Ensure future access

Once high privileges are established and an account for future use is established, the next need is to ensure there is a pathway for future access.

Use a penetration agent/rootkit – both Core Impact and Canvas offer tools with rootkit like abilities to establish connections back out of the system. In some cases, they can be hidden and offer a variety of connection techniques, including outbound HTTP to avoid firewalls.

Remote access service – create an account, activate the service
telnet, SSH, remote desktop…

Install a backdoor program

Leave a Reply

You must be logged in to post a comment.