This article provides a detailed account of a hands-on ethical hacking exercise focusing on attacking vulnerable systems and showcasing the exploits used. The first step involved scanning for vulnerabilities, followed by executing various attacks on different machines. Notable vulnerabilities exploited include EternalBlue, ZeroLogon, Apache HTTP Server Path Traversal, and Maltrail RCE. Affected: Windows 7, Windows Server 2019, Apache HTTP Server, Maltrail.
Keypoints :
- The setup and functioning of Wazuh SIEM were outlined in previous parts.
- The focus of this article is on attacking vulnerable machines belonging to classmates.
- Tools used for vulnerability scanning included Nmap, Metasploit, and custom Python scripts.
- Four significant vulnerabilities were identified and exploited in the practice session.
- Each machine had a specific vulnerability targeting it, with detailed exploitation methods provided.
- Vulnerabilities exploited included SMBv1 RCE, ZeroLogon, Path Traversal RCE, and unauthenticated RCE.
- Mitigations for each exploited vulnerability were discussed following the attack descriptions.
- Future parts will explore the resulting data collected from compromised machines using Wazuh.
MITRE Techniques :
- Exploitation for Client Execution (T1203) – Used a customized Python script for automating attacks.
- Exploitation of Remote Services (T1210) – Exploited the EternalBlue vulnerability (CVE-2017–0144) for remote code execution.
- Exploitation of Authentication (T1110) – Bypassed authentication using the ZeroLogon vulnerability (CVE-2020–1472).
- Exploitation over HTTP (T1071) – Exploited the Apache Path Traversal vulnerability (CVE-2021–41773) to access unauthorized files.
- Exploitation of Web Applications (T1203) – Gained access via Maltrail RCE exploit (EDB-ID:51676) via its web interface.