zoukankan      html  css  js  c++  java
  • Penetration Test

    Post-exploitation Techniques

    POST-EXPLOITATION TECHNIQUES
    • What to do once you're in
      • Make it easier next time
    • Lateral movement
      • RPC/DCOM (Remote Procedure Call / Distributed Component Object Model)
        • PsExec - Utility that supports executing processes on other systems(i.e. telnet)
        • WMI (Windows Management Instrumentation) - Managing devices and applications from remote computers
        • Scheduled tasks
    LATERAL MOVEMENT
    • PS remoting/WinRM
      • Powershell remoting / Windows Remote Management
    • SMB (Server Message Block)
      • Protocol for exposing shares to remote computers(Linux, etc. too)
    • RDP (Remote Desktop Protocol)
      • Ability to access a desktop from a remote computer
    • Apple Remote Desktop
      • Apple's RDP
    • VNC (Virtual Network Computing)
    • X-server forwarding
      • X-windows access to Linux desktop
    • Telnet
      • Unsecure remote access(everything in cleartext)
    • SSH (Secure Shell)
      • More secure remote access to shell
    • RSH/Rlogin (Remote Shell / Remote login)
      • Legacy secure remote access

    CASE 1 - Telnet login

    Keep in mind, Telnet is totally in the clear, so if there was somebody else out there sniffing through this traffic, they would be able to see what I'm about to type.

    telnet 10.0.0.21
    

    image-20201103203214809

    CASE 2 - SSH Login

    Logged in in a more secure manner, and all of the things that I type going back and forth are encrypted.

    ssh 10.0.0.21
    

    image-20201103203736251

    ssh msfadmin@10.0.0.21
    

    image-20201103204224718

    QUICK REVIEW
    • Don't reinvent the wheel each time - once you're in, make it easier next time.
    • Enable remote access if possible
    • Use remote access to move laterally within a network
    • Telnet can be helpful when connecting to different devices
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    install_bugzilla
    R610 & R710 网卡问题
    总结开发者在合作过程中的典型交流方式
    vnc报错 font catalog is not properly configured
    eclipse插件安装
    extjs 点击链接到另一个页面 并激活另一个页面的指定tab
    centos c++ 找不到头文件mysql.h
    升级struts 2
    oracle 删除用户报错
    mysql 创建用户及授权
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/13922449.html
Copyright © 2011-2022 走看看