In this follow-up to the installing security tools on macOS via Homebrew series, we’ll be looking at various applications that can be used to exploit any vulnerabilities that have been found after performing an assessment using scanning tools to determine what—if any—issues exist.
While some pentesters find this to be the fun part of the project, exploiting the vulnerabilities found to see how the devices respond and react to attacks, it’s important to not let the fun factor associated with this part of the campaign to overtake the true purpose of this phase: To verify the information retrieved during the assessment phase is accurate.
SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)
This is another step along the path to completing a successful penetration testing engagement. Otherwise, it will be incorrect, and likely your supervisors and clients will be none too happy with you for providing misinformation; and potentially making their IT department go on a wild goose chase to correct issues that were never there to begin with.
Taking the identified vulnerabilities and attempting to exploit them will quantify your findings and provide conclusive evidence that the line-item is not merely a false positive, but a true positive, and one of the items that will be presented in your final report to stakeholders for remediation. The tools identified below will allow pentesters to do just that by being able to leverage potential exploits against the vulnerabilities assessed.
According to the Armitage website, it is “a scriptable red team collaboration tool for Metasploit.” It works by essentially providing a common workspace to assess viable targets by recommending possible exploits and providing access to post-exploitation features. It also provides the ability for teams to share information within the workspace.
brew install armitage
Not to be confused with the legacy and no longer supported v1, Bettercap v2 is an extensible framework used to target wired and wireless networks of all types: Ethernet, Wi-Fi, Bluetooth, and wireless devices, such as keyboard and mice, with a number of built-in tools that probe, monitor, capture, and manipulate traffic.
brew install bettercap
SEE: Homebrew: How to install reconnaissance tools on macOS (TecheRepublic)
This open-source toolkit focuses exclusively on attacking application servers by automating the reconnaissance and exploitation phases on six different application server platforms. With additional support always being added, ClusterD can also leverage API for adding new platforms and exploits to the program.
brew install clusterd
Short for command injection exploiter, this automated tool is used to test web-based applications to both find and exploit vulnerabilities. Based on Python, the program supports cross-platform use and is available as a package in other standalone security toolkits or as a module in testing frameworks.
brew install commix
This is a script that enumerates and automates hopping VLANs by sniffing network traffic and extracting the tags to identify VLAN IDs to exploit VLAN-hopping vulnerabilities within network equipment.
brew install frogger
This tool is used to manipulate physical memory by exploiting PCI-based DMA and can attack over hardware interfaces such as FireWire and Thunderbolt, for example. It works by performing both intrusive and non-intrusive attacks via DMA on computers that are live.
brew install inception
SEE: How to install common security tools via Homebrew on a Mac (TechRepublic)
Metaploit Framework (MSF)
This is one of the most popular exploitation tools in a pentester’s arsenal. Metasploit is actually a framework that allows users to link to a database of known exploits to automate the the exploitation process against vulnerable clients. But MSF is much more than that: It also offers information-gathering tools and vulnerability plugins, as well as a development environment that allows for the creation of modules that encompass writing one’s own exploits.
brew install metasploit
Oracle Database Attacking Tool (ODAT)
Another open-source tool, this one is used to remotely test the security of databases running on the Oracle platform. It can be used to find SIDs and credentials, escalate privileges, or execute commands against the system.
brew install odat
This is a Python script that uses the path traversal vulnerability to automate the process of locating and retrieving log and configuration files on target devices.
brew install panoptic
The application has many built-in authentication servers to test and exploit a number of Windows-based services. Some of the common services are SMB, MSSQL, and DNS, combined with poisoning capabilities, among many other tools to setup man-in-the-middle (MITM) and spoofing attacks.
brew install responder
This open-source testing tool automates the process of owning database servers based on Structured Query Language (SQL). It detects and exploits injection vulnerabilities in addition to fully supporting a large host of database server types via fingerprinting, data fetching, accessing host file systems, and performing out-of-band connections.
brew install sqlmap
This is the second version of the Python-based script for auditing wireless networks. Wifite2 sets itself apart from other, more robust wireless tools by fully automating the process, using all known methods for obtaining hashes from access points, and cracking the passphrase associated with encrypted wireless networks.
brew install wifite
Another tool that is regularly included in other security-focused toolkits, this one is designed to take advantage of known weaknesses in different network protocols to scrutinize the security of a network and exploit any issues found, using such common protocols as Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), and VLAN Trunking Protocol (VTP) just to name a few.
brew install yersinia