Hands-On Penetration Testing on Windows
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Advanced Network Attacks

We've had a lot of fun poking around the network in the first few chapters. There has been an emphasis on man-in-the-middle attacks, and it's easy to see why: they're particularly devastating when performed properly. However, your focus when educating your clients should be the fact that these are fairly old attacks, and yet, they still often work.

One reason is the fact that we still rely on very old technology in our networks, and man-in-the-middle attacks generally exploit inherent design vulnerabilities at the protocol level.  Consider the internet protocol suite, underlying the internet as we know it today: the original research that ultimately led to TCP/IP dates back to the 1960s, with official activation and adoption gaining traction in the early 1980s. Old doesn't necessarily imply insecure, but the issue here is the context in which these protocols were designed: there weren't millions upon millions of devices attached to networks of networks, operated by everyone on the street from the teenager in his parents' basement all the way up to his grandmother, and being supported by network stacks embedded into devices ranging from physical mechanisms in nuclear power plants down to the suburban home's refrigerator, sending packets to alert someone that they're running low on milk. This kind of adoption and proliferation wasn't a consideration; the reality was that physical access to nodes was tightly controlled. This inherent problem hasn't gone unnoticed—the next version of the internet's protocols, IPv6, was formally defined in RFCs during the late 1990s (with the most recent RFC being published in 2017). We'll touch on IPv6 in this chapter, but we'll also demonstrate practical interfacing of IPv4 with IPv6. This highlights that adoption has been slow and a lot of effort has instead been placed into making IPv6 work well with IPv4 environments, ensuring that we're going to be playing with all the inherent insecurity goodies of IPv4 for some time to come.

As a pen tester on a job, it's exciting to watch that shell pop up on your system. But when the fun and games are over, you're left with a mountain of findings that will be laid out in a report for your client. Remember that your job is to help your client secure their enterprise, and it's about more than just software flaws. Look for opportunities to educate as well as inform.

In this chapter, we'll be covering the following topics:

  • Using BetterCAP proxying to inject malicious binaries into web traffic
  • An introduction to creating malicious payloads and setting up the receiving handler
  • Combining ARP poisoning with DNS poisoning to bypass more strict security mechanisms
  • HTTP downgrading attacks to force insecure web traffic
  • A variation on the binary injection attack—attacking application updating
  • An introduction to IPv6: how addressing works, and security features
  • The recon phase in an IPv6 environment
  • IPv6 man-in-the-middle (the IPv6 version of ARP spoofing)
  • Proxying between IPv6 and IPv4 to allow older tools to work against IPv6 targets
上一章目录下一章