forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
6_exploitation.xml
156 lines (134 loc) · 5.59 KB
/
6_exploitation.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>From Scanning to Exploitation</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
This lab provides hands-on experience in scanning and exploitation, allowing you to delve into the mindset of an ethical hacker. You will explore the process of moving from initial network scanning to identifying vulnerabilities, searching for exploits, and ultimately gaining control of target systems.
In this lab, you will learn how to scan a network for vulnerable servers, use Metasploit and Armitage for exploitation, and search for vulnerabilities in online databases. Specifically, you will perform tasks such as running network scans using Nmap, importing scan results into Metasploit, searching for Metasploit exploits for various platforms and services, launching exploits to gain access to target systems, and using Armitage to automate certain aspects of the hacking process. By the end of the lab, you will have gained valuable insights into the tactics and techniques used by both malicious actors and cybersecurity professionals.
# Reading
[Chapter 2 Reconnaissance and Chapter 3 Scanning. Engebretson, P. (2011), The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Elsevier Inc. (ISBN: 978-1-59749-655-1) Available online via the library](http://www.sciencedirect.com/science/book/9781597496551)
</description>
<lab_sheet_url>https://docs.google.com/document/d/1puLuKwqiFMTAZhMKKLhS_aK7kKwWnKw1e3StJBiFmFA/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>easy</difficulty>
<CyBOK KA="AB" topic="Models">
<keyword>kill chains</keyword>
</CyBOK>
<CyBOK KA="MAT" topic="Malicious Activities by Malware">
<keyword>cyber kill chain</keyword>
</CyBOK>
<CyBOK KA="SS" topic="Categories of Vulnerabilities">
<keyword>CVEs and CWEs</keyword>
</CyBOK>
<CyBOK KA="MAT" topic="Attacks and exploitation">
<keyword>EXPLOITATION</keyword>
<keyword>EXPLOITATION FRAMEWORKS</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="PENETRATION TESTING">
<keyword>PENETRATION TESTING - SOFTWARE TOOLS</keyword>
<keyword>PENETRATION TESTING - ACTIVE PENETRATION</keyword>
</CyBOK>
<system>
<system_name>windows_server</system_name>
<base platform="windows" distro="7"/>
<input into_datastore="IP_addresses">
<!-- 0 windows desktop -->
<value>172.16.0.2</value>
<!-- 1 linux server -->
<value>172.16.0.3</value>
<!-- 1 kali -->
<value>172.16.0.4</value>
</input>
<utility module_path=".*/parameterised_accounts" platform="windows">
<input into="accounts" into_datastore="accounts">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>true</value>
</input>
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="leaked_filenames">
<value>flag.txt</value>
</input>
</generator>
</input>
</utility>
<!-- vulnerable ftp server -->
<vulnerability module_path=".*/easyftp_rce"/>
<!-- <utility module_path=".*/activation"/> -->
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>linux_server</system_name>
<base distro="Debian 12" type="desktop" name="KDE"/>
<vulnerability module_path=".*/unrealirc_3281_backdoor">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="leaked_filenames">
<value>flag</value>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>kali</system_name>
<base distro="Kali" name="MSF"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
</utility>
<utility module_path=".*/metasploit_framework"/>
<utility module_path=".*/armitage"/>
<utility module_path=".*/exploitdb"/>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/nmap"/>
<network type="private_network" >
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>