Launching attacks internally can be both satisfying and rewarding. You will no longer be restricted by the protected outer shell of the network and can traverse at will. Take care that the tools used do not give you away.
Tip
By understanding what an administrator would see under certain conditions, a penetration tester is more likely to perform well thought-out work that is in line with the final goal of the test as described in the rules of engagement contract.
Here, we have a connection from a Kali machine to a Kioptrix Level 1 machine. Take a look at the strange traffic being logged by the firewall as represented in the following image:
Now if we were to quickly log into the system and set up or escalate the privilege of a user account to allow us SSH capability, we could merge with the existing traffic on the network. Let's take a look at the difference when we are logged into SSH now while running the tree
command in the SSH session:
bash-2.05# tree | head . |-- X11R6 | |...