Printable View
I've read if a few of the How To's that you need remote desktop access on a few of the guides, for example, the write your own buffer overflow scripts. So in a real pen testing enviroment, do you manage to get past the remote desktop access part (gui) or is it easy to gain that sort of access?
I could appriciate a few documentations and programs that can be useful to me.
NOTE: This is not a "Gief meh program that hacks system wit a button click plx kty!!11"
Serious answers please.
Every system has a different way to compromise it. That is half the fun in pentesting. If you are trying to gain password/bruteforce access to a system with services already enabled you go after the weakest one be it telnet,ssh,rdesktop or whatever.
If you are writing a exploit you use whatever shellcode you are the most comfortable with. In my case I love the meterpreter .dll and can do pretty much any thing I need with it including turning on rdesktop if I need it.
not sure what your are exactly looking for, but my assumption you are looking of ways/tools to get priviliged/non-privileged access to your victim(s).
There are several phases you should FULLY understand to create your attack vector and finishing with your finale phase and exploiting your victim:
1.discover - in-depth enumeratation of running network services of your victim (basic attack vectors) (depends if you are looking the hard way for server-side attacks or client-side based attacks) This phase can include fuzzing techniques or using the usual vulnerability scanners. Tools in BT4: cd /pentest/scanners && /pentest/fuzzers
2.exploit - start the lazy way: look for existing xploits (Offensive Security Training presents - The Exploit Database) and do some changes & testing. Going the hard way and do protocol/service fuzzing & write your own/manipulated xploits (blind injection until you get success or if you have the chance to get the target service binary and do classic reverse engineering)
3.access - maintain a reliable victim access through different types/level of access, this can be using meterpreter on windows-based victims and all his wonderfull enhancements (incl. starting remote desktop service-create user-disable firewall-use remote desktop session) and of course several dozen of other techniques, like creating connect-back tunnels, traffic redirection/mirroring,keyboard loggers etc
So I highly recommend starting with basics and not at the 'end' - maintaining victim access - to fully understand the impact & different phases of attacking clients during an (authorized ;-) Pentest.
Start with MSF unleashed Metasploit Unleashed - Mastering the Framework
Read fundemental books on this topics:
-Hacking the Art of Exploitation (general & beginner stuff)
-The Mac Hackers Handbook (to serious understand our MAC-OS X friends)
..and thousands of other references
/brtw2003