Live Ethical Hacking Demo: How Hackers Think (and How to Stop Them)

Introduction to Ethical Hacking

Speaker Background

• Kawei introduces himself as the founder and CTO of Hex Core Labs, a cybersecurity and AI training company.

• He is a certified penetration tester, specializing in adult cybersecurity training curriculum development.

Overview of Presentation

• The presentation will cover practical ethical hacking, common asset types, the ethical hacking process, and a live demonstration on WordPress 4.6.

Understanding Common Asset Types

Importance of Asset Types

• Asset types determine the methodology and tools used for unauthorized access attempts.

Common Asset Types

• Servers: Remote or web servers hosting services.

• Web Applications: Includes websites like WordPress and CMS systems hosted on servers.

• Specialized Assets: Cloud services, operational technology (OT) systems, IoT devices.

Ethical Hacking Process

Analogy of a Burglar

• Kawei uses the analogy of a burglar gaining access to an apartment to explain the ethical hacking process.

Phases of Ethical Hacking

1. Information Gathering:

• Equivalent to determining who your target is; involves gathering network addresses and IP information.

2. Enumeration:

• Finding specific details such as service versions and potential entry points (e.g., doors/windows).

3. Exploitation:

• Attempting to exploit identified vulnerabilities for unauthorized access (e.g., breaking through windows).

4. Post Exploitation:

• Actions taken after gaining access; includes data exfiltration or hiding tracks (e.g., closing windows).

Target for Live Demonstration

Introduction to WordPress Vulnerability

• The demonstration focuses on WordPress 4.6 due to its popularity; over 40% of websites use it.

Specific Vulnerability Details

• Targeting CVE 21610033 related to PHP mailer library with a critical CVSS score of 9.8 indicating severe risk.

Training Environment

• The demo utilizes Hex Kate Arena for practicing cybersecurity skills in various environments including cloud security and mobile security.

Live Demonstration Setup

Tools Used in Demonstration

Ethical Hacking Process: Information Gathering and Exploitation

Initial Steps in Ethical Hacking

• The ethical hacking process begins with information gathering, focusing on identifying the target's address and understanding its vulnerabilities.

• A port scan is essential to determine what services are running on the target. A more focused scan is preferred for efficiency.

• Using Nmap, a popular port scanner, reveals that ports 80 (web server) and 3306 (MySQL database) are active on the target.

Enumeration Stage

• After initial scanning, the enumeration stage aims to gather detailed information about the HTTP server using a web browser.

• The presence of a basic WordPress site provides a starting point for vulnerability assessment.

• WPScan, a security scanner for WordPress sites, can be used to identify specific versions and installed plugins/themes.

Vulnerability Assessment

• WPScan offers insights into dependencies like Apache version 2.4.7 and PHP version 5.5.9 without detailing specific vulnerabilities.

• The enumeration stage is time-consuming as attackers must explore various potential vulnerabilities without prior knowledge of which may be exploitable.

Identifying Exploits

• Once promising vulnerabilities are identified (e.g., WordPress version 4.6), tools like Search Exploit can help find relevant exploit scripts targeting those CVEs.

• By searching with keywords related to the target's software version, attackers can discover numerous exploit options available online.

Analyzing Downloaded Exploits

• It’s crucial to review any downloaded exploit scripts carefully due to potential risks from malicious code hidden within seemingly safe sources.

• A typical script might establish a reverse shell connection back to the attacker’s machine while opening a listening port for interaction.

Execution of Exploit Script

Understanding the Penetration Testing Process

Importance of Troubleshooting in Cybersecurity

• A significant aspect of penetration testing involves troubleshooting, which is often overlooked by learners who assume cybersecurity is straightforward.

• Practitioners must be adept at reading exploit scripts and error messages to effectively debug issues that arise during testing.

Identifying and Fixing Errors

• The speaker encounters a Python version mismatch (Python 2 vs. Python 3), highlighting the need for correct environment setup in penetration testing.

• An important flag was missing from the listener configuration, causing it to misinterpret a port as a host, demonstrating the intricacies involved in setting up an attack.

Successful Exploitation Demonstration

• After resolving errors, a successful HTTP request confirms that the payload has been transferred to the target system.

• The demonstration illustrates a simple exploitation process on a WordPress vulnerability (CVE-2016-100033), culminating in unauthorized access and remote code execution.

Overview of Tools Used

• The speaker utilized Kali Linux, an OS pre-loaded with essential penetration testing tools, emphasizing its importance for ethical hacking.

• Key tools included NMAP for port scanning, WP Scan for WordPress security assessment, and Search Exploit for accessing verified exploit scripts.

Understanding Reverse Shell Mechanism

• The analogy of an exploit as a missile launcher and payload as a missile clarifies how exploits deliver damage through successful execution.

• Once executed, the reverse shell connects back to the attacker’s machine allowing code execution on the target system.

Post Exploitation Considerations

• Following exploitation, actions may include privilege escalation from unprivileged users to root for maximum control over the target system.