Archive for Entrench

You are browsing the archives of Entrench.

GPU Password Cracking

Using GPUs to aid in password cracking continues to become more effective in both speed and cost. GPU Password Cracking – Bruteforceing a Windows Password Using a Graphic Card – [mytechencounters.wordpress.com] GPGPU computing is getting lots of attention these days. GPGPU computing simply means doing general calculations on graphic cards (GPUs) rather than CPUs. Traditionally, […]

Password Cracking

Generally, password cracking takes place in the ENTRENCH phase of the attack, after an initial penetration has been successful and password hashes have been retrieved from the compromised system, but it can be done at any point if it will yield results and hashes are available. The attacker will probably need admin/root level access, but […]

Exfiltrate data

There are several reasons why an attacker might want to get data back out of a system or network: Command and control communications Information collected about systems and network target data for future expansion Information that was the objective for penetration (identity theft, intellectual property) The process of getting the data out can be as […]

Ensure future access

Once high privileges are established and an account for future use is established, the next need is to ensure there is a pathway for future access. Use a penetration agent/rootkit – both Core Impact and Canvas offer tools with rootkit like abilities to establish connections back out of the system. In some cases, they can […]

Add an admin user

Once admin/root privileges have been established, an attacker will often create a new account with high privilege levels in order to allow future access without needing to take extraordinary action. The advantage to this is that the password is known and the account controlled by the attacker. The disadvantage is the risk of attracting attention […]

Escalate privileges

After penetration, if the established presence doesn’t have admin/root privileges, a top priority may become escalating privileges so that further action become possible. There are a variety of ways to escalate privileges through simple and allowed actions that are usually environment specific, depending on the OS, version and configuration of the target system and even […]

Whoami?

One of the first tasks of the attacker after penetrating a system is to figure out what account status is associated with the presence established and what permissions and privileges are available. In some cases, the attacker may be very familiar with the exploit technology being used and may know ahead of time exactly what […]