forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
3_vulnerabilities.xml
154 lines (132 loc) · 5.92 KB
/
3_vulnerabilities.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Vulnerabilities, Exploits, and Remote Access Payloads</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
In this lab you will explore one of the major threats in computer security: software vulnerabilities. It's a critical topic in the field of cybersecurity, as understanding how attackers exploit weaknesses in software systems is essential for both defensive and offensive security measures. The lab will cover various aspects, starting with an introduction to software vulnerabilities and the causes behind them, moving on to explore different types of payloads, such as bind shells and reverse shells. You will also get hands-on experience with the Metasploit framework, a powerful tool for conducting security assessments and penetration testing.
Throughout this lab, you will gain a deeper understanding of software vulnerabilities, how exploits work, and the techniques attackers use to gain remote access to vulnerable systems. You will learn and apply both remote and local (client-side) exploits. You'll simulate creating and using a malicious PDF document to compromise a system, as well as remotely exploiting a system with known vulnerabilities. This hands-on experience will provide you with valuable insights into the world of cybersecurity and start to learn about the power of the Metasploit framework, a popular hacking and penetration testing tool.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/DSL_DS_OSPT_Lectures_3_Vulnerabilities.html)
# Reading
[Chapter 8: Using Metasploit. Harper, A. and Harris, S. and Ness, J. and Eagle, C. and Lenkey, G, and Williams, T. (2011), Gray hat hacking : the ethical hacker's handbook, McGraw-Hill. (ISBN: 978-0-07-174256-6) Available online via the library](https://www-dawsonera-com.ezproxy.leedsbeckett.ac.uk/readonline/9780071742566)
</description>
<lab_sheet_url>https://docs.google.com/document/d/11I8xMUXrT5ArJIsAhwGDtQ4RkH4l9CR4C2wh9_wz8xM/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>easy</difficulty>
<CyBOK KA="MAT" topic="Attacks and exploitation">
<keyword>EXPLOITATION</keyword>
<keyword>EXPLOITATION FRAMEWORKS</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="PENETRATION TESTING">
<keyword>PENETRATION TESTING - SOFTWARE TOOLS</keyword>
<keyword>PENETRATION TESTING - ACTIVE PENETRATION</keyword>
</CyBOK>
<system>
<system_name>windows_victim</system_name>
<base platform="windows" distro="7"/>
<input into_datastore="IP_addresses">
<!-- 0 windows desktop -->
<value>172.16.0.2</value>
<!-- 1 linux server -->
<value>172.16.0.3</value>
<!-- 1 kali -->
<value>172.16.0.4</value>
</input>
<utility module_path=".*/parameterised_accounts" platform="windows">
<input into="accounts" into_datastore="accounts">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>true</value>
</input>
<input into="strings_to_leak">
<generator type="random_line_generator">
<input into="linelist">
<value>secrets</value>
</input>
</generator>
</input>
<input into="leaked_filenames">
<value>my_secret.txt</value>
</input>
</generator>
</input>
</utility>
<!-- vulnerable Adobe Reader -->
<vulnerability cve="CVE-2008-2992"/>
<!-- netcat for testing shell connections -->
<utility module_path=".*/win_netcat"/>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>linux_victim_server</system_name>
<base distro="Debian 12" type="desktop" name="KDE"/>
<!-- vulnerable distcc server -->
<vulnerability cve="CVE-2004-2687">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="leaked_filenames">
<value>flag</value>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>kali</system_name>
<base distro="Kali" name="MSF"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
</utility>
<utility module_path=".*/metasploit_framework"/>
<utility module_path=".*/handy_cli_tools"/>
<service module_path=".*/apache"/>
<utility module_path=".*/nmap"/>
<network type="private_network" >
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>