Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Important Commands
- Real-Life Example
- MySQL Servers
|
Important Commands
Though there are tons of commands, we will look at only some important ones, that is, HELO, MAIL FROM, RCPT TO, and DATA, and I will leave the rest for you to explore on your own by reading the RFC source books. HELO —Once you connect to the SMTP server with Telnet, Netcat, or any other tool, you need to greet the server with a HELO message. MAIL FROM —This is the sender’s e-mail address. It’s the e-mail from which you will be send- ing the spoofed message. RCPT TO —This is the receiver’s e-mail address. It is the e-mail to which you would be sending the spoofed message. There might be some mitigation on the server that won’t allow you to send an e-mail to an external domain address to prevent the mail server from being abused by spam- mers and the like. But we will be able to send e-mails to internal e-mail address in the domain. DATA —This is the body of a message that you willbe sending to the victim. Real-Life Example A security researcher with nick “Pwndizzle” was able to use the mail server of Nokia to send an e-mail to an employee from it’s president. By using nslookup/dig, he found out that Nokia was using mx1.nokia.com as its primary e-mail server. So he used Telnet to connect to Nokia’s mail server on port 25 and managed to send the spoofed e-mail bypassing Nokia’s filters. The following screenshot explains the whole story. Remote Exploitation ◾ 175 You can see that he used the same commands, HELO, MAIL FROM, RCPT, and DATA, to get the job done. Attacking SQL Servers So far, we have discussed attacking TCP-based protocols such as FTP, SSH, and SMTP. Now let’s talk about a protocol based on UDP. SQL server is a UDP service that you would often encounter in your penetration tests. One of the first tests that we will perform is targeting the authentication. We will learn to attack the authentication of SQL servers not only by using Hydra/Medusa, but some other tools as well that can perform this task. MySQL Servers MySQL servers are the most widely used databases in modern web applications. You are likely to find them in 8 out of 10 web applications that you perform penetration test against. One of the first attacks is to, of course, test for weak credentials that can give us immediate access to the SQL database. Yüklə 22,44 Mb. Dostları ilə paylaş:
|