Network Attacks: Entrenchment & Exfiltration

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Network Attacks: Entrenchment & Exfiltration

Author: cyberwriter | Published on January 31, 2019 | Views: 1149

ssh telnet entrenchment

SSH, Telnet, Exfiltration, and Whoami?

For many cybersecurity professionals, simply compromising a network may only be the first step in an attack. It may require a great technical effort to gain undetected access to a network, but entrenchment involves gaining an advantageous position after gaining network access. This means gaining root access if not yet accomplished, creating administrator accounts to access in the future, creating backdoors to access the network in the future, cracking passwords required to access devices in the network, and even sending out copied data from the network back to the attacker (exfiltration).

Let’s say an attacker has gained undetected access to a building’s network via SSH. After scanning for open SSH ports on the network and cracking the SSH password, an attacker would need to get entrenched to gather any useful information. Assuming the attacker is working from a shell, entering the “whoami” command into the command console will reveal the status of the account the attacker has accessed the network with. This is typically known ahead of time in SSH as login may require username and password credentials. If the attacker’s account does not have admin access they could modify their account’s permissions or create a new admin account.

Once the attacker has compromised the network and acquired root access, the attacker needs to create a backdoor in order to access the network or device again in the future. This can be done in a myriad of ways. The simplest way to do this is to enable a remote access service or protocol. Services like SSH and Telnet provide a reliable way to access the network remotely, but this approach may be very visible or obvious to the organization. Rootkits provide a more covert yet more technical solution to creating a backdoor, and specialized backdoor programs can be covert and easy to install.

Finally, the attacker searches the network for valuable information to copy for exfiltration. Depending on the context of the attack, this may be login credentials, sensitive data, organizational information, or anything worth copying and keeping. The data is copied from the network and sent to a remote host for storage or monitoring. A lot of organizations store their password data in encrypted hashes, and an attacker may need to decrypt or crack these hashes in order to retrieve passwords. Either way, solving hashes is no simple task. Some attackers only retrieve raw hash data for decryption or run the hash data through well-known programs like ophcrack. The attacker can then use these passwords to create new points of access or acquire additional data for exfiltration.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?