Hacking

Client-side Attacks

Client-side Attacks

We launch client-side attacks when our target is hidden behind an IP or an obscure network. Client-side attacks are carried out with the help of user interaction to gather the required information. For example - Using a link, image, or update, the target is promoted to run the code in their system. 

To ensure that both the target and user machines are on the same network, we use a NAT network. 

Installing Veil

Using the following link, we can install the latest version of the Veil -

https://github.com/Veil-Framework/Veil 

You can download Veil’s repository using this GitHub link and then simply go to the Terminal to locate where we want to download it. 

Overview of Payloads

Once Veil is installed, we will notice that it has the following commands -

Exit to close the program.

Info to get information on a tool.

Use to use any tool. 

List to update the tools.

Update to update the Veil.

The two types of tools used in the Veil include - Evasion and Ordnance. Evasion is used to create a backdoor undetectable by the antivirus software. Ordnance is used to create the payloads. The first part of the payload essentially consists of its programming language and the second part consists of its type. The third part helps in establishing the connection. An example of our chosen payload is meterpreter/rev_https. 

Generating a Veil Backdoor

In this step, we will generate a Veil using the backdoor. This process helps bypass most of the antivirus software. To make sure that it is not flagged by the antivirus, we need to make the backdoor as unique as possible so that it does not get detected in the large database of antivirus’ signatures. 

Listening for Connections

This process involves listening to the incoming connection using the Metasploit framework. We can use the module in Metasploit using the following command -

use exploit/multi/handler

Testing the Backdoor

Our backdoor uses the reverse payload. To test if the backdoor works properly, we will put it on the web server. After that, we will download it from the target system. We will put the backdoor online using the Kali machine as a website. If it is working properly, then the Kali machine will display the message with the received connection from the target system. This implies that we have hacked the target system and have full control over the machine. 

Using the sysinfo command, we can check if the backdoor is working properly along with other details of the target system such as its operating system, architecture, logged users, and more. 

Fake bdm1 Update

In case the target computer does not download the file we shared as an image, link, or update, then we need to fake an update to create an undetectable backdoor. This can be done using a fake network or launching a MITM attack. 

If the network is wired, we can use a tool named Evilgrade that can create a fake update. It can be downloaded through this link -

https://github.com/PacktPublishing/Fundamentals-of-Ethical-Hacking-from-Scratch 

After the download is complete, we can run Evilgrade to see the list of updates that can be hijacked from prominent companies such as Nokia, Safari, Google, and more.

Once the target system will check for the updates, they will be redirected to the IP addresses where Evilgrade is running. Using the sysinfo command, we can check if we have successfully hacked the target system.

Protecting Against Delivery Methods

To prevent potential attacks or avoid networks we are unfamiliar with, we can use tools such as XArp. Another way to prevent such fake update attacks is to use HTTP instead of HTTP. 

WinMD5 is a useful tool for Windows that allows users to calculate checksum for files and let them know if they have been modified to prevent the risk of downloading fake updates. To ensure the file is safe, the checksum and values of the signature should be the same. It can be downloaded via the following link -

http://www.winmd5.com/