Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Command and Control Part III: Advanced Channels and Data Exfiltration

It's true that there is no direct user land connection to the Internet but remember earlier when I said that people often don't fully understand the environments they manage? That is no less true here than in most places. You don't need a “direct” connection to the Internet, you just need to be able to get data out to our C2 and that is by no means the same thing. You could hope we get a user with proxy access and inherit those permissions to talk out to the web, but that would be leave you with a heavily restricted connection which carries far too much uncertainty. You can do better. Consider the following example.

I'm sitting on the banking LAN and I type the following command and get the following output:

> ping www.google.com


Pinging www.google.com [74.125.136.147] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 74.125.136...