Anatomy of a Hack

Posted by Zonk on Monday July 4, 2005 @10:57AM from the illegal-dissection dept.

Tiberius_Fel writes "Informit.com is running an extensive article about the anatomy of a hack against a sample network. It's an excerpt from a book titled Protect Your Windows Network: From Perimeter to Data. Even though it makes references to Windows, the techniques can be applied to other operating systems fairly easily." From the article: "Although attacking networks can be fun and informative--not to mention illegal if you do not have all the proper permissions--the fact remains that the vast majority of us do not need to know how to do so. Frankly, becoming a good penetration tester (pen tester) takes more than a week-long class. It takes commitment, dedication, intuition, and technical savvy, not to mention a blatant disregard for the rules and the right way to do things."

1 of 98 comments (clear)

Min score:

Reason:

Sort:

No new news here by michaelaiello · 2005-07-04 11:51 · Score: 5, Informative

Quick overview of the meat of the article

1. Do a WHOIS lookup of the IP range the network is on.
2. Search newsgroups for previous network internals that the SA has posted somewhere.
3. Do a port scan and fingerprint.
4. If there is a vulnerable service running, use a common exploit.
5. A quick description of how sql injection attack works on a web-application login.
6. Use xp_cmdshell on MS-SQL to download remote shell code via tftp.
7. Once somone has the sql server under control, use the poorly configured internal network to become domain admin.

Somone needs to put together a description on how a "social engineering" penetration test should be done objectivly. If there is one out there please let me know. =P