Electronic Books

Imagine how many sites use SSL
(banks, companies, etc.) and expect it to be the ???cure-all??? answer for their
security because the traffic is encrypted. Because Achilles uses its own SSL
certificate, the client browser thinks it is talking directly to the target and the
target thinks it is talking directly to the client??™s browser ??” the entire time the
data is being read and/or manipulated at will.
Unvalidated Parameters
- Hidden Field Tampering
588
Practical Hacking Techniques and Countermeasures
Lab 84: Covert Reverse Telnet Session
Create a Reverse Telnet Session: Netcat
Prerequisites: None
Countermeasures: Deny Telnet, Bastion computers, remove unneeded
services
Description: The netcat application is a valuable tool for an attacker. As
such, when a target has been compromised, netcat is frequently
installed and normally hidden on the target. This lab demonstrates how
to use the netcat tool to set up a reverse Telnet session from a compromised
target.
Procedure: From the attacking computer two separate netcat shells are
executed with one listening for port 25 connections and the other for
port 80 connections. (Both of these ports are normally allowed through
firewalls.) The target will execute a Telnet session to the attacker. As
commands are typed into one session from the attacker, the output
will be redirected through the target and back to the other session on
the attacker??™s machine.
Start by identifying the attacker??™s IP address by typing ipconfig and pressing
Enter.


Pages:
178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202