Ethical Hacking and Penetration Testing Guide
Postexploitation ........................................................................................................231
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
9
Postexploitation ........................................................................................................231 Acquiring Situation Awareness........................................................................................231 Enumerating a Windows Machine ........................................................................231 Enumerating Local Groups and Users ...................................................................233 Enumerating a Linux Machine ..............................................................................233 Enumerating with Meterpreter ..............................................................................235 Identifying Processes ....................................................................................235 Interacting with the System ..........................................................................235 User Interface Command .............................................................................235 Privilege Escalation ........................................................................................................ 236 Maintaining Stability ........................................................................................... 236 Escalating Privileges....................................................................................................... 237 Bypassing User Access Control ............................................................................. 238 Impersonating the Token ...................................................................................... 239 Escalating Privileges on a Linux Machine ..............................................................241 Maintaining Access.........................................................................................................241 Installing a Backdoor ......................................................................................................241 Cracking the Hashes to Gain Access to Other Services ..................................................241 Backdoors .......................................................................................................................241 Disabling the Firewall ........................................................................................... 242 Killing the Antivirus ............................................................................................. 242 Netcat ................................................................................................................... 243 MSFPayload/MSFEncode .............................................................................................. 244 Generating a Backdoor with MSFPayload ............................................................ 244 MSFEncode ...........................................................................................................245 MSFVenom ................................................................................................................... 246 Persistence .............................................................................................................247 What Is a Hash? ....................................................................................................249 Hashing Algorithms ..............................................................................................249 Windows Hashing Methods ..................................................................................250 LAN Manager (LM) .............................................................................................250 NTLM/NTLM2 ...................................................................................................250 Kerberos ................................................................................................................250 Where Are LM/NTLM Hashes Located? ..............................................................250 Dumping the Hashes ......................................................................................................251 Scenario 1—Remote Access ...................................................................................251 Scenario 2—Local Access ......................................................................................251 Ophcrack ...............................................................................................................252 References .......................................................................................................................253 Scenario 3—Offline System ..................................................................................253 Ophcrack LiveCD .................................................................................................253 Bypassing the Log-In .............................................................................................253 xvi ◾ Contents References .......................................................................................................................253 Cracking the Hashes .......................................................................................................253 Bruteforce ..............................................................................................................253 Dictionary Attacks ............................................................................................... 254 Password Salts ....................................................................................................... 254 Rainbow Tables .................................................................................................... 254 John the Ripper ..............................................................................................................255 Cracking LM/NTLM Passwords with JTR ...........................................................255 Cracking Linux Passwords with JTR .....................................................................256 Rainbow Crack ...............................................................................................................256 Sorting the Tables ..................................................................................................257 Cracking the Hashes with rcrack ...........................................................................258 Speeding Up the Cracking Process ........................................................................258 Gaining Access to Remote Services .......................................................................258 Enabling the Remote Desktop ...............................................................................259 Adding Users to the Remote Desktop ....................................................................259 Data Mining ...................................................................................................................259 Gathering OS Information ................................................................................... 260 Harvesting Stored Credentials ...............................................................................261 Identifying and Exploiting Further Targets ................................................................... 262 Mapping the Internal Network ............................................................................. 263 Finding Network Information .............................................................................. 264 Identifying Further Targets ...................................................................................265 Pivoting ................................................................................................................ 266 Scanning Ports and Services and Detecting OS .....................................................267 Compromising Other Hosts on the Network Having the Same Password ............ 268 psexec ............................................................................................................................ 269 Exploiting Targets ..................................................................................................270 Conclusion ......................................................................................................................270 Yüklə 22,44 Mb. Dostları ilə paylaş:
|