Comprehensive guide for compromising network devices.
1. The Art of Network
Exploitation
Comprehensive guide for compromising network devices.
2. To Brag
● Adithyan AK - Head of OWASP Coimbatore
● 6+ Years into infosec
● Expertise in web app security, reverse engineering, exploit dev,
malware analysis
● Author of several exploits & cves
● Speaker at various conferences, workshops (IITM Research Park, Defcon
Trivandrum etc)
● Hall of fame in Microsoft, Apple, Intel, Avira, Oppo, etc
● Passion for making and breaking stuffs
3. Reconnaissance
covertly discover information
about a target system
Scanning
Actively scanning the
target for vulnerabilities
Exploit
Leveraging the vulnerabilities
discovered to achieve foot hold
Privilege Escalation
Finding
misconfigurations to
leverage the access from
normal user to root
Agenda
4. IP Address
● Static IP - Cost - Websites
● Dynamic IP - Free - ISP
● Public IP
● Private IP (Local IP) - Router - DHCP
5. Hacker’s
Laptop
Hacker’s
Phone
Router ISP Internet
Internet ISP Router
TARGET
Laptop
TARGET
Phone
IP : 192.168.0.2
IP : 192.168.0.3
GATEWAY IP :
192.168.0.1
PUBLIC IP
216.58.216.54
GATEWAY IP :
192.168.0.1
PUBLIC IP
124.76.243.22
IP : 192.168.0.2
IP : 192.168.0.3
Airtel
Jio
LAN
WAN
6. Terminologies
●Exploit - the code that delivers the payload
●Payload - a piece of code that triggers the vulnerability
●Vulnerability - flaw occurred due to fault in the design or implementation
●CVE
●NVD
●Zero-day
●Patch
●Malware
●Bot
●Shell
PayloadExploit
Attacker
Vulnerability
7. Bug vs Vulnerability
● Bug - When a system isn’t behaving in a way it’s designed to
● Vulnerability - a flaw through which attacker can abuse the system
● Bug is a defect in the product
● Vulnerability allows for the malicious use of the product
● Vulnerabilities get you reward, bugs won’t
10. WAN Attacks
● Port Forwarding (Static IP)
● SSH Tunneling
● NGROK
● Portmap
● Serveo
11. Reconnaissance
● Active
○ Direct contact with the target system
○ Ex : Port Scan
○ Cons : Exposing yourself to the system admin
● Passive
○ Indirect
○ Ex : OSINT
○ Cons : False positives.
12. Active Reconnaissance
● Techniques :
○ Port scan
○ Banner grabbing
○ DNS Zone transfer
○ Port specific tools (smbclient, rpcwalk, snmpwalk..)
● Tools & Scripts:
○ Nmap, massscan, nikto, enum4linux, netcat, wpscan, dirbuster