S3SS10N Wednesday – 5 Ways to Access a Network

Join Cybrary

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here
< Back to S3SS10NS

S3SS10N Wednesday – 5 Ways to Access a Network

Published: January 18, 2017 | By: Andrew McNicol | Views: 30338
This post has been saved to your profile

This Weeks S3SS10N Wednesday

In this Session, Andrew McNicol challenges us to think outside the box when it comes to pentesting. Many beginning pentesters feel that tool suites such as Nexus and Metasploit are all they need in order to mount an effective security analysis of a client’s network. As conveniently-packaged as these tools are, they truly do confine you within their toolbox for what’s possible, so sit back while Andrew takes the training wheels off of pentesting!

In order to move beyond the common findings of pentesting using tool suites, you need to be aware of the five primary ways that hackers can gain access to a network. This begins with compromising the thin human wall surrounding every organization. Humans can be counted on to mess things up on multiple levels. This first and most common is the wealth of information most willingly give up in response to social engineering attacks.

Phishing emails are where any comprehensive pentesting operation should begin. Andrew discusses the technique of tracking offenders (suckers) by adding custom links to each message to trace the source of the click. When clicked, the links result in exploit code being executed. These exploits can be quite sophisticated. User credentials can be gathered via exploits targeting Citrix or online web apps.

Andrew points out that prior to beginning your pentesting, it’s important to establish the rules of engagement with the client. This consists of understanding their goals and how far they’re willing to let you go in terms of being stealthy. In other words, just how devious are you allowed to get when it comes to fooling their staff. And things can get downright sneaky with the use of customized domains to look like a client web property! The stealthier you’re permitted to get the higher the click through rate on links in phishing emails typically becomes.

The second way to gain network access is by exploiting vulnerabilities in web apps. Since apps are everywhere these days and they become difficult to manage as a result, vulnerabilities then increase. These vulnerabilities extend from exploiting vulnerabilities in file uploads to deploy file inclusion attacks (local and remote) to weaknesses in the admin panels of popular web app platforms such as WordPress, Drupal, JBOSS, etc.

Coming in at number three is multicast poisoning. This exploit takes advantage of protocols and services that use broadcast or multicast and then tricking clients into sending credentials which are then captured. This vulnerability occurs when DNS fails or on Windows systems using Netbios or WPAD. Andrew mentions a few exploit tools in this category such as Responder from Spider Labs and LAN Turtle. This type of attack can also be implemented using a USB drive.

At number four is the SMB relay attack. This is another “Man in the Middle” attack like multicast poisoning. A malicious SMB server can be attached to the network which in turn intercepts client authentication requests. This can result in the execution of malicious code across the enterprise. A simple fix is to enable SMB signing, which unfortunately, is not typically enabled by default.

The final network access method is account compromise. Like phishing, this method again exploits the tendency of humans to mess up. Using the same credentials across multiple servers and apps can allow a hacker to potentially gain access to a wide range of systems. Several techniques exist to capture credentials ranging from the password reset feature on many systems, to lack of account lockouts, to weak passwords and usernames to users writing credentials on sticky notes. In fact, Andrew reveals a sneaky tactic of snooping around after hours expressly looking for such giveaways!

< Back to S3SS10NS

About This S3SS10N Wednesday's Contributor

Andrew McNicol
Andrew (@primalsec) is a Python junkie who is currently the lead for a web application penetration testing team and mentor for the SANS institute. Previously, he worked on an incident response team focusing on malware analysis and network forensics. He is one of the founders and lead authors of Primal Security Podcast, focusing on Python scripting, exploit development, and CLI Kung Fu.
Enjoy this S3SS10N Wednesday? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter LinkedIn Email
Join Cybrary
  1. Very interesting session. Really waiting for the next part.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



Is Linux Worth Learning in 2020?
Views: 211 / December 14, 2019
How do I Get MTA Certified?
Views: 820 / December 12, 2019
How much does your PAM software really cost?
Views: 1272 / December 10, 2019
How Do I Get into Android Development?
Views: 1650 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?