Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Further Reading
- Attacking Network Remote Services
|
Further Reading
We will not go into specifics about protocols in this book as it does not deal with that subject. But as a penetration tester, sometimes you would run into a protocol that you haven’t seen before. The best way to learn is by reading the RFC (Request for Comment) of each protocol, which is an official documentation for the book. It contains ins and outs of every protocol. I won’t ask you to memorize all the commands because it’s not necessary to do that; what is necessary is to know where to get information when needed. The RFC source books are something you want to spend 166 ◾ Ethical Hacking and Penetration Testing Guide some time on every day. In the following, I would recommend some sources that should spend some time on before proceeding with this chapter. Resources http://www.networksorcery.com/enp/default1101.htm http://www.networksorcery.com/enp/protocol/http.htm http://www.networksorcery.com/enp/protocol/smtp.htm http://www.networksorcery.com/enp/protocol/ftp.htm Attacking Network Remote Services In previous chapters, we have learned to enumerate open ports and the corresponding services running upon those ports, as well as assessing the vulnerabilities of the services by various meth- ods. Now it’s time to exploit those vulnerabilities. In this section, we will learn to use various tools such as Hydra, Medusa, and Ncrack to crack usernames and passwords for various network services such as FTP, SSH, and RDP. Any network service that supports authentication is often using default or weak passwords, which can be easily guessed or cracked via a brute force/dictionary attack. Most penetration testers don’t pay much attention to utilizing brute force attacks. But in my opinion, they are the fastest way to gain access to a remote system if used in an intelligent manner. However, the downsides of these attacks are that they can disrupt the service or cause denial- of-service. Also, they are easily detected by intrusion detection/prevention devices. Therefore, the opinion in the community is that brute force attacks should be rarely attempted. What my opin- ion is that although they generate lots of noise and may be ineffective when the passwords are com- plex, if they are carried out efficiently they could be very useful and may allow an easy penetration into the remote system. Apart from brute force attacks, we will also discuss various other ways to exploit some network services such as FTP, SMTP, and SQL Server. Yüklə 22,44 Mb. Dostları ilə paylaş:
|