Post Exploitation. n00bpentesting.com



Similar documents
Intelligence Gathering. n00bpentesting.com

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. ID: My Blog:

Symantec Cyber Readiness Challenge Player s Manual

Penetration Testing LAB Setup Guide

Lab Objectives & Turn In

IDS and Penetration Testing Lab II

Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

Penetration Testing Walkthrough

Quick Start Guide for Parallels Virtuozzo

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

IDS and Penetration Testing Lab ISA656 (Attacker)

Quick Start Guide for VMware and Windows 7

IDS and Penetration Testing Lab ISA 674

NYU-Poly VLAB Introduction LAB 0

Lab 9: Pen Testing (NESSUS)

Smartphone Pentest Framework v0.1. User Guide

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing with Kali Linux

A New Era. A New Edge. Phishing within your company

OCS Virtual image. User guide. Version: Viking Edition

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

REVISION HISTORY. Date Version Description Author 02 November Document creation Chris Myers

Penetration Testing Using The Kill Chain Methodology

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

How to hack a website with Metasploit

The Open Cyber Challenge Platform *

Metasploit: Penetration Testing in a Virtual Environment. (Final Draft) Christopher Steiner. Dr. Janusz Zalewski. CNT 4104 Fall 2011 Networks

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Privileged Account Discovery for UNIX

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Vulnerability Assessment and Penetration Testing

Freshservice Discovery Probe User Guide

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Vulnerability analysis

Student installation of TinyOS

Vulnerability Assessment Lab

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Installing Windows On A Macintosh Or Linux Using A Virtual Machine

Vinny Hoxha Vinny Hoxha 12/08/2009

Accessing vlabs using the VMware Horizon View Client for OSX

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Lab 10: Security Testing Linux Server

Download Virtualization Software Download a Linux-based OS Creating a Virtual Machine using VirtualBox: VM name

ULTEO OPEN VIRTUAL DESKTOP UBUNTU (PRECISE PANGOLIN) SUPPORT

PowerShell for Penetration Testers

Introduction. Installation of SE S AM E BARCODE virtual machine distribution. (Windows / Mac / Linux)

Richmond Systems. SupportDesk Quick Start Guide

Creating a Linux Virtual Machine using Virtual Box

Installing Sun's VirtualBox on Windows XP and setting up an Ubuntu VM

Imation LOCK User Manual

How to connect to the University of Exeter VPN service

1. LAB SNIFFING LAB ID: 10

CYCLOPE let s talk productivity

Computer Science and Engineering Linux Cisco VPN Client Installation and Setup Guide

Audience. Pre-Requisites

ECT362 Installing Linux Virtual Machine in KL322

Verax Service Desk Installation Guide for UNIX and Windows

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

SYMANTEC BACKUPEXEC2010 WITH StorTrends

QUT PRINTING SERVICES. Printing from your laptop. Connect your laptop to the student print queue

Redtail CRM Integration. Users Guide Cities Digital, Inc. All rights reserved. Contents i

Metasploit Lab: Attacking Windows XP and Linux Targets

Penetration Testing LAB Setup Guide

Hacking Techniques & Intrusion Detection

Installing Proview on an Windows XP machine

Bringing the Eko VM Home (302)

Install Guide for JunosV Wireless LAN Controller

Shellshock Security Patch for X86

FORENSIC ARTIFACTS FROM A PASS THE HASH (PTH) ATTACK BY: GERARD LAYGUI

Creating a Windows XP Virtual Machine using Virtual Box

Alinto Mail Server Pro

Creation of Pentesting Labs

Adafruit's Raspberry Pi Lesson 5. Using a Console Cable

In order to upload a VM you need to have a VM image in one of the following formats:

User Manual of the Pre-built Ubuntu Virutal Machine

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Accessing your Staff (N and O drive) files from off campus

HP SDN VM and Ubuntu Setup

Metasploit Pro Getting Started Guide

Deploying Ubuntu Server Edition. Training Course Overview. (Ubuntu LTS)

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd

Installing an open source version of MateCat

SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN. Final. Version 1.0

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

SSL VPN INSTALLATION, UPGRADE, USAGE INSTRUCTIONS Windows XP

Lab 12: Mitigation and Deterrent Techniques - Anti-Forensic

«Disaster Recovery» A DOM Restore Guide for Thecus NAS

DVS-100 Installation Guide

AUTHOR CONTACT DETAILS

Ahsay Online Backup. Whitepaper Data Security

INUVIKA OVD INSTALLING INUVIKA OVD ON UBUNTU (TRUSTY TAHR)

DVS-100 Installation Guide

Connecting to Remote Desktop Windows Users

SCADA Security Example

ClickOnce Deployment Notes

Networks and Security Lab. Network Forensics

UOG User Guide. Windows

Personal Virtual Server (PVS) Quick Start Guide

Transcription:

Post Exploitation n00bpentesting.com

Prerequisites Hardware Software Topics Covered A Note Before You Begin Lab 0ne Post Exploitation What s Next? 3 3 3 4 4 4 5 8 2

Prerequisites Thank you for downloading the n00bpentesting.com. This guide is designed to help the n00b penetration tester get their feet wet with some of the tools covered on n00bpentesting.com while honing their skills following the Penetration Testing Execution Standard. Hardware Computer with Linux, Windows, or Mac OSX 4GB RAM Hard- drive with at least 50GB Software VirtualBox Virtualization Software http://www.virtualbox.org/wiki/downloads BackTrack 5 R1 Virtual Machine http://www.backtrack- linux.org/downloads Windows XP SP2 Virtual Machine Supply your own copy or use a NIST Image NIST - http://nvd.nist.gov/fdcc/download_fdcc.cfm Metasploitable Virtual Machine http://updates.metaspoit.com/data/metasploitable.zip.torrent 3

Topics Covered Post Exploitation A Note All n00bpentesting.com guides will follow applicable sections of the Penetration Testing Execution Standard (PTES). It is highly recommended that any penetration tester or one who wants to move into this field should read and regularly reference the standard. It can be found here: http://www.pentest- standard.org/ Before You Begin It is important to update BackTrack, SET, and Metasploit before you begin each lesson. Updating these packages will ensure the latest tool updates and fixes are applied for better stability and exploit success. To Update BackTrack At the command prompt type: apt- get update && apt- get upgrade && apt- get dist- upgrade, press ENTER To Update Set At the command prompt type: cd /pentest/exploits/set && svn update, press ENTER To Update Metasploit At the command prompt type: cd /pentest/exploits/framework && svn update, press ENTER 4

Lab 0ne Post Exploitation In this lab you will learn how to escalate privileges by using information gained from the initial exploitation of the target. Once the privileges have been escalated to root, then game over, the target system is completely under the control of this user. We were able to show two ways to exploit the target system (hint: there are many), first using metasploit, and second using a specially crafted URI. Once the exploit was successfully launched access to the /etc/passwd file provided insight on the available accounts on the target system that can be used in a brute force password attack. 1. In the running meterpreter session type: download /etc/passwd, press Enter Now that the /etc/passwd file has been downloaded to the BackTrack VM, a password brute force tool can be used to try and obtain a valid set of credentials. We will use a tool called medusa to brute force the password of the msfadmin account. We are telling medusa to try and login to host 192.168.99.102 as user msfadmin using the password file darkc0de.lst, try password same as username, and use SSH for the login attempts. 5

2. At the command prompt type: medusa - h 192.168.99.102 - u msfadmin - P /pentest/passwords/wordlists/darkc0de.lst - es - M ssh, press ENTER Success! The user msfadmin has a password of msfadmin. Now this account can be used to login to the target via SSH. 3. At the prompt type: ssh msfadmin@metasploitable_ip_address, when prompted for password enter msfadmin 6

Though the login was successful, msfadmin is not root and is not currently running as root. This is indicated by the prompt followed by a $, see below. Hopefully, msfadmin is in the sudoers file and we can sudo to root. Let s give it a try. 4. At the command prompt type: sudo i, press ENTER 5. When prompted for the password enter msfadmin The command prompt will change ending in a #, this indicates the user is now running as root. GAME OVER!!! The user privileges were successfully escalated to root and now has access to /etc/shadow, where passwords are hashed for all accounts on the system. This file can be used with John the Ripper to be cracked off- line. Files and services can be uploaded and started for persistence and further exploitation on the network the target resides on. 7

What s Next? Continue to explore, and practice, over, and over again. The metasploitable image has several vulnerabilities; in fact, the same vulnerabilities we exploited in a certain manner can be exploited in other methods as well. More guides will become available on n00bpentesting.com. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information