Hi Friends,

I would like to whish "Merry Cristmast and Happy New Year 2022" for those who are celebrating it.

I would like to share a small tutorial on how to use Core Impact application on your red teaming or Penetration Testing during exploitation phase. This post will explain steps on how to deploy Core Impact network agent on the victim server by exploiting the web vulnerability

Core Impact has a great capability on the attack automation but also giving you capability to custom the modules based on your need and do manual attack

In this firrst part, I am going to share Core Impact agent with automation attack. Automation attack means that we allow Cor Impact to analyze the vulnerability by itself and deploy the web agent which we can follow up with Core Impact network agent deployment

Core Impact as Web Proxy

We need to setup the core impact as our web proxy to allow you to browse the target web and get the page captured by the core impact

To start, We need to create the blank workspace to work. After the workspace is successfully created then we can go to the "Web" tab

Then click on the Information Gathering and Click on the Next Button

You can "Create a new scenario" or "Use an existing scenario" to group the captured traffic during the analyses. I will create new scenarion for this tutorial and press Next Button

To activate the proxy then you should select "Interactive web crawling" and press Next Button

You can press Next Button untill Finish button comes. Press Finish Button

You can see the status of the web proxy creation by checking in the "Executed Modules" window

Before we browse the victim's webpage, We need to set the proxy of the browser to connect to the Core Impact

BWAPP

After the proxy is set then you can start browsing the Web (BWAPP) and go to the OS Command Injection and Press Lookup

When you do the browsing, You will see that every page that you have browsed will also appear in the Core Impact complete with the data that you posted to the server

Automatic Exploitation

As I mentioned earlier that we will use automation provided by Core Impact to do the exploitation that will provide Us with the agent deployment.

To start the exploitation, We should find the module that will analyze the vulnerability

As we know that the vulnerabilty that we are going to explooit in the BWAPP is OS Command injection, then we can use the OS Command Injection Analyzer provided by the Core Impact

After that we can drag that module into the URL that we are going to analyze and press OK Button

Core Impact will do the automatic vulnerability analysis and directly deploy the exploit when it found. You can see that the module is running under the Executed Module window

After view second, The Core Impact is successfully found the vulnerability and directly deploy the exploit temporary agent as show in the below image as OS Command Injection Agent (0) that allow you to interact with server such as giving you shell

The interaction with the temporary agent is very limitted. If we want to have more features to leverage our capabilities for laternal movement then we need to deploy OS Agent

OS Agent Deployment

To leverage our interaction with the victim's server, We need to deploy Network Agent. Core Impact is giving a very easy deployment of Network Agent when we have had the web temporary agent running

You can find the module in the module list "Install OS Agent using OS Command Injection Agent"

You can drag that Module into the OS Command Injection Agent (0) that we established in the previous steps and press OK Button

We can see that the OS Agent is successfully deployed to the victim's server by going to the Network Tab and go the IP of the victim and see the installed agent(0)

If we right click on the agent(0) that we can see it provide more interaction capabilities such as (Shell, Browse File, Set as Source for pivoting point and etc)

Take an example of browsing file. it will give you a pop up windows for browsing files in the victim's server

Conclusion

We can see that Core Impact make all the work become very easy and still give us a very good flexibility to custom control to stay hidden