Book Image

Hands-On Penetration Testing on Windows

By : Phil Bramwell
Book Image

Hands-On Penetration Testing on Windows

By: Phil Bramwell

Overview of this book

Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offices to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients. In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode. We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits. By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them.
Table of Contents (25 chapters)
Title Page
Dedication
Packt Upsell
Contributors
Preface
Index

Escalating your pivot – passing attacks down the line


Let me paint a scenario for you. From inside the restricted network you were able to plug into, you've just established your foothold on a Vista Business machine with an NIC facing an internal 10.0.0.0/24 network. You can't see this network from your position so, using your meterpreter session, you establish routing via your Vista pivot point. After some further reconnaissance, you determine that 10.0.0.113 is running an FTP service. However, you can't connect to it from your pivot point. After watching the LAN, you notice traffic passing between 10.0.0.113 and 10.0.0.114, so you suspect a trust relationship between those two hosts. You also see the Windows user designadmin frequently, so it could be a domain account that is used on different machines or a shared local account.

I already tried to portfwd to 10.0.0.113:21, and I tried connecting with the Vista target's native FTP client, but no cigar. There's a firewall blocking our traffic...