Maintaining Access
Attackers who choose to remain undetected remove evidence of their entry and use a back door or a Trojan to gain repeat access. This is a process known as maintaining access.
Backdoor is when an attacker access the target machine without using normal authentication and also remain undetected.
Tools used are:
Privilege Escalation
Privilege escalation happens when a malicious user exploits a bug, design flaw, or configuration error in an application or operating system to gain elevated access to resources that should normally be unavailable to that user. The attacker can then use the newly gained privileges to steal confidential data, run administrative commands or deploy malware – and potentially do serious damage to your operating system, server applications, organization, and reputation.
One way to do this by attacking passwords.
Two ways to attack passwords are :
Tools
Target Exploitation
Today I learned about EternalBlue, it is an exploit that allows cyber threat actors to remotely execute arbitrary code and gain access to a network by sending specially crafted packets. It exploits a software vulnerability in Microsoft’s Windows operating systems (OS) Server Message Block (SMB) version 1 (SMBv1) protocol, a network file sharing protocol that allows access to files on a remote server. This exploit potentially allows cyber threat actors to compromise the entire network and all devices connected to it. Due to EternalBlue’s ability to compromise networks, if one device is infected by malware via EternalBlue, every device connected to the network is at risk. This makes recovery difficult, as all devices on a network may have to be taken offline for remediation. This vulnerability was patched and is listed on Microsoft’s security bulletin as MS17-010.
You can use Eternal Blue with Metasploit
DVWA (Damn Vulnerable Web Application)
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
You can test different kinds of vulnerabilities
Social engineering is a technique used by criminals and cyber-crooks to trick users into revealing confidential information. The data obtained is then used to gain access to systems and carry out actions to the detriment of the person or organization whose data has been revealed
Tools that can be used for social engineering are Maltego or SET
DEMO using SET (Social Engineering Toolkit) Credential Harvester
choose 2
choose 3
choose 2
Vulnerability Mapping
Today, three main classes of vulnerabilities exist from which a clear distinction can be made. The three classes are:
Vulnerability Scanning with Kali Linux
Tool : SQL Map
SQLMap is a neat tool within Kali Linux that is capable of performing various SQL injection tests against a couple of databases such as PostgreSQL, MSSQL, Oracle and MySQL. It is capable of detecting as well as exploiting the detected flaws, making it a very common tool for attackers and testers.
Enumerating is part of the first phase of ethical hacking ie Information Gathering. The attacker establish a connection and finds information about usernames, groups assigned on a network, resources shared on the network, user passwords etc. This will increase the scope of vulnerabilities that the attacker can exploit as knowing the target will make the job easier.
This week we learnt about target discovery. This is a stage during the process of ethical hacking when the tester learns about their target. My tool of interest is nmap which can be used to find information about the operation system of the target so that the tester can exploit vulnerabilities of that OS to his advantage if any. Nmap fingerprints a system by:
Port Scanning- Provides a list of open TCP and UDP ports
ad-hoc forged packets sending
Analysis of the responses received and comparison against a database of known OS’s behavior (fingerprints).
Nmap in Use
To detect the OS of the target the command is nmap -O ipaddress/domainName. The example shows scanning the IP address 182.30.69.100 to get the OS
It helps to find the relationships between people for example their social profile, mutual friends, or companies information websites, subdomains, DNS names and net blocks.
On the domain pentest.id transform to website gives the website www.pentest.id
Performing a DNS Name transformation (Robtex) gives the following results where we can see the subdomains of the domain pentest.id.
Maltego is a powerful tool for visualizing relationships because of its extensive entity palette. You can perform a transformation on domain, person, website, email, conversation etc
Before attempting to attack a system, the attacker gathers information about the organisation or individual they want to attack. There are many legal ways to gather information made public. Such as:
