Attack Profiling

During the attack phase of the vulnerability assessment, we will use the attack profiles we develop here to simulate attacks on our qualified hosts (targets). Generally, these attacks are conducted through the use of various VA tools. During the attack profiling process, we will determine the appropriate services and applications to attack but also will determine the proper configuration for our VA tools to achieve best results.

For our Acme assessment, we have determined several publicly accessible services and applications. Each of these has been included in our topology map and we now have a good basis for configuring our VA tools to assist in the attack. We will continue to use the http://www.acmeexample.com host as our example throughout this chapter. So far we have determined the following information:

  • There are two servers appearing to be redundant that serve the http://www.acmeexample.com web site (one is on the newly found IP address block (5.125.5.44) and the other is in the original address block (2.2.2.14)).

  • Services open (on the 2.2.2.14 server we will use for our attack profile) include SSH (port 22), smtp (port 25), http (port 80), and https (port 443).

  • The server appears to be running a form of Linux with a kernel version 2.4 (based on fingerprinting).

  • We do not know the SMTP engine or the web server; however, we do know that PHP (version 4.3.9) is used.

  • The system appears to be sitting behind some type of packet filter.

Note 

In a real-world scenario, there is much more information than this gleaned for each host from the vulnerability assessment actions taken so far. These are only some of the highlights used to demonstrate the attack profile building process.

This information will be used to create the configuration for the VA tools we will be using during our attack. The configuration will be based on findings so far that provide attack options that are most fitting for the systems and/or services targeted .



Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net