Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
108
compromise: 722 user accounts were
configured to never expire; 23,142
users had never logged in; 6 users were
members of the domain administrator
group; default initial passwords were in
use for 968 accounts.
2
H
Information enumerated through an
anonymous SMB session. An
anonymous SMB session connection
was made, and the information gained
was then used to gain unauthorized
user access as detailed in Appendix
E.9.
To prevent information gathering via
anonymous SMB sessions: Access to
TCP ports 139 and 445 should be
restricted based on roles and
requirements. Enumeration of SAM
accounts should be disabled using the
Local Security Policy > Local Policies >
Security Options
3
M
Malicious JavaScript code can be run
to silently carry out malicious activity.
A form of this is reflected cross-site
scripting (XSS), which occurs when a
web application accepts user input
with embedded active code and then
outputs it into a webpage that is
subsequently displayed to a user. This
will cause attacker-injected code to be
executed on the user’s web browser.
XSS attacks can be used to achieve
outcomes such as unauthorized
access and credential theft, which can
in some cases result in reputational
and financial damage as a result of bad
publicity or fines. As shown in
Appendix E.8, the [client] application is
vulnerable to an XSS vulnerability
because the username value is
displayed on the screen login attempt
fails. A proof-of-concept using a
maliciously crafted username is
provided in Appendix E.
Treat all user input as potentially tainted,
and perform proper sanitization through
special character filtering. Adequately
encode all user-controlled output when
rendering to a page. Do not include the
username in the error message of the
application login.
Yüklə
Dostları ilə paylaş: