Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • PH 3gaining Access Eh

    Загружено:

    api-224615605
    23 просмотров13 страниц
    PHASE 3: GAINING ACCESS and review Ethical Hacking Steve Bolt GAINING ACCESS shows that you were able to breach their defenses Provides PROOF Once you get in, the network could be YOURS Pivot points

    Исходное описание:

    Оригинальное название

    ph 3gaining access eh

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PPTX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    PHASE 3: GAINING ACCESS and review Ethical Hacking Steve Bolt GAINING ACCESS shows that you were able to breach their defenses Provides PROOF Once you get in, the network could be YOURS Pivot points

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    23 просмотров13 страниц

    PH 3gaining Access Eh

    Загружено:

    api-224615605
    PHASE 3: GAINING ACCESS and review Ethical Hacking Steve Bolt GAINING ACCESS shows that you were able to breach their defenses Provides PROOF Once you get in, the network could be YOURS Pivot points

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 13

    PHASE 3: GAINING

    ACCESS AND REVIEW

    Ethical Hacking
    Steve Bolt

    Gaining access

    Shows that you were able to breach their defenses

    Provides PROOF

    Once you get in, the network could be YOURS

    Pivot points

    PHASE 3: GAINING ACCESS

    To gain access:

    You have to exploit the target

    Two types of exploits

    Service side

    Running service is vulnerable to exploitation

    Client side

    Software is vulnerable on end point

    GAINING ACCESS

    Phishing

    Send crafted email to target email

    Different ways to handle this

    After all, you are one of the good guys,

    Could have someone inside mimic an ignorant employee

    GAINING ACCESS

    How do we determine what programs are in use?

    Was this scoped out?

    Did anyone ask?

    Meta Data reveal anything?

    Other methods?
    Once we know what programs are being used, we can check for
    vulnerabilities to exploit

    GAINING ACCESS

    Metasploit Framework

    Collection of exploitation code

    X platform

    Divides up exploits into sections

    Exploits

    Payloads

    Auxiliary

    Post Modules

    GAINING ACCESS

    Metasploit

    Fairly straight forward

    Broken into several directories for review

    Documentation

    User Interfaces

    Modules

    Exploit creation tools

    Other items

    Need to review what type of information is located in here.

    GAINING ACCESS

    Metasploit

    Fairly straight forward

    Launch Msconsole

    Review and select exploit to use

    Show exploits

    Info <exploit name> gives info

    Select the exploit to use

    Select payload

    > show

    payloads

    Set parameters

    >use <exploit name>

    Ips, ports, etc.

    Then Exploit

    > exploit

    GAINING ACCESS

    Meterpreter

    Payload that everyone seeks

    Elevated metasploit interpreter

    Dlls injected into process memory of compromised system

    There are database back ends

    Scanners can be configured to save their data into MS database

    NMAP and Nessus

    GAINING ACCESS

    Windows Null sessions

    GAINING ACCESS

    Once you have gained access to a network

    What do you do?

    Youve popped a machine, now what?

    Start all over again?

    Lets talk about internal network defenses

    GAINING ACCESS

    Once you have access

    Need to ensure that you can maintain that access

    At Jobs

    Cron jobs

    Add new accounts

    Exfiltrate accounts and pw hashes for later cracking

    GAINING ACCESS

    LAB TIME......

    GAINING ACCESS

    Вам также может понравиться