Bug vs Vulnerability, Attack on LAN, WAN Attacks

1. The Art of Network
Exploitation
Comprehensive guide for compromising network devices.

2. To Brag
● Adithyan AK - Head of OWASP Coimbatore
● 6+ Years into infosec
● Expertise in web app security, reverse engineering, exploit dev,
malware analysis
● Author of several exploits & cves
● Speaker at various conferences, workshops (IITM Research Park, Defcon
Trivandrum etc)
● Hall of fame in Microsoft, Apple, Intel, Avira, Oppo, etc
● Passion for making and breaking stuffs

3. Reconnaissance
covertly discover information
about a target system
Scanning
Actively scanning the
target for vulnerabilities
Exploit
Leveraging the vulnerabilities
discovered to achieve foot hold
Privilege Escalation
Finding
misconfigurations to
leverage the access from
normal user to root
Agenda

4. IP Address
● Static IP - Cost - Websites
● Dynamic IP - Free - ISP
● Public IP
● Private IP (Local IP) - Router - DHCP

5. Hacker’s
Laptop
Hacker’s
Phone
Router ISP Internet
Internet ISP Router
TARGET
Laptop
TARGET
Phone
IP : 192.168.0.2
IP : 192.168.0.3
GATEWAY IP :
192.168.0.1
PUBLIC IP
216.58.216.54
GATEWAY IP :
192.168.0.1
PUBLIC IP
124.76.243.22
IP : 192.168.0.2
IP : 192.168.0.3
Airtel
Jio
LAN
WAN

6. Terminologies
●Exploit - the code that delivers the payload
●Payload - a piece of code that triggers the vulnerability
●Vulnerability - flaw occurred due to fault in the design or implementation
●CVE
●NVD
●Zero-day
●Patch
●Malware
●Bot
●Shell
PayloadExploit
Attacker
Vulnerability

7. Bug vs Vulnerability
● Bug - When a system isn’t behaving in a way it’s designed to
● Vulnerability - a flaw through which attacker can abuse the system
● Bug is a defect in the product
● Vulnerability allows for the malicious use of the product
● Vulnerabilities get you reward, bugs won’t

8. Attack on LAN

9. Attack on WAN

10. WAN Attacks
● Port Forwarding (Static IP)
● SSH Tunneling
● NGROK
● Portmap
● Serveo

11. Reconnaissance
● Active
○ Direct contact with the target system
○ Ex : Port Scan
○ Cons : Exposing yourself to the system admin
● Passive
○ Indirect
○ Ex : OSINT
○ Cons : False positives.

12. Active Reconnaissance
● Techniques :
○ Port scan
○ Banner grabbing
○ DNS Zone transfer
○ Port specific tools (smbclient, rpcwalk, snmpwalk..)
● Tools & Scripts:
○ Nmap, massscan, nikto, enum4linux, netcat, wpscan, dirbuster

13. Active Recon
Hands-on

14. Passive Reconnaissance
● Domain :
○ Whois, dnsdumpster, virustotal
● IP :
○ Shodan
○ Censys
● Email :
○ Have I been pwned
○ EmailRep

15. Passive Recon
Hands-on

16. Scanning
● Nmap
● Nikto
● Nessus
● Burp
● nmap --script smb-enum-shares.nse -p445
● https://nmap.org/nsedoc

17. Exploitation
Hands-on

18. Hardware Devices - LAN Turtle
LAN Turtle
Power Bank
Ethernet
● Has nearly 30 PT
modules
● Openvpn,
dnspoof,
Clonemac,
autoSSH, nmap-
scan,
turtledump,
urlsnarf

19. Hardware Devices - USB Rubber Ducky

20. Hardware Devices - HID Attacks

21. Hacking IOT devices in Network

22. Hacking IOT devices in Network

23. Hacking IOT devices in Network

24. Router Compromise
● AV can detect only surface level attacks (Ex: OS, Softwares)
● Hardware attacks like SPECTRE and MELTDOWN (Microprocessor)
● Malware infected firmwares, BIOS and Kernels
● Attacks targeting embedded devices like Routers
● Infected routers allows access to entire Network
● Router Security Testing Framework (RSTF)

25. 2017 2018 2019
Interesting Research Sub-domains
● MITRE and MELTDOWN
● Malware Analysis
● AV Evasion
● Sophisticated HID Attacks
● Custom Encoded payloads
Cyber Attacks Growth Rate

27. $echo Queries ?
adithyan-ak
akinfosec
adithyan_ak
akinfosec