Ethical Hacking — Week 11
Maintain Access
Today’s session was about maintaining access. Maintaining access after pen testing is done as a professional pentester is unethical as when we sign the NDA which stands for Non Disclosure Agreement with the company, that NDA states we are not allowed to maintain access, hence we can not continue to maintain access.
We need to maintain access as this leads to no need to reinvent the wheel, the previous vulnerabilities are already patched, sysadmin harden the system and it saves time. However, when maintaining access, it is important to ensure to read the NDA properly as some NDA states a backdoor can’t be placed.
There are certain methods to maintain access such as creating OS backdoors, Tunnel and web based backdoors. Backdoors is a method which allows attacker to access target without using normal authentication while remaining undetected. Cymothoa is a tool which can be used inject a backdoor. The command is cymothoa -p 4255 -s 1 -y 555It is possible to use DVL which stands for Damn Vulnerable Linux to learn more about other exploits.
Tunneling is encapsulating one network protocol inside another network protocol. Web based backdoors can be used when the target is web based.
Tags: Ethical Hacking
This entry was posted on Friday, June 5th, 2020 at 9:44 pm and is filed under Database System -- Semester 3, Ethical Hacking -- Semester 4, Intelligent System -- Semester 4, Network Forensic -- Semester 5, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.