Performing vulnerabilities validation operation using ICMP interaction:
- Before actually exploiting a given vulnerability, we must deploy a script to log incoming ICMP traffic. This can be done with a simple Python script using Scapy, as follows:
#!/usr/bin/python
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
def rules(pkt):
try:
if (pkt[IP].dst=="172.16.69.133") and (pkt[ICMP]):
print str(pkt[IP].src) + " is exploitable"
except:
pass
print "Listening for Incoming ICMP Traffic.
Use Ctrl+C to stop listening"
sniff(lfilter=rules,store=0)
- The provided Python script sniffs all incoming traffic and flags the source of any ICMP traffic directed toward the scanning system as vulnerable. To use this script to validate that a vulnerability can be exploited, we need to execute code that will cause the remote system to ping our scanning system. To demonstrate this, we can use Metasploit to launch a remote code-execution exploit. But prior to doing this, we need to launch our script, as follows:
- Next, we need to exploit a vulnerability that will yield remote code execution. By reviewing the Nessus scan results of the Windows XP box, we can see that the system is vulnerable to the MS08-067 exploit. To validate this, we will exploit the vulnerability with a payload that executes a ping command back to the scanning system, as follows:
- The exploit in Metasploit was configured to use the windows/exec payload that executes code in the exploited system. This payload was configured to send a single ICMP echo request to our scanning system. After execution, we can confirm that the exploit was successful by referring back to the original script that was still listening, as follows:
