Introduction
In Chapter 2, Information Gathering and Scanning, we focused on gathering information about our target, such as the target IP address, open ports, available services, operating system, and so on. One of the biggest assets in the process of information gathering is gaining knowledge about the operating system used by the target server or system. This information can prove to be very helpful in penetrating the target machine, as we can quickly look for exploits and vulnerabilities for the services running on the system. Well, the process is not as straightforward as it sounds, but knowledge about the target operating system and the services it is running can ease our task to a great extent.
Every flavor of an operating system has some bug in it. Once it gets reported, the process of developing exploits for it starts. Licensed operating systems, such as Windows, quickly develop patches for the bug or vulnerability and provide it as an update to its users. Vulnerability disclosure is a big issue these days. Many zero-day disclosures create havoc in the computer industry. Zero-day vulnerabilities are highly sought after, and on the market the price may range from 15,000 USD to 1,000000 USD. Vulnerabilities are detected and exploited but the disclosure of vulnerability depends on the researcher and their intention.
Well-known companies such as Microsoft, Apple and Google issue patches for their products at regular intervals, but it's up to the user to apply them. In corporate scenarios, this gets even worse, it takes weeks before servers are patched because of the downtime involved and to ensure business continuity is not hampered. So, it is always recommended you update or keep an eye on any latest vulnerability discovered in your operating system in use. Unpatched systems are a safe haven for hackers, as they immediately launch exploits to compromise the target. Hence, regularly patching and updating the operating system is essential. In this chapter, we will focus on vulnerabilities that are reported in some of the most popular services and operating systems.
In the process of penetration testing, once the information about the target operating system is available, pentesters start looking for available exploits for the particular service or operating system flaws. So, this chapter will be the first step toward penetrating our target through vulnerabilities on the server side. We will focus on some of the most widely used operating systems of Microsoft, and some flavors of Linux. We will also look at how to use exploits and set up their parameters to make them executable on the target machine. Last, but not least, we will discuss some useful payloads available to us in the Metasploit Framework. Let's move further on with the various recipes.
Before starting to use exploits and payloads on target machines, we will first have to know some basics about them. It is essential to understand the usage of exploits so that you can overcome some common errors that may arise due to misconfiguration of the parameters. So, let's begin with some basics of using exploits and how to set parameter values.
In order to start using exploits on your target, the first thing required is to scan the target for open ports and services. Once you have gathered enough information about the target, the next step is to select exploits accordingly. So, let's analyze some exploit commands that can be launched directly from MSFconsole.