.

What might you do?

<<

O_o

Newbie
Newbie

Posts: 28

Joined: Fri Jul 22, 2011 12:57 pm

Post Thu Jul 28, 2011 8:45 am

What might you do?

So I've been doing some penetration test on my virtual lab(my host system is windows 7 and guest is ubuntu).So here's what happend
1. I tried the ping of death all it did was crash the computer(the virtual one). Is that even useful for something besodes crashing a computer?
2.next I established a null session with vbox and got access, and was pretty happy... for a moment.
3.I was like what now i got access but I am pretty sure you real pen testers wouldn't stop there. Any advice to make this a little realistic?

WHAT WOULD YOU GUYS HAVE TO DO IN THE REAL WORLD?
If your computer speaks English, than it was probably made in Japan.
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Jul 28, 2011 9:52 am

Re: What might you do?

I haven't watched it yet, but as for #3 on your list, there's a post-exploitation video in the new Armitage/Metasploit vids Don posted yesterday: http://www.ethicalhacker.net/content/view/379/2/

As for #1, depending on the tool you're using, you might be able to set ping limitations so that instead of crashing the PC, you just eat up all of its bandwidth.  As for its usefulness, I guess that depends on the perspective.  It's not very good etiquette to just crash client systems (unless the client asks for this in the agreement and has a identical 2nd non-production system for you to test on).  I'm not a professional pentester, but from what I've heard ping flood usually aren't part of a pentesters arsenal of tools.  If it doesn't crash the system, it's going to grind the system to a halt by eating up all of its bandwidth.  But letting a client know that the system is vulnerable to system crashing is good knowledge (pentester knows from previous experience or knowledge found on the web). They could then put in measures to prevent that from happening (upgrade the software, etc).
GSEC, eCPPT, Sec+
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Jul 29, 2011 3:03 am

Re: What might you do?

1.  we are hackers, our mission is to manipulate a system in such a way it will do what we want it to do, which is in none of the case a DoS. DoSing wont help you get access to a computer, ever! so forget about DoS exploits, which are fine for disgruntled n00bs who have some sort of beef with a specific target.

2. here some pointers, remember that access isnt always enough. the ultimate goals is root/admin rights, also known as rooting the box! here a few things of the 1000s that can be done: with null session you mean you gained access to a windows share right? next i would see if i had write permissions and upload (malicious) code, preferably in the language of a service i could access through another way (see where i am going with this?) try to access the filesystem to, if an old box, download the sam backup file to brute force login credentials offline. be creative and see what you can find (perhaps batch scripts that contain login credentials?)
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Jul 29, 2011 7:16 am

Re: What might you do?

j0rDy wrote:
2. here some pointers, remember that access isnt always enough. the ultimate goals is root/admin rights, also known as rooting the box!


I'm sorry but this is just wrong. The ultimate goal is whatever the objective of the pentest is. That is almost never root. The CIO rarely cares that you got root. He cares what you can do with it, the data you can access/exfiltrate, records you can mangle, etc depending on the nature of the business and what has value for them or what can create significant negative impact for them. Sure, root access can help you get there, but that's not the end goal. Focus on the data and however you can get at the data. A lot of times you will never need root to succeed in your test.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Jul 29, 2011 7:42 am

Re: What might you do?

tturner wrote:
j0rDy wrote:
2. here some pointers, remember that access isnt always enough. the ultimate goals is root/admin rights, also known as rooting the box!


I'm sorry but this is just wrong. The ultimate goal is whatever the objective of the pentest is. That is almost never root. The CIO rarely cares that you got root. He cares what you can do with it, the data you can access/exfiltrate, records you can mangle, etc depending on the nature of the business and what has value for them or what can create significant negative impact for them. Sure, root access can help you get there, but that's not the end goal. Focus on the data and however you can get at the data. A lot of times you will never need root to succeed in your test.


true, but giving the context where O_o is operating in (a virtual environment playing at home in a pentest lab) the ultimate goal is root, not whipping up a report for his CIO pointing out all the vulnerabilities. i agree that finding more vulnerabilities and pointing out what can be done with his data is more useful that focussing on just one and obtain root access. Sorry for the misunderstanding, i will try to be more specific next time.
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Jul 29, 2011 7:48 am

Re: What might you do?

No apologies needed. :) I just like setting expectations early for folks.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software