Book Image

Windows and Linux Penetration Testing from Scratch - Second Edition

By : Phil Bramwell
Book Image

Windows and Linux Penetration Testing from Scratch - Second Edition

By: Phil Bramwell

Overview of this book

Let’s be honest—security testing can get repetitive. If you’re ready to break out of the routine and embrace the art of penetration testing, this book will help you to distinguish yourself to your clients. This pen testing book is your guide to learning advanced techniques to attack Windows and Linux environments from the indispensable platform, Kali Linux. You'll work through core network hacking concepts and advanced exploitation techniques that leverage both technical and human factors to maximize success. You’ll also explore how to leverage public resources to learn more about your target, discover potential targets, analyze them, and gain a foothold using a variety of exploitation techniques while dodging defenses like antivirus and firewalls. The book focuses on leveraging target resources, such as PowerShell, to execute powerful and difficult-to-detect attacks. Along the way, you’ll enjoy reading about how these methods work so that you walk away with the necessary knowledge to explain your findings to clients from all backgrounds. Wrapping up with post-exploitation strategies, you’ll be able to go deeper and keep your access. By the end of this book, you'll be well-versed in identifying vulnerabilities within your clients’ environments and providing the necessary insight for proper remediation.
Table of Contents (23 chapters)
1
Part 1: Recon and Exploitation
9
Part 2: Vulnerability Fundamentals
17
Part 3: Post-Exploitation

Network pivoting with Metasploit

Let’s back up to the beginning of the chapter, where we found our dual-homed Windows 7 box, and look at a real-world foothold and pivot scenario. We have valid credentials, though we only have a password hash that we dumped from another machine. We’ll be passing them to our target with the psexec exploit. Don’t worry, we’ll take a closer look at pass-the-hash (PtH) attacks shortly. For now, let’s grab our foothold:

Figure 15.8 – Configuring a psexec module with a captured hash

We are targeting 192.168.108.153, so we configure the target with set RHOSTS 192.168.108.153. We use set SMBPass to configure our captured credentials, along with set SMBUser. Then, we fire off the attack with run:

Figure 15.9 – Running ipconfig on the target to find additional networks

Magic sparks fly through the air as our Meterpreter session is established. The first thing I...