Loading...

Advanced Post Exploitation with Rootkits

12,042 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jun 27, 2011

This is mainly post-expoitation demonstration, that first starts with a walk-through of exploiting a windows machine. Next, we walk through getting a copy of the web server's home page and then modify it with an iframe that points to an exploit server. Anybody that browses to the victim webpage now gets owned.

Once it's set up, we move to post exploitation. This is a great example of some of the hands-on labs you will do in the InfoSec Institute Advanced Ethical Hacking class at (http://www.infosecinstitute.com/cours...).

After we own the page and make it a browse by attack page, we then exploit the server again, create an .ini file for a rootkit to make the rootkit hide the infected page from every windows service (including windows itself mostly), except for the w3wp service (which actually serves the page out). The kit also makes netcat listen on port 100, then hides netcat, and even HIDES the open port 100! So taskmgr, netstat, Anti-virus et al are useless. You wont find anything. We then prove that the port is open by telneting to it and gaining yet another shell. Then we go back to the victim (playing the victim) run netstat -an to see all open ports, and show that 100 doesn't show up. Then we go to task manager, and
tasklist to see there's no netcat running. And lastly, but most importantly, I show that there is no way to actually see the infected page unless you browse to the actual web page. You cannot see it from the victim side by doing any command line stuff nor by looking at it through windows explorer. Traditional live forensics will NOT help you...we need to do some rootkit forensics, which we do in-depth on this exact case here: http://www.youtube.com/watch?v=-tGfXL...

MORE ON INFOSEC INSTITUTE
Recognized as a 2018 Gartner Peer Insights Customers’ Choice for Security Awareness Computer-Based Training, InfoSec Institute fortifies organizations of all sizes against security threats with its award-winning security education solutions.

Recognizing that cybersecurity is everyone’s job, the company provides skills training and certification prep courses for security professionals while building the entire workforce’s security aptitude through awareness training and phishing simulations. InfoSec Institute is a Training Industry “Top 20 IT Training Company” and the Security Training & Education Program Gold Winner in Info Security Products Guide’s Global Excellence Awards.

Additional information can be found here:
- SecurityIQ awareness and anti-phishing platform: https://www.infosecinstitute.com/secu...
- InfoSec training and certification: https://www.infosecinstitute.com/flex
- InfoSec training and certification features: https://www.infosecinstitute.com/flex...
- InfoSec training and certification guarantees: https://www.infosecinstitute.com/flex...
- 100+ training and certification courses: https://www.infosecinstitute.com/courses

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...