1 / 19

Module 7 – Gaining Access & Privilege Escalation

Module 7 – Gaining Access & Privilege Escalation. Phase II  Controls Assessment  Scheduling Information Gathering Network Mapping Vulnerability Identification Penetration Gaining Access & Privilege Escalation Enumerating Further Compromise Remote Users/Sites Maintaining Access

breck
Download Presentation

Module 7 – Gaining Access & Privilege Escalation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 7 – Gaining Access &Privilege Escalation • Phase II  Controls Assessment  Scheduling • Information Gathering • Network Mapping • Vulnerability Identification • Penetration • Gaining Access & Privilege Escalation • Enumerating Further • Compromise Remote Users/Sites • Maintaining Access • Cover the Tracks Heorot.net

  2. Gaining Access &Privilege Escalation • Gain Least Privilege • Gain Intermediate Privilege • Compromise • Final Compromise Problem: We don't have access Heorot.net

  3. Enumerating Further • Phase II  Controls Assessment  Scheduling • Information Gathering • Network Mapping • Vulnerability Identification • Penetration • Gaining Access & Privilege Escalation • Enumerating Further • Compromise Remote Users/Sites • Maintaining Access • Cover the Tracks Heorot.net

  4. *Enumerating Further • E-mail address gathering • Perform Password attacks • **Sniff traffic and analyze it • **Gather cookies • **Identifying routes and networks • **Mapping internal networks *ISSAF does not cover this topic in great detail**Advance topics not covered in this class Heorot.net

  5. E-mail Address Gathering • May already have some • WHOIS information • Forums • archive.org • Blind e-mails • Admin@... • Webmaster@... • abuse@... • Asdfasdf@... • Web site Heorot.net

  6. Web page Demonstration E-mail Address Gathering

  7. Perform Password Attacks • Remote Attack • Hydra • Unicorn • Local Attack • John the Ripper (JTR)‏ • Additional resources required: • Wordlists • Patience Heorot.net

  8. Hydra Demonstration Remote Attack

  9. Enumerating Further • Perform Password attacks • Hydra results: Access Gained • What to do next? • Continue on with Enumeration • Return to “Gain Access & Privilege Escalation” Heorot.net

  10. Gaining Access &Privilege Escalation • Gain Least Privilege • Gain Intermediate Privilege • Compromise • Final Compromise We now have access Heorot.net

  11. Gaining Access &Privilege Escalation • Gain Least Privilege through: • Exploitable vulnerability • Mis-configured system • Poor security practices “In general when someone has physical access to the local host the game is over, because there is usually one or more ways to get all information from the system.” -ISSAF Heorot.net

  12. Gaining Access &Privilege Escalation • Gain Least Privilege • Gain Intermediate Privilege • Compromise • Final Compromise “How to do this” isnot covered in any methodology Heorot.net

  13. Gain Intermediate Privilege • Exploitable vulnerability • Application exploit • Mis-configured system • Application running at higher-than-needed privileges • Access to applications they shouldn't have • Improper maintenance (core dumps)‏ • Poor security practices • Users given elevated privileges Heorot.net

  14. sudo Demonstration Gain Intermediate Privilege

  15. Gaining Access &Privilege Escalation • Gain Least Privilege • Gain Intermediate Privilege • Compromise • Final Compromise Heorot.net

  16. “A system is fully compromised anywhere in the target network and further attack from this system can be performed. This system can be used as a step stone for other attacks to the final goal.” Best example of this is “Got Root?” Compromise

  17. Gaining Access &Privilege Escalation • Gain Least Privilege • Gain Intermediate Privilege • Compromise • Final Compromise Heorot.net

  18. “In this step, the “real” victim like the company master DB or a specific system/file is compromised.” - ISSAF Database Web Pages Mail Servers etc. Final Compromise

  19. Module 7 – Gaining Access &Privilege Escalation • Phase II  Controls Assessment  Scheduling • ... • Vulnerability Identification • Penetration • Gaining Access & Privilege Escalation • Gain Least Privilege • Gain Intermediate Privilege • Compromise • Final Compromise Heorot.net

More Related