Optimum is a Windows machine, with an average difficulty rating of “piece of cake”.
This short post demonstrates how it may be possible to pivot into a segregated/protected network, via an RDP Jump Box.
Deploying resiliant Red Team infrastructure can be quite a time consuming process. This wiki maintained by Steve Borosh and Jeff Dimmock is probably the best public resource I’ve seen in regards to design considerations and hardening tips.
For someone like myself, who destroys and stands fresh infrastructure up for each engagement, building everything by hand is a long, laborious process. Anything that can be automated is a good thing.
The CEO of a small company has been pressured by the Board of Directors to have a penetration test done within the company. The CEO, believing his company is secure, feels this is a huge waste of money, especially since he already has a company scan their network for vulnerabilities (using Nessus). To make the BoD happy, he decides to hire you for a 5-day job; and because he really doesn’t believe the company is insecure, he has contracted you to look at only one server - an old system that only has a web-based list of the company’s contact information.
The CEO expects you to prove that the admins of the box follow all proper accepted security practices, and that you will not be able to obtain access to the box. Prove to him that a full penetration test of their entire corporation would be the best way to ensure his company is actually following best security practices.
Computer viruses have been around since as early as the 1970’s - the eternal battle between virus creators and antivirus solutions continues to wage over 40 years later.
beacon> getuid [*] You are CYBER-LANCE\sgomez beacon> spawnas cyber-lance\tswift Passw0rd! smb
- OLDER POSTS
- page 1 of 2