|
|
 |
|
|
Any access is good...but root/Admin is where it's at! A little more digging may reveal a choice privilege escalation exploit! Remember, you may need to be interactive first...
www.securityfocus.com/bid (for starters)
Once access is gained, there is much to do...
- Disable logging
- Clear logs and histories
- Grab password data
- Add yourself a user account
- Review system config files
- Memory contents?
- etc...
To truly own the machine, one must gain interactive command execution
- Seek out services like telnet, rlogin, SSH, MS Terminal Services, etc
- Back channels rarely disappoint
- NetCat is the Swiss Army knife of hacking (or should we say Leatherman?)
- Don't forget about PSEXEC across and Admin connection to a Windows host
- etc...
Expand your influence...
- Start the methodology over again from your new vantage point
- Attack trusts
- Copy over tools to assist in your expansion efforts
- Crack passwords gathered thus far
- Rootkits, Trojans, backdoors
- Keystroke loggers
- Sniff traffic
- Memory contents
- Sensitive files
- Enumerate ACL's
- Use port re-direction to circumvent ACL's
- Hi-jack sessions
- Re-use passwords elsewhere!
- etc...
Covering your tracks well allows for extended stays with little interference
- Disable logging, IDS, and other security mechanisms
- Hide tools (obscure directory, attributes, streaming, etc.)
- Rootkits, Trojans, backdoors
- Covert channels (Loki, httptunnel, etc.)
- Spoofed sessions (i.e. STerm)
- etc...
|
