module 7 – gaining access & privilege escalation phase ii controls assessment scheduling...
TRANSCRIPT
![Page 1: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/1.jpg)
Module 7 – Gaining Access &Privilege Escalation
Phase II Controls Assessment Scheduling
○ Information Gathering○ Network Mapping○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation○ Enumerating Further○ Compromise Remote Users/Sites○ Maintaining Access○ Cover the Tracks
Heorot.net
![Page 2: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/2.jpg)
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
Problem: We don't have access
Heorot.net
![Page 3: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/3.jpg)
Enumerating Further
Phase II Controls Assessment Scheduling
○ Information Gathering○ Network Mapping○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation○ Enumerating Further○ Compromise Remote Users/Sites○ Maintaining Access○ Cover the Tracks
Heorot.net
![Page 4: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/4.jpg)
*Enumerating Further
E-mail address gathering Perform Password attacks **Sniff traffic and analyze it **Gather cookies **Identifying routes and networks **Mapping internal networks
*ISSAF does not cover this topic in great detail**Advance topics not covered in this class
Heorot.net
![Page 5: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/5.jpg)
E-mail Address Gathering
May already have some○ WHOIS information○ Forums○ archive.org
Blind e-mails○ Admin@...○ Webmaster@...○ abuse@...○ Asdfasdf@...
Web site
Heorot.net
![Page 6: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/6.jpg)
E-mail Address Gathering
Web page Demonstration
![Page 7: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/7.jpg)
Perform Password Attacks
Remote AttackHydraUnicorn
Local AttackJohn the Ripper (JTR)
Additional resources required:WordlistsPatience
Heorot.net
![Page 8: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/8.jpg)
Remote Attack
Hydra Demonstration
![Page 9: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/9.jpg)
Enumerating Further
Perform Password attacksHydra results: Access Gained
What to do next?Continue on with EnumerationReturn to “Gain Access & Privilege Escalation”
Heorot.net
![Page 10: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/10.jpg)
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
We now have access
Heorot.net
![Page 11: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/11.jpg)
Gaining Access &Privilege Escalation Gain Least Privilege through:
Exploitable vulnerabilityMis-configured systemPoor security practices
“In general when someone has physical access to the local host the game is over,because there is usually one or more ways to get all information from the system.” -ISSAF
Heorot.net
![Page 12: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/12.jpg)
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
“How to do this” isnot covered in any methodology
Heorot.net
![Page 13: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/13.jpg)
Gain Intermediate Privilege
Exploitable vulnerabilityApplication exploit
Mis-configured systemApplication running at higher-than-needed
privilegesAccess to applications they shouldn't haveImproper maintenance (core dumps)
Poor security practicesUsers given elevated privileges
Heorot.net
![Page 14: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/14.jpg)
Gain Intermediate Privilege
sudo Demonstration
![Page 15: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/15.jpg)
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
Heorot.net
![Page 16: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/16.jpg)
Compromise
“A system is fully compromised anywhere in the target network and further attack from this system can be
performed. This system can be used as a step stone for other attacks to the final goal.”
Best example of this is “Got Root?”
![Page 17: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/17.jpg)
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
Heorot.net
![Page 18: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/18.jpg)
Final Compromise
“In this step, the “real” victim like the company master DB or a specific system/file is compromised.” - ISSAF
DatabaseWeb PagesMail Serversetc.
![Page 19: Module 7 – Gaining Access & Privilege Escalation Phase II Controls Assessment Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability](https://reader035.vdocument.in/reader035/viewer/2022070413/5697bf9d1a28abf838c93cec/html5/thumbnails/19.jpg)
Module 7 – Gaining Access &Privilege Escalation
Phase II Controls Assessment Scheduling
○ ...○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation
Gain Least PrivilegeGain Intermediate PrivilegeCompromiseFinal Compromise
Heorot.net