Noirchapeau's Gitbook
Noirchapeau
NoirchapeauEsau
Noirchapeau
NoirchapeauEsau
  • Welcome to NoirChapeau Gitbook
  • Network Mapping and Security Auditing Tool
  • Footprinting - Enumeration and Information Gathering Notes
    • FTP Pentesting Notes
    • SMB Pentesting Notes
    • SSH Pentesting Notes
    • IPMI Pentesting Notes
    • Oracle TNS Pentesting Notes
    • MSSQL Pentesting Notes
    • MySQL Pentesting Notes
    • SNMP Pentesting Notes
    • IMAP/POP3 Pentesting Notes
    • SMTP Pentesting Notes
    • DNS Pentesting Notes
    • NFS Pentesting Notes
  • Web Reconnaissance Notes
  • Vulnerability Assessment Notes
    • Nessus Vulnerability Scanner Notes
    • OpenVAS (GVM) Vulnerability Scanner Notes
  • File Transfer Techniques for Pentesting
    • Advanced File Transfer Techniques
    • File Transfer Detection & Evasion Techniques
  • Shells & Payloads: Shell Overview
    • Shells & Payloads: Payloads Overview
    • Shells & Payloads: Web Shells Overview
    • Shells & Payloads: Detection & Prevention
  • Metasploit
    • Working with Metasploit Modules
    • Targets and Payloads
    • Encoders & Msfvenom: Advanced Exploitation Techniques
    • Database Management in Metasploit
    • Sessions and Jobs
    • Writing and Importing Custom Modules into Metasploit
    • Firewall and IDS/IPS Evasion
  • Password Attacks
    • Remote Password Attacks
    • Windows Local Password Attacks
    • Linux Local Password Attacks
    • Windows Lateral Movement
    • Files & Archives Cracking
    • Password Management
  • Interacting with Common Services
    • Protocol Specific Attacks
Powered by GitBook
On this page
  • Fundamental Attack Concept
  • 1. Source
  • 2. Process
  • 3. Privileges
  • 4. Destination
  • Common Service Misconfiguration Attack Vectors
  • Authentication Vulnerabilities
  • Access Rights Exploitation
  • Unnecessary Defaults Attack Surface
  • Sensitive Information Discovery Methodology
  • Enumeration Techniques
  • Target Service Investigation
  • Real-World Attack Scenario: FTP to RCE
  • Step-by-Step Methodology
  • Best Practices and Mitigation
  • Prevention Strategies
  • Recommended Tools
  • Key Takeaways
  1. Interacting with Common Services

Protocol Specific Attacks

Fundamental Attack Concept

The attack methodology follows a universal four-category framework applicable across different services:

1. Source

  • Definition: The origin of information or input for a process

  • Key Sources to Investigate:

    • Code outputs reused as inputs

    • Libraries and configuration files

    • APIs and interfaces

    • User inputs (most vulnerable)

2. Process

  • Definition: How information from the source is processed

  • Critical Components to Analyze:

    • Process ID (PID)

    • Input handling mechanisms

    • Data processing logic

    • Variable manipulation

    • Logging mechanisms

3. Privileges

  • Definition: System-controlled permissions for executing actions

  • Privilege Types:

    • System-level (root/SYSTEM)

    • User-specific permissions

    • Group-based access

    • Application-specific policies and rules

4. Destination

  • Definition: Output or target of the processed task

  • Destination Types:

    • Local system modifications

    • Network interactions with external systems

Common Service Misconfiguration Attack Vectors

Authentication Vulnerabilities

  • Default Credentials:

    • Common weak combinations:

      • admin:admin

      • root:12345678

      • admin:<blank>

    • Always attempt default credential login

  • Anonymous Authentication:

    • Identify services allowing unauthenticated access

    • Examples: FTP servers with anonymous login

    • Potential for unauthorized resource access

Access Rights Exploitation

  • Misconfigured Permissions:

    • Look for roles with excessive privileges

    • Example: FTP users with unintended read/write access

    • Utilize Role-Based Access Control (RBAC) assessment tools

Unnecessary Defaults Attack Surface

  • Identify and Exploit:

    • Unused open ports

    • Default accounts

    • Overly informative error messages

    • Unpatched services

Sensitive Information Discovery Methodology

Enumeration Techniques

  • Systematic Information Gathering:

    • Collect usernames

    • Extract email addresses

    • Locate password references

    • Analyze DNS records

    • Map IP addresses

    • Review source code and configuration files

Target Service Investigation

File Shares

  • Tools:

    • SMBClient

    • Enum4linux

    • CrackMapExec

  • Focus Areas:

    • Shared documents

    • Credential files

    • Configuration data

Email Services

  • Investigation Keywords:

    • "password"

    • "confidential"

  • Methodology:

    • Manual and tool-assisted searches

    • Cross-reference discovered credentials

Databases

  • Tools:

    • SQLmap

    • Database-specific clients (MySQL, MSSQL)

  • Extraction Targets:

    • User data

    • Configuration details

    • Application logic

Real-World Attack Scenario: FTP to RCE

Step-by-Step Methodology

  1. Initial Enumeration

    • Attempt anonymous FTP access

    • Analyze even seemingly insignificant files

    • Test discovered usernames across services

  2. Credential Correlation

    • Search emails for password hints

    • Cross-reference information between services

  3. Privilege Escalation

    • Leverage discovered credentials

    • Exploit service-specific functionalities

    • Aim for Remote Code Execution (RCE)

Best Practices and Mitigation

Prevention Strategies

  • Disable unnecessary services

  • Use unique credentials per environment

  • Implement automated secure configuration

  • Conduct regular security audits

  • Use minimal platforms

  • Apply strict access controls

Recommended Tools

  • Nmap

  • Gobuster

  • Metasploit

  • Custom enumeration scripts

Key Takeaways

  • Attacks are methodical, not random

  • Details matter immensely

  • Systematic approach is crucial

  • Always document your findings

  • Continuously adapt to the target's unique setup

PreviousInteracting with Common Services