5.6 Penetration Testing
Password Cracking
- Convince people to reveal the confidential information.
- Load the dictionary file into the cracking application that runs against user accounts.
- Run a program that tries every combination of characters until the password is broken.
- Record every keystroke that an user types using keyloggers.
- Secretly gather person or organization personal information using spyware.
- With the help of a Trojan, get access to the stored passwords in the Trojaned computer.
- Inject a compromised hash into a local session and use the hash to validate to network resources.
- Run packet sniffer tools on the LAN to access and record the raw network traffic that may include passwords sent to remote systems.
- Acquires access to the communication channels between victim and server to extract the information.
- Use a Sniffer to capture packets and authentication tokens. After extracting relevant info, place back the tokens on the network to gain access.
- Recover password-protected files using the unused processing power of machines across the network to decrypt password.
Privilege Escalation
- Use privilege escalation tools such as Active@ Password Changer, Offline NT Password & Registry Editor, Windows Password Reset Kit, Windows Password Recovery Tool, ElcomSoft System Recovery, Trinity Rescue Kit, WIndows Password Recovery Bootdisk, etc.
Executing Applications
- Use keyloggers such as All In One Keylogger, Ultimate Keylogger, Advanced Keylogger, etc.
- Use spywares such as Spytech SpyAgent, SoftActivity TS Monitor, Spy Voice Recorder, Mobile Spy, SPYPhone, etc.
Hiding Files
- Try to install rootkit in the target system to maintain hidden access.
- Perform Integrity Based Detection, Signature Based Detection, Cross View Based Detection, and Heuristic Detection techniques to detect rootkits.
- Use anti-rootkits such as Stinger, UnHackMe, Virus Removal Tool, Rootkit Buster, etc. to detect rootkits.
- Use NTFS Alternate Data Stream (ADS) to inject malicious code on a breached system and execute them without being detected by the user.
- Use NTFS stream detectors such as StreamArmor, ADS Spy, Streams, etc. to detect NTFS-ADS stream.
- Use steganography techniques to hide secret message within an ordinary message and extract it at the destination to maintain confidentiality of data.
- Use steganography detection tools such as Gragoyle Investigator Forensic Pro, Xstegsecret, Stego Suite, Stegdetct, etc. to perform steganalysis.
Covering Tracks
- Remove web activity tracks such as MRU, cookies, cache, temporary files and history.
- Disable auditing using tool such as Auditpol.
- Tamper log files such as event log files, server log files and proxy log files by log poisoning or log flooding.
- Use track covering tools such as CCleaner, MRU-Blaster, Wipe, Tracks Eraser Pro, Clear My History, etc.