Archive for Entrench
You are browsing the archives of Entrench.
You are browsing the archives of Entrench.
Using GPUs to aid in password cracking continues to become more effective in both speed and cost. GPU Password Cracking – Bruteforceing a Windows Password Using a Graphic Card – [mytechencounters.wordpress.com] GPGPU computing is getting lots of attention these days. GPGPU computing simply means doing general calculations on graphic cards (GPUs) rather than CPUs. Traditionally, […]
Generally, password cracking takes place in the ENTRENCH phase of the attack, after an initial penetration has been successful and password hashes have been retrieved from the compromised system, but it can be done at any point if it will yield results and hashes are available. The attacker will probably need admin/root level access, but […]
There are several reasons why an attacker might want to get data back out of a system or network: Command and control communications Information collected about systems and network target data for future expansion Information that was the objective for penetration (identity theft, intellectual property) The process of getting the data out can be as […]
Once high privileges are established and an account for future use is established, the next need is to ensure there is a pathway for future access. Use a penetration agent/rootkit – both Core Impact and Canvas offer tools with rootkit like abilities to establish connections back out of the system. In some cases, they can […]
Once admin/root privileges have been established, an attacker will often create a new account with high privilege levels in order to allow future access without needing to take extraordinary action. The advantage to this is that the password is known and the account controlled by the attacker. The disadvantage is the risk of attracting attention […]
After penetration, if the established presence doesn’t have admin/root privileges, a top priority may become escalating privileges so that further action become possible. There are a variety of ways to escalate privileges through simple and allowed actions that are usually environment specific, depending on the OS, version and configuration of the target system and even […]
One of the first tasks of the attacker after penetrating a system is to figure out what account status is associated with the presence established and what permissions and privileges are available. In some cases, the attacker may be very familiar with the exploit technology being used and may know ahead of time exactly what […]