploit..

exploit/unix/ftp/vsftpd_234_backdoor 2011–07–03 VSFTPD v2.3.4 Backdoor Command Execution

The Backdoor exploit is used to Access our target Server’s as Remotely . Lets we try to Execute this Exploit in our Vulnerable Target’s Server(Which is Meatasploit2 Vulnerable Machine)..

Use the Exploit:

use exploit/unix/ftp/vsftpd_234_backdoor

To Show How to use the Exploit.

#For basic Usage
options 

#Full detail About The Exploit
info

From the Requirements Of the exploit, we need to Set RHOST And RPORT of our Target.

Set the Value to the RHOST as your Target’s IP address.

set RHOST 172.18.0.

Set the Value to the RPORT as your target IP's PORT Number.

Default FTP Port would already set as 21, You can Change the value if your target Running on another FTP Port Number.

set RPORT 21

Execute the Exploit:

It will execute the exploit to our Target by given Information.(172.18.0.2:21)

exploit

Once The Exploit Executed , Metasploit framework would give results about the State of Executed Exploit. In this Case ,The exploit would Successfully Executed and Allows Us to Access the Vulnerable Target’s Shell as Remotely. Now we can Access our Targets shell in Ours Computer as Remotely..😎😎!!!!!

Metasploit’s Successfully executed the exploit..

Like the Metasploit we could do the Same job in Nmap. Once we founded the Open Port’s version, We need to search the Exploit And Execute It. Like the Remote Shell there are different type of Vulnerabilities are available for different type of Vulnerable Services.

2.Web Application Fingerprint:-Exploiting:

Exploiting Technologies in the Target’s Web Application is slightly differ from Exploiting in Target’s Server. Not all the Exploits would run Automatically, We would need to execute Some Exploits in Manually.

By using the Web application Technology Finding tools (Wappalzer, builtwith) we could already identify the technology of the Web Application. After that we find any exploits are available for the specific Technology’s Version.

Exploiting:

Now we take one Vulnerable Example application to exploit the vulnerability. The vulnerable Web Application is OWASP Juice Shop..!!

OWASP Juice Shop:

It is the most modern and sophisticated insecure web application Created for security researchers to find and exploit the vulnerabilities.It is an educational purpose testing software created for Practicing

https://owasp.org/www-project-juice-shop/

owasp Juice Shop Application…

Now we can identify the Technology behinds the Application by using the Wappalyzer. The Wapplayzer would able identify the Technologies of the Application.

Wappalyzer founds technology stacks

We Would Take the AngularJS 1.5.11 and Exploit The Vulnerabilities its Contains.

The Exploits for the AngularJS(1.5.11) Can be available on the Internet , we can get Exploits for the Technology by Searching it on the Search Engines (Google, Duckcuckgo).

Google list all Available vulns Of angularjs(1.5.11)

There are multiple Vulnerabilities were Available, We can take XSS(Cross Site Scripting) for Exploiting(The XSS Vulnerability would allow us to Execute the JavaScript codes on the web application.). The source Of the Exploit Can Be founded on the Synk.

XSS exploit For The AngularJS<1.8.0

According to the Synk, All version before the Angular 1.8.0 would be vulnerable The for the XSS. This Also Includes the Angularjs 1.5.11 Version.

from this Exploit , We could Found The Exploitation Code For XSS..

const inertPayload = `<div><style><style/><img src=x onerror="alert("Xss:Successfull")"/>`

XSS Poc Payload.

After we Get The the XSS Exploitation Code, We need to find the place to Inject and Execute the Code on Application. Basically the application has lots of places to take the input from the users And Process it.
In this Owasp Juice Application, You can look out the Search bar, Which is take the input from the users and Give output.

Application takes input an And Process it..

Okay..Now we have XSS exploit code And place to inject it. Let we Inject the Code And See The Magic..

Xss Would executed successfully..!!!

Yeah..!! The XSS would successfully exploited on the Owasp Juice Shop Application. The application Shows Alert and Says “XSS:Success”.

NOTE:

Owasp Juice Shop is An Bug Fully Application Created For Testing Purpose😇 . So its Has Older Version of technologies and No Prevention to the Exploits. We could Use These Application For Practice Our Learning..😀

Like Owasp-Juice Shop Not all the Real World Applications Would Vulnerable😅. They Have Up to Date Software Versions. If they Uses Older Versions, There is an Chances to the application implemented Prevention Techniques⚔️ to Avoid the Vulnerabilities.

So, Its best to Test All the Exploits were Available for the Technology’s Version. We can’t know which one Exploit would work on our Target. Once you founded and Executed the Vulnerability, You can also include the details of the Exploit In your Vulnerability Report. Its help the Security teams to Understand and Fix it..

Yeah…We Finished Here..🏁. Now we could able to exploit The vulnerable Technologies of our Target Server and Web Application.
So Many Thanks For Your Attention💖💖. On the next blog We will move on the Content Discovery: Directory Enumeration:- Vertical Recon…

Content Discovery: Directories, Files And Links Enumeration:

I think that Is the Ending....