Sample Penetration Test Report PurpleSec
%Appdata%\Microsoft\Protect\BK-
Yüklə 1,24 Mb. Pdf görüntüsü
|
|
%Appdata%\Microsoft\Protect\ path, they can use the stored backup key here to take over all the identities and secrets in the domain. I recommend any secrets on systems be evaluated at the minimum This risk of this critical vulnerability can be further demonstrated. With root access an attacker can do any administrative and system level action without any need for passwords or logins. Using this vulnerability, the ISA was also able to create a local RDP user that would allow me Remote Desktop access to the server using a username and password of my choice. There is further risk of privilege escalation because NT Authority user can promote any other users to Admin level access, including Domain Admin, if the target system is an Active Directory server or has rights to configure Domain settings remotely. The McAfee Security Server (192.168.1.222) was vulnerable to the same ETERNALBLUE exploit. As SMB and spoolsv.exe services were running on the McAfee server the attack was executed using the same method described above. Initially the shell failed to open, which is common with this exploit; a retry resulted in successful execution. PEN TEST REPORT: EXAMPLE INSTITUTE JANUARY 1, 2020 12 sales@purplesec.us SSL Version 2 and 3 Protocol Detected : A network reconnaissance scan detected multiple hosts with a vulnerable version of SSLv2 and SSLv3. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including: - An insecure padding scheme with CBC ciphers. - Insecure session renegotiation and resumption schemes. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients. Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so that these versions will be used only if the client or server support nothing better), many web browsers implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE). Therefore, it is recommended that these protocols be disabled entirely. NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong cryptography'. Hosts Affected: 192.168.1.248 192.168.1.230 192.168.1.251 192.168.1.39 192.168.1.252 192.168.1.204 192.168.1.221 192.168.1.198 192.168.1.205 192.168.1.200 192.168.1.182 192.168.1.194 Affected hosts were validated with a network level cipher scan using the nmap tool. Analyst targeted the scan at these specific hosts using a script that would display the cipher suite information for blocks of open ports on the targeted systems. PEN TEST REPORT: EXAMPLE INSTITUTE JANUARY 1, 2020 13 sales@purplesec.us The output scan was filtered to display only those systems which contained insecure versions of SSL. All the below affected hosts were validated to contain the vulnerable SSL. PEN TEST REPORT: EXAMPLE INSTITUTE JANUARY 1, 2020 14 sales@purplesec.us |