Penetration Testing with Kali Linux OffSec
|
|
Windows Privilege Escalation
demonstrates how after compromising a Windows target, we can use our new legitimate permissions to become an Administrator. We will learn how to gather information, exploit various types of services, and attack different Windows components. Then, Linux Privilege Escalation goes through the same process with Linux targets and obtaining root level permissions. It reinforces the methodology learned in the previous Module and covers Linux-specific techniques. Escalating permissions is instrumentally important on an engagement because doing so gives us more access. But as penetration testers, we always want to ask ourselves what the biggest impact our attacks can have on the network to provide the most value for our clients. Sometimes, it can be even more effective to gain access to another machine owned by the organization. When we move from one machine to another on the same network, we call this pivoting , 14 and when we move into another subnetwork we call this tunneling . 15 Port Redirection and SSH Tunneling covers the basics of these persistence skills, while Tunneling through Deep Packet Inspection showcases a particular technique that can be used to evade a common network-layer defense. 12 (OffSec, 2023), https://www.exploit-db.com/ 13 (Wikipedia, 2023), https://en.wikipedia.org/wiki/Privilege_escalation 14 (NIST, 2022), https://csrc.nist.gov/glossary/term/pivot#:~:text=Definition(s)%3A,persistent%20threat%20(APT)%20attacks. 15 (Wikipedia, 2023), https://en.wikipedia.org/wiki/Tunneling_protocol Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 29 We wrap up this portion of the course with an exploration of The Metasploit Framework (MSF). 16 MSF is a powerful set of tools that help us automate many of the enumeration and exploitation steps we’ve learned so far. 2.3.6 Active Directory Active Directory 17 is one of the most complex and important technologies for us to learn as penetration testers because it is ubiquitous in today’s enterprise environment. PWK dedicates three Modules to this area: Active Directory Introduction and Enumeration paints a picture of how to think specifically about Windows machines in the context of an Active Directory domain. We will learn how to gather information and set ourselves up to more thoroughly compromise a network. Then, Attacking Active Directory Authentication provides us with several techniques to increase our presence within the network by attacking or bypassing authentication protocols. Finally, Lateral Movement in Active Directory helps us understand how to apply many of the pivoting concepts we’ve previously learned in complex AD environments. 2.3.7 Challenge Lab Preparation The final two PWK Modules represent a bridge between the text, video, and exercise based learning modalities and the Challenge Labs themselves. By this point the learner will have completed over 300 exercises, including the compromise of approximately 25 machines. Now it’s time to put it all together. In Assembling the Pieces , we walk the learner through a simulated penetration test of five machines. Techniques from Information Gathering all the way through Lateral Movement in Active Directory are required to successfully compromise the domain. Learners will be able to follow along and see exactly how we think about targeting a new environment from start to finish. Finally, Yüklə Dostları ilə paylaş:
|