Introduction to the exploitation phase
Once you have gathered enough information on your target, you can begin the exploitation phase.
During this, you will use the data collected to exploit flaws and penetrate the network or system you are testing.
For this phase, there are several attack vectors: MITM (Man-in-the-Middle), phishing, brute forcing, RCE (Remote Code Execution) and DoS (Denial of Service).
Each attack relies on its own techniques and strategies.
In a MITM (Man-in-the-Middle) type attack, the attacker will position themselves between the two communication endpoints.
Imagine that you are testing a network with clients and servers.
If you interpose yourself between a client (for example, a network administrator) and the server they administer, you will be able to intercept the communication if it is not encrypted.
This can allow you either to retrieve sensitive information passing in clear text (such as credentials), or to manipulate on the fly the data exchanged between the two machines.
This is what we call a Man-in-the-Middle attack.
The second attack vector is phishing.
The attacker sends messages spoofing the identity of a trusted third party (emails, SMS, etc.) in order to induce the victim to click on a link or open an attachment.
If the victim opens and executes this malicious file, it will install a malware that will give the attacker access to their system.
Brute forcing (or brute force attack) consists of systematically testing all possible combinations of credentials and passwords to force access to a service or platform.
RCE (Remote Code Execution) is an attack that exploits a flaw in the code of an application or the operating system of the target.
This exploitation allows the attacker to execute commands of their choice directly on the vulnerable machine, often offering them immediate access to the system.
DoS (Denial of Service) consists of saturating a server or service by sending it a massive amount of requests or data.
This overload will consume all the resources of the server (processor, RAM, bandwidth), rendering the service unavailable to legitimate users.
DDoS (Distributed Denial of Service) uses a network of compromised machines (a botnet) to amplify the attack.
These attacks are generally conducted to paralyze infrastructures or harm a company's reputation.
Although there are other attack vectors, RCE remains one of the most formidable and sought-after by attackers, because it allows taking direct control of the target system.
In this course, we are going to study a concrete example of RCE and see how this flaw can be exploited to obtain remote access on a vulnerable system.