Ethical Hacking and Penetration Testing Guide

166
◾ 
Ethical Hacking and Penetration Testing Guide
some time on every day. In the following, I would recommend some sources that should spend 
some time on before proceeding with this chapter.
Resources
http://www.networksorcery.com/enp/default1101.htm
http://www.networksorcery.com/enp/protocol/http.htm
http://www.networksorcery.com/enp/protocol/smtp.htm
http://www.networksorcery.com/enp/protocol/ftp.htm
Attacking Network Remote Services
In previous chapters, we have learned to enumerate open ports and the corresponding services 
running upon those ports, as well as assessing the vulnerabilities of the services by various meth-
ods. Now it’s time to exploit those vulnerabilities.
In this section, we will learn to use various tools such as Hydra, Medusa, and Ncrack to crack 
usernames and passwords for various network services such as FTP, SSH, and RDP. Any network 
service that supports authentication is often using default or weak passwords, which can be easily 
guessed or cracked via a brute force/dictionary attack. Most penetration testers don’t pay much 
attention to utilizing brute force attacks. But in my opinion, they are the fastest way to gain access 
to a remote system if used in an intelligent manner.
However, the downsides of these attacks are that they can disrupt the service or cause denial-
of-service. Also, they are easily detected by intrusion detection/prevention devices. Therefore, the 
opinion in the community is that brute force attacks should be rarely attempted. What my opin-
ion is that although they generate lots of noise and may be ineffective when the passwords are com-
plex, if they are carried out efficiently they could be very useful and may allow an easy penetration 
into the remote system.
Apart from brute force attacks, we will also discuss various other ways to exploit some network 
services such as FTP, SMTP, and SQL Server.

Yüklə 22,44 Mb.

Dostları ilə paylaş: