Ethical Hacking and Penetration Testing Guide
Acquiring Situation Awareness
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Acquiring Situation Awareness
- Enumerating a Windows Machine
|
Acquiring Situation Awareness
Immediately after compromising a host, you need to gain information about where the host is located on the internal network and its functionality, which would include hostname, interfaces, routes, and services that our host is listening to. The more you are familiar with the operating system the more you can enumerate. Enumerating a Windows Machine Windows would be one of our common targets, since it is the most used operating system in the corporate environment. Since most of you are familiar with Windows, it would be easy to enumer- ate it. Our main goals would be to enumerate the network, mainly where the host is, find out what other hosts are reachable from our compromised host, the interfaces, and the services. So let’s assume that we have already compromised a Windows host, say, by using our favorite ms08 _ 067 _ netapi exploit, and opened up a meterpreter session. From within 232 ◾ Ethical Hacking and Penetration Testing Guide our Meterpreter session, we can type the “ shell ” command, which will open our command prompt. So here are some of the Windows shell commands to gain situation awareness: ipconfig —This command will list all the interfaces, the IP addresses, gateways, and the MAC addresses. ipconfig/all —This command will list additional information about the interfaces such as DNS servers. ipconfig/displaydns —This command will display the DNS cache. The screenshot shows the A record of the host rafayhackingarticles.net. arp –a —You must be familiar with this command from our “Network Sniffing” chapter (Chapter 6). This command displays the Arp cache; using it you can figure out reachable systems from our hosts. netstat –ano —A very useful command, this can be used to list all the connections estab- lished from the current computer on a particular port. Route Print —This will display the routing table of our computer; the netstat –r command can also be used for this. tasklist/svc —This is a very useful command to enumerate all the services running on our target computer. From the following screenshot we can see that our victim is running AVG antivirus; this knowledge would be very helpful for us when we try to bypass the antivirus. Postexploitation ◾ 233 net start/net stop —The net start command will display all the running services on the target computer. We can stop a running service, for example, AVG antivirus, by using the net stop command. The syntax for net start/net stop commands are as follows: net start net stop netsh — netsh is a very useful command line utility for both network administrators and hackers/penetration testers. It can be used to gather information about firewall rules and so on. For example, we can turn off a firewall by issuing the following command: netsh firewall set opmode disable But we will require administrative privileges to disable the firewall. We will learn about privilege escalation later in the chapter. Yüklə 22,44 Mb. Dostları ilə paylaş:
|