Post on 17-Jan-2016
transcript
Module 7 – Gaining Access &Privilege Escalation
Phase II Controls Assessment Scheduling
○ Information Gathering○ Network Mapping○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation○ Enumerating Further○ Compromise Remote Users/Sites○ Maintaining Access○ Cover the Tracks
Heorot.net
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
Problem: We don't have access
Heorot.net
Enumerating Further
Phase II Controls Assessment Scheduling
○ Information Gathering○ Network Mapping○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation○ Enumerating Further○ Compromise Remote Users/Sites○ Maintaining Access○ Cover the Tracks
Heorot.net
*Enumerating Further
E-mail address gathering Perform Password attacks **Sniff traffic and analyze it **Gather cookies **Identifying routes and networks **Mapping internal networks
*ISSAF does not cover this topic in great detail**Advance topics not covered in this class
Heorot.net
E-mail Address Gathering
May already have some○ WHOIS information○ Forums○ archive.org
Blind e-mails○ Admin@...○ Webmaster@...○ abuse@...○ Asdfasdf@...
Web site
Heorot.net
E-mail Address Gathering
Web page Demonstration
Perform Password Attacks
Remote AttackHydraUnicorn
Local AttackJohn the Ripper (JTR)
Additional resources required:WordlistsPatience
Heorot.net
Remote Attack
Hydra Demonstration
Enumerating Further
Perform Password attacksHydra results: Access Gained
What to do next?Continue on with EnumerationReturn to “Gain Access & Privilege Escalation”
Heorot.net
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
We now have access
Heorot.net
Gaining Access &Privilege Escalation Gain Least Privilege through:
Exploitable vulnerabilityMis-configured systemPoor security practices
“In general when someone has physical access to the local host the game is over,because there is usually one or more ways to get all information from the system.” -ISSAF
Heorot.net
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
“How to do this” isnot covered in any methodology
Heorot.net
Gain Intermediate Privilege
Exploitable vulnerabilityApplication exploit
Mis-configured systemApplication running at higher-than-needed
privilegesAccess to applications they shouldn't haveImproper maintenance (core dumps)
Poor security practicesUsers given elevated privileges
Heorot.net
Gain Intermediate Privilege
sudo Demonstration
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
Heorot.net
Compromise
“A system is fully compromised anywhere in the target network and further attack from this system can be
performed. This system can be used as a step stone for other attacks to the final goal.”
Best example of this is “Got Root?”
Gaining Access &Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise
Heorot.net
Final Compromise
“In this step, the “real” victim like the company master DB or a specific system/file is compromised.” - ISSAF
DatabaseWeb PagesMail Serversetc.
Module 7 – Gaining Access &Privilege Escalation
Phase II Controls Assessment Scheduling
○ ...○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation
Gain Least PrivilegeGain Intermediate PrivilegeCompromiseFinal Compromise
Heorot.net