Sample Penetration Test Report PurpleSec
sales@purplesec.us MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution
Yüklə 1,24 Mb. Pdf görüntüsü
|
|
15 sales@purplesec.us MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)(WINSHOCK) The remote Windows host is affected by a remote code execution vulnerability due to improper processing of packets by the SecureChannel (Schannel) security package. An attacker can exploit this issue by sending specially crafted packets to a Windows server. Note that this plugin sends a client Certificate TLS handshake message followed by a CertificateVerify message. Some Windows hosts will close the connection upon receiving a client certificate for which it did not ask for with a CertificateRequest message. In this case, the plugin cannot proceed to detect the vulnerability as the CertificateVerify message cannot be sent. EXPLOIT: The exploit for this vulnerability is a remote code execution that typically results in a PEN TEST REPORT: EXAMPLE INSTITUTE JANUARY 1, 2020 16 sales@purplesec.us Denial of Service (DoS) Attack. Due to the nature of the testing, this exploit is out of scope for the exercise. Outsider Risk Rating: Insider Risk Rating: EXTREME Bottom Line: Nearly all CLIENT’s internal networks hosts appear to be properly patched and up -to- date. Attack vectors are available to an adversary who targeted CLIENT. Considering CLIENT’s lack of IT personnel or Security Engineer, an attacker could find success through Social Engineering or Physical attack methods due to the lack of training and resources found during this penetration testing. Recommendations: • Disable SMB on all systems where it is not required for business purposes. The service may be shut down via GPO on the domain, or through manual service disabling on local admin accounts. • Disable spoolsvc.exe and other non-essential processes on Critical Security Infrastructure such as the McAfee Security Server. Processes running increase the attack surface of the systems. Disabling these services can help harden the systems and create a smaller, more secure risk landscape. • Disable SSLv2 and SSLv3 on any system where legacy encryption is not necessary. Most applications use better encryption built-in but use SSL as a fallback option when needed for legacy support. (Remainder of page left intentionally blank) |