Ethical Hacking and Penetration Testing Guide
Gaining Access to Remote Services
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Gaining Access to Remote Services
- Adding Users to the Remote Desktop
|
Gaining Access to Remote Services
We have managed to successfully crack the administrator password by using either wordlists or rainbow tables. Our next step would be to use it to gain access to the remote desktop. However, we still have some issues, which are as follows: 1. What if the remote desktop is not enabled by the victim? 2. What if our current user is not allowed to connect to the remote desktop? The solutions to both of these problems are very simple. If the remote desktop is not enabled we would need to re-enable it and then connect through it. If our current user is not allowed to con- nect, we would add our user to the “remote desktop” group so they can access it. Postexploitation ◾ 259 Enabling the Remote Desktop Our first step would be to check if RDP access is enabled on the victim’s machine; we can check running services by using the “ net start ” command. If it’s enabled we proceed to the next step.; if it’s not, we would need to re-enable it. We can do it from the attacker machine by using the following command from our meterpreter shell: run getgui –e Adding Users to the Remote Desktop We have successfully enabled RDP on our victim’s machine. We now need to add users that could connect to the remote desktop. The “getgui” script also allows us to create a username and password of our choice and it would automatically add it to the local group in case our user is not allowed to access RDP. meterpreter > run getgui –u rafay –p pass However, you are still not able to connect to the remote desktop for some reason, you can try adding the user manually to the local group that is allowed to access RDP by issuing the following command from the command prompt: net localgroup “Remote Desktop Users” rafay/add Our final step would be to connect to the victim’s remote desktop. By using “ rdesktop ”, the command would be as follows: rdesktop –u rafay –p pass In a similar manner, we can enable other services such as telnet to get remote access to the system. For enabling telnet, meterpreter has a built-in script named “gettelnet” that can automati- cally enable telnet for us. Data Mining In a penetration test, your overall objective is to demonstrate the impact of the vulnerability; this can be done most of the times by presenting the customer with critical information. Data mining is a postexploitation process in which penetration testers search the compromised machines for sensitive customer information. Not only will this process help us demonstrate to the customer the impact of successful intrusions, but it will also help us further exploit the target network. 260 ◾ Ethical Hacking and Penetration Testing Guide The common type of data that we would be looking for would be stored e-mails and pass- words, customer contracts, information about the systems, and any other confidential data. Our common targets would be file servers, home directories, shared drives, databases, etc. We will talk about utilizing meterpreter scripts to enumerate confidential data from the remote machine. Yüklə 22,44 Mb. Dostları ilə paylaş:
|