6. Infrastructure Attack Flashcards
Metasploit
Framework to:
- Scan Network
- Enumeration
- Exploitation
- Privilege Escalation
- Lateral Movement
Vulnerability
System Weaknesses
Exploit
Attack performed on weaknesses
Payload
Code that runs after the exploit is done.
CVE
Common Vulnerabilities and Exposures
SearchSploit
gathers recent information about exploits
msfconsole
Metasploit tool
- Search
- Use
- Set
Metasploit Search
search [name]
Reverse Shell Types
- Bind Shell: Connects to target to gain remote shell
2. Reverse Shell: Attacker runs a listener, Target connects with shell.
msfvenom
Metasploit tool using msfpayloads and msfencode
Meterpreter
Metasploit Payload running in memory. 1. Getuid 2. pwd 3. ls/cd 4. Download 5. Session 6. Background 7 Clearev
Lateral Movement
use credentials from one computer to gain access to another computer in the same level in the organization
Eternal Blue
created by NSA
Bloodhound
Collects info on attacked network
Neo4j
set up DB user account
Protection against Automated Tools
- Update
- Endpoint Security = Antivirus
- Be Aware