7 Attacking unpatched services
This chapter covers
- The exploit development lifecycle
- MS17-010 Eternal Blue
- Using Metasploit to exploit an unpatched system
- Using the meterpreter shell payload
- Generating custom shellcode for exploit-db exploits
Before moving on, let’s take a moment to revisit our friends the Hollywood movie heist crew who are by now getting pretty deep inside their target facility. The crew has just reached a new floor within the complex and are staring down a long hallway with doors on either side. Red doors are on the left (Linux and UNIX systems) and blue doors on the right (Windows systems). As expected, all of the doors are locked using sophisticated key-card access control panels.
Upon inspecting each individual door and its respective key-card control panel, one appears to be slightly different than the rest. The key-card door lock specialist of the crew (let’s just pretend that’s a real thing) identifies that the panels are using older model card readers. The particular model that’s being used contains a design flaw which can be used to bypass the locking mechanism completely. The details of the bypass aren’t critically important but if you need to visualize something to appreciate the scenario let’s just say there are 8 tiny holes on the bottom of the card reader and if you bend a paper clip in such a fashion that it allows you to poke a specific two of the 8 holes at just the right angle and apply pressure in just the right way, the door unlocks.