Credential harvesting is the process of identifying usernames, passwords, and hashes that can be utilized to achieve the objective set by the organization for a penetration testing/red team exercise. In this section, we will walk through three different types of credential harvesting mechanism that are typically used by attackers in Kali Linux.
Credential harvesting and escalation attacks
by Robert Beggs, Vijay Kumar Velu
Mastering Kali Linux for Advanced Penetration Testing - Third Edition
- Title Page
- Copyright and Credits
- Dedication
- About Packt
- Contributors
- Preface
- Goal-Based Penetration Testing
- Conceptual overview of security testing
- Misconceptions of vulnerability scanning, penetration testing, and red team exercises
- Objective-based penetration testing
- The testing methodology
- Introduction to Kali Linux – features
- Installing and updating Kali Linux
- Organizing Kali Linux
- Configuring and customizing Kali Linux
- Resetting the root password
- Adding a non-root user
- Configuring network services and secure communications
- Adjusting network proxy settings
- Accessing the secure shell
- Speeding up Kali operations
- Sharing folders with the host operating system
- Using Bash scripts to customize Kali
- Building a verification lab
- Managing collaborative penetration testing using Faraday
- Summary
- Open Source Intelligence and Passive Reconnaissance
- Active Reconnaissance of External and Internal Networks
- Stealth scanning strategies
- DNS reconnaissance and route mapping
- Employing comprehensive reconnaissance applications
- Identifying the external network infrastructure
- Mapping beyond the firewall
- IDS/IPS identification
- Enumerating hosts
- Port, operating system, and service discovery
- Writing your own port scanner using netcat
- Large-scale scanning
- DHCP information
- Identification and enumeration of internal network hosts
- Native MS Windows commands
- ARP broadcasting
- Ping sweep
- Using scripts to combine masscan and nmap scans
- Taking advantage of SNMP
- Windows account information via SMB (Server Message Block) sessions
- Locating network shares
- Reconnaissance of active directory domain servers
- Using comprehensive tools (SPARTA)
- An example to configure SPARTA
- Summary
- Vulnerability Assessment
- Vulnerability nomenclature
- Local and online vulnerability databases
- Vulnerability scanning with Nmap
- Web application vulnerability scanners
- Vulnerability scanners for mobile applications
- The OpenVAS network vulnerability scanner
- Commercial vulnerability scanners
- Specialized scanners
- Threat modeling
- Summary
- Advanced Social Engineering and Physical Security
- Methodology and attack methods
- Physical attacks at the console
- Creating a rogue physical device
- The Social Engineering Toolkit (SET)
- Hiding executables and obfuscating the attacker's URL
- Escalating an attack using DNS redirection
- Launching a phishing attack
- Using bulk transfer as a mode of phishing
- Summary
- Wireless Attacks
- Configuring Kali for wireless attacks
- Wireless reconnaissance
- Bypassing a hidden SSID
- Bypassing the MAC address authentication and open authentication
- Attacking WPA and WPA2
- Denial-of-service (DoS) attacks against wireless communications
- Compromising enterprise implementations of WPA/WPA2
- Working with Ghost Phisher
- Summary
- Exploiting Web-Based Applications
- Client-Side Exploitation
- Bypassing Security Controls
- Exploitation
- Action on the Objective and Lateral Movement
- Privilege Escalation
- Overview of the common escalation methodology
- Escalating from domain user to system administrator
- Local system escalation
- Escalating from administrator to system
- Credential harvesting and escalation attacks
- Escalating access rights in Active Directory
- Compromising Kerberos – the golden-ticket attack
- Summary
- Command and Control
- Persistence
- Using persistent agents
- Domain fronting
- Exfiltration of data
- Hiding evidence of an attack
- Summary
- Embedded Devices and RFID Hacking
- Other Books You May Enjoy
Credential harvesting and escalation attacks
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.