Ethical Hacking and Penetration Testing Guide
Internet Control Messaging Protocol
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Internet Control Messaging Protocol
- Server Protocols
- Binary Protocols
|
Internet Control Messaging Protocol
ICMP runs upon layer 3 (network layer) of the OSI model, unlike TCP and UDP, which runs upon layer 4. The protocol was developed for troubleshooting error messages on a network. It is a connectionless protocol, which means that it gives us no guarantee that the packet will reach the destination. Common applications that use ICMP are “Ping” and “Traceroute.” We have discussed both of them in great detail in the “Information Gathering Techniques” chapter (Chapter 3). Server Protocols In this module, we will be attacking server protocols, but as mentioned earlier, first we need to understand how they work. All server protocols are divided into two basic categories: 1. Text-based protocols 2. Binary protocols Text-Based Protocols (Important) Text-based protocols are human readable protocols, and this is where you, as a penetration tester, need to spend most of your time as they are very easy to understand. Common examples of text- based protocols are HTTP, FTP, and SMTP. Binary Protocols Binary protocols are not human readable and are very difficult to understand; they are designed for efficiency across the wire. As a penetration tester, our primary focus would be on text/ASCII- based protocols, not binary protocols. So let’s talk about some of the popular text-based protocols such as FTP, HTTP, and SMTP. Remote Exploitation ◾ 165 FTP FTP stands for File Transfer Protocol; it runs on port 21. FTP is commonly used for uploading/ downloading files from a server. FTP, in my opinion, is the weakest link in a network because it’s unencrypted, meaning that anybody on a local network can use a network sniffer to capture all the communication. The following image shows the Wireshark capture when I was trying to log in to an FTP server. The username was set to “username” and the password to “password”, as you can clearly see, the username and the password are unencrypted and sent in plain text. Also, there are some FTP servers that allow anonymous log-ins and are often not updated/ patched, making it easier for an attacker to compromise them. SMTP SMTP stands for Simple Mail Transfer Protocol. It runs on port 25. It is used in most of the mail- ing servers nowadays. As a penetration tester, we will encounter SMTP a lot as it’s always exposed on the Internet and would mostly contain sensitive information. HTTP You open up your browser, type a URL into the address bar, and connect to the website. The pro- tocol you are using to do this is HTTP. It runs upon port 80. It’s a fundamental of the web. The chapter “Web Hacking” (Chapter 12) would focus entirely on the various methods that we can use to compromise the applications running on layer 7. Yüklə 22,44 Mb. Dostları ilə paylaş:
|