OS and Network Penetration Testing
-
Upload
mihai-dumitrel -
Category
Documents
-
view
224 -
download
0
Transcript of OS and Network Penetration Testing
-
8/10/2019 OS and Network Penetration Testing
1/4
Information Security: Exploiting OS
Vulnerabilities and Network PenetrationTesting
1.Describe the steps done to get administrator/root access to a modern operating system,
other than the ones presented in the lab. Present briefly the vulnerability that helped you in the
process. (min 1 page max 2 pages .
Te following steps describe a metod of ow to crack a !indows " Password# wen you
a$e direct access to te targeted macine% Tis metod does not re&uire anoter program like 'eset
(isk# a password cracking program or anyting else specially designed to retrie$e passwords% Tis is
$ery con$enient and te only drawback tat can be considered is te fact te attacker needs to access
te computer wic as te targeted !indows " system installed on it and once te password as been
cracked# te attacker cannot co$er is tracks%
Tese are te necessary steps in order to ack te administrator password and get root
pri$ileges:
1. )irst ting needed to be done is to make !indows " gi$e a *!indows Error 'eco$ery+ screen
wen booting up te operating system% In order to do tis# you a$e to start te computer# by
pressing te On,Off button% !ile te *Starting !indows+ screen is acti$e on te monitor# press
te On,Off button again on te computer% Tis will trigger !indows to perform a ard sutdown%-fter tis# start te computer again and wait until a screen like te one in!igure 1appears%
!igure 1" #indo$s %rror &ecovery 'creen
2. If Step . as been completed correctly# te screen will gi$e te options on ow to start te
computer# like seen in !igure 1% Select te */aunc Startup 'epair+ option and ten# wen
prompted wit a window tat asks you: *(o you want to restore your computer using System
'estore0+ select 1ancel%
-
8/10/2019 OS and Network Penetration Testing
2/4
Information Security: Exploiting OS Vulnerabilities and Network Penetration Testing
3. Te Startup 'epair will now ceck your computer for problems% !ait until it finises repairing
your computer% Tis process will not arm any of te user2s personal files% -fter waiting# a new
window will be prompted tat says *Startup 'epair cannot repair tis computer automatically+%
Tere will be an arrow pointing downwards in te bottom of te left corner tat says *View
Problem (etails+# sown in !igure 2%
!igure 2" ie$ Problem Details
4. 1lick on te arrow sowed in !igure 2% Te window will grow# displaying te Problem (etails%
Scroll down until you2ll find links in te details% Ignore te first one and click on te second one
tat will say someting like +If te online pri$acy statement is not a$ailable# please read our
pri$acy statement 3:4windows4system564en78S4errofflps%txt+%
5. -fter clicking te link# Notepad will open up# display te *errofflps%txt+ file% 1lick on te *)ile+button from te top menu of Notepad# click *Open+ and go to te System56 )older# usually found
on ere: 1:4!indows4System56% -fter entering te folder# switc from Text Documents(.txt) toAll
Filesby clicking te drop7down menu from te bottom of te window 9*Files of type+ option%
6. )ind te application named sethcand rename it to sethc.ba)% Tis is te application for te Sticky
;eys program% Next# in te same folder9System56# find te application named cmd(*ommand
Prompt#create a copy of it and rename te copy to sethc%
-
8/10/2019 OS and Network Penetration Testing
3/4
Information Security: Exploiting OS Vulnerabilities and Network Penetration Testing
targeted macine% In tis example# te main goal will be to compromise and gain root access on a web
ser$er wic uses !indows as an Operating System% Tis will be done by exploiting te SS/ P1T
andsake $ulnerability 9known as TA1IIS/-?E% Tis is ow it works: if any SS/7enabled ser$ices
are present# and bot te P1T and SS/ protocols are enabled# remote attackers may exploit te buffer
o$erflow condition to execute arbitrary code on $ulnerable !indows ser$er installations and gain
SBSTE? pri$ileges% Te se$erity of tis $ulnerability is compounded by te fact tat SS/ is most
often used to secure communications in$ol$ing confidential or $aluable information# and it is terefore
belie$ed tat ackers will aggressi$ely target tis $ulnerability% -n a$ailable exploit sends amalformed SS/,P1T 1/IENT>AE//O message# along wit sufficient code tat allows it to open a
remote sell on te $ictim2s ser$er% Once exploited# a remote sell is created on te target system on
T1P port 5.55"% Tese are te steps needed to complete in order to ack and gain admin pri$ileges:
.% /aunc te 1ore Impact C8I% In te left and pane of te C8I# click on te icon to open a
*New !orkspace%+ In te window tat opens# fill in te information tat is re&uired in order to
create te workspace ten click *Next+% Tis sould open te license dialog box% Dust click on
*next+ as te license sould already be set up% Tis sould open te passprase dialog box% Set
te passprase for your system to password% Once you a$e set te passprase# mo$e your
mouse around in te box on te rigt and side until te blue bar underneat te box is filled#
ten click *Next+% Tis will open te completion dialog box% On tis screen# click *)inis%+Tis sould launc te 1ore Security console# as sown in !igure +:
!igure +" *ore 'ecurity *onsole
6% Co to Entity View pane# rigt click on te localost2 icon and select *New Aost from te dropdown menu% -fter tis# a dialog box for te new ost will appear% Aere# cange te fields to
matc te IP address of te targeted system and ten press Ok% In te 1ore Impact console
sould be a new icon wit a ?icrosoft !indowsF logo and te IP address tat as been
entered in te pre$ious step next to it% 1lick on View and te Entity Properties from te ?enu
-
8/10/2019 OS and Network Penetration Testing
4/4
Information Security: Exploiting OS Vulnerabilities and Network Penetration Testing
Pane# wic will prompt a dialog box *?odule Parameters+% /ea$e all te options set to
default and click Ok%
G% If te attack as been successful# a new item named le$elH9H sould be seen under te
targeted system icon# in te -gents Pane of te console# wic means a return connection as
been made from te target to te attack system% Tis exploit only creates te connection# but it
does not load any files on te ard dri$e of te targeted system%
1licking on te /og,(ebug
tab of te Execution ?odule Status pane sould also let you know tat te attack was
successful%
!igure " 'tep 2
=% -t tis point# te targeted system is now exploited% In te ?odules Pane in te
console# find te icon for Sells and select te$ini %&ell% (rag and drop te sell on
te le'el0(0) agent in -gents Pane% - pop7up (OS like window will appear# like a
1ommand Prompt wic uses primarily /inux commands% Tis sell will run on te
$ulnerable system wit System /e$el permissions wic means te attacker will be
able to start and stop processes# delete and insert files and create backdoors%
G