But imagine if you were a bad guy attempting to sneak a connection out of a compromised
network without attracting attention to yourself. In that case, it might make more
sense to use a reverse shell with LPORT set to 443 and hope to masquerade as a normal
HTTPS connection passing through the proxy. Metasploit can even wrap the payload
inside a normal-looking HTTP conversation, perhaps allowing it to pass under the radar.
You now know the most important Metasploit console commands and understand
the basic attack process. Let??™s explore other ways to use Metasploit to launch an attack.
References
RRAS Security bulletin from Microsoft www.microsoft.com/technet/security/bulletin/
MS06-025.mspx
Metasploit exploits and payloads http://metasploit.com:55555/EXPLOITS
http://metasploit.com:55555/PAYLOADS
Exploiting Client-Side Vulnerabilities
with Metasploit
Thankfully, the unpatched Windows XP SP1 workstation in the preceding example with
no firewall protection on the local subnet, does not happen as much in the real world.
Interesting targets are usually protected with a perimeter or host-based firewall. As
always, however, hackers adapt to these changing conditions with new types of attacks.
Chapter 16 will go into detail about the rise of client-side vulnerabilities and will introduce
tools to help you find them.
Pages:
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219