Network probing and information gathering
Menggunakan dig, nslookup
Melihat file HTML
Finger (jika di aktifkan)
Network Enumartion, menggunakan dig, nmap, ping, traceroute
Identifying trusted network components, menggunakan nmap, AMDhack.
Perform types of checks
A TCP portscan of a host.
A listing of shares via. samba / netbios.
Identification of vulnerable versions of server daemons, including Sendmail, IMAP,
POP3, RPC status & RPC mountd
Taking advantage of vulnerable components
Identify vulnerable network components & compromise the hosts.
Upon executing such a program remotely to exploit a vulnerable server daemon
Gain root access to your host.
Upon gain access to vulnerable components
'clean-up‘ operation of doctoring your hosts logs
'backdooring' service binaries.
place an .rhosts file in the /usr/bin to allow remote bin access to the host via
rsh & csh
Abusing access & privileges
Downloading sensitive information
Cracking other trusted hosts and networks
Install trojans & backdoors + remove logs.
Installing sniffers to 'sniff' data flowing across the internal network -> a
remote root compromise of an internal host.
Taking down networks, rm -rf / &
Sumbe : Onno W. Purbo
Post a Comment