Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.

Published byRosemary Phillips Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability."— Presentation transcript:

1 Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration ○ Gaining Access & Privilege Escalation ○ Enumerating Further ○ Compromise Remote Users/Sites ○ Maintaining Access ○ Cover the Tracks Heorot.net

2 Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise Problem: We don't have access Heorot.net

3 Enumerating Further  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration ○ Gaining Access & Privilege Escalation ○ Enumerating Further ○ Compromise Remote Users/Sites ○ Maintaining Access ○ Cover the Tracks Heorot.net

4 *Enumerating Further  E-mail address gathering  Perform Password attacks  **Sniff traffic and analyze it  **Gather cookies  **Identifying routes and networks  **Mapping internal networks *ISSAF does not cover this topic in great detail **Advance topics not covered in this class Heorot.net

5 E-mail Address Gathering  May already have some ○ WHOIS information ○ Forums ○ archive.org  Blind e-mails ○ Admin@... ○ Webmaster@... ○ abuse@... ○ Asdfasdf@...  Web site Heorot.net

6 E-mail Address Gathering Web page Demonstration

7 Perform Password Attacks  Remote Attack Hydra Unicorn  Local Attack John the Ripper (JTR)‏  Additional resources required: Wordlists Patience Heorot.net

8 Remote Attack Hydra Demonstration

9 Enumerating Further  Perform Password attacks Hydra results: Access Gained  What to do next? Continue on with Enumeration Return to “Gain Access & Privilege Escalation” Heorot.net

10 Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise We now have access Heorot.net

11 Gaining Access & Privilege Escalation  Gain Least Privilege through: Exploitable vulnerability Mis-configured system Poor security practices “In general when someone has physical access to the local host the game is over, because there is usually one or more ways to get all information from the system.” -ISSAF Heorot.net

12 Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise “How to do this” is not covered in any methodology Heorot.net

13 Gain Intermediate Privilege  Exploitable vulnerability Application exploit  Mis-configured system Application running at higher-than-needed privileges Access to applications they shouldn't have Improper maintenance (core dumps)‏  Poor security practices Users given elevated privileges Heorot.net

14 Gain Intermediate Privilege sudo Demonstration

15 Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise Heorot.net

16 Compromise “A system is fully compromised anywhere in the target network and further attack from this system can be performed. This system can be used as a step stone for other attacks to the final goal.” Best example of this is “Got Root?”

17 Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise Heorot.net

18 Final Compromise “ In this step, the “real” victim like the company master DB or a specific system/file is compromised. ” - ISSAF Database Web Pages Mail Servers etc.

19 Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○... ○ Vulnerability Identification ○ Penetration ○ Gaining Access & Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise Heorot.net

Download ppt "Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability."

Similar presentations

MGD Services, Inc. The IT Quality Assurance Specialists

MGD Services, Inc. The IT Quality Assurance Specialists
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
and Mitigations Brady Bloxham

and Mitigations Brady Bloxham
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the.

Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the.
Module 2 – PenTest Overview

Module 2 – PenTest Overview
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Hacking Unix/Linux.

Hacking Unix/Linux.
The Business of Penetration Testing

The Business of Penetration Testing
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.

Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Www.TASK.to GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.

GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.

Similar presentations

Ads by Google