[Article]-Video: The 15-Minute Network Pen Test Part 2

Viewing 10 reply threads
  • Author
    Posts
    • #3472
      Don Donzal
      Keymaster

      Hope the wait wasn’t too difficult.  😉

      Permanent link: [Article]-Video: The 15-Minute Network Pen Test Part 2

      [align=center:tgn2tr0q][/align:tgn2tr0q]

      There are numerous tools used in the Penetration Testing (pen testing) process, and there are plenty of books that go into how to use the individual tools.  There are very few resources that discuss how the tools are used and how to approach the process.  Parts 1 and 2 encompass the basic outline of what was presented at a talk given to the Duke University ACM Chapter with some minor changes.

      In Part 1, we took the viewer through the initial network recon stage through actual exploitation using Metasploit.  Initially the network is scanned through Nmap, and then continued with Nessus.  We importing the Nessus vulnerabilities directly into Metasploit, determined the corresponding modules for the specific host, then used the module to compromise a remote Microsoft Windows XP box.

      Part 2 covers some of the post-exploitation tasks that a pen tester may use.  It begins with some basic Meterpreter tasks.  Meterpreter is a specialized pen testing shell that is included in Metasploit as a payload.  Using Meterpreter, password hashes are obtained from the exploited machine, and 0phcrack is used to crack the obtained passwords.  While the passwords are cracking offline, the viewer is taken back to Meterpreter in order to create a hidden cmd.exe shell on the remote host. Finally we create a new user and add that user to the Administrators group. Ready to see it in action?

      Lots more from Ryan in the coming months. Thanks for all of your hard work,

      Don

    • #22732
      KrisTeason
      Participant

      Sweet…It’s Out Sooner Than I Thought! This Video Was Definitely Review For Me, What I Did Find Interesting Though Is What He Does When He Gains A Meterpreter Shell, I Typically Migrate Over To explorer.exe Or A More Stealthier Process He Just Creates The Process And Continues His Attack Through There. Good Video Though, Now That He’s Got Access To Some Administrative Accounts, I Can See Part 3 Now…Getting A GUI Maybe…Still Can’t Wait Though…Well Put Together!

    • #22733
      apollo
      Participant

      The GUI is a good idea, I hadn’t thought about that, but that would be a good add-on.  The other two that I”d thought about doing were on using pass the hash through meterpreter sessions and using your meterpreter session to assist in pivoting.  Any other thoughts ?

    • #22734
      KrisTeason
      Participant

      That sounds perfect actually. I’ve only seen the pass the hash attack once, pivoting and exploiting other machines with the ms08_067 would prove quite effective…then again you had the .128 and .129 post up in your first video (you being .129) & you’ve already gained entry into .128 so although pivoting is a beautiful idea, what other workstations would you attack in 3?

    • #22735
      slimjim100
      Participant

      Ryan you excited me with this follow-up video. Thanks you for taking to time to help other learn!

      Cheers,

      Brian

      BTW I like the account names you added to the XP box 😛

    • #22736
      DrWireMORE
      Participant

      Enjoyed the article and audio.  Confused to why this post and the links are referred to as video.  Have not found a video, but a great audio. dr

    • #22737
      Anonymous
      Participant

      maybe you are missing a codec or something, there is most certainly a video with a voice narration

    • #22738
      DrWireMORE
      Participant

      Solved: nothing technical, just a screen size too small that I didn’t see the flash window.  Got it… thanks (user error..go figure) dr

    • #22739
      Don Donzal
      Keymaster
    • #22740
      Jhaddix
      Participant
    • #22741
      UNIX
      Participant

      Finally I had time too to view both of your videos – I really liked them and appreciate the work you put in. I think mainly for newcomers this is really helpful and shows on the technical side how a penetration could be done.

Viewing 10 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?