官术网_书友最值得收藏!

The attack phase

The attack phase can be a bit challenging for a penetration tester. In this phase, exploiting a vulnerability is done to gain access to the target system and/or network. Sometimes, an exploit may not work and this can be a bit frustrating. Having an exploit-development environment is useful for a situation where a particular payload does not compromise a target. However, a penetration tester should not only rely on a single point of entry into a target but rather have multiple methods of gaining access. This concept not only demonstrates the technical skillset of the penetration tester but the many flaws within the target itself.

The information gathered about the target during the pre-attack phase will be utilized to determine the type of exploit to use on the target. Acquiring the target can be done using existing exploits found from reputable online repositories such as Exploit Database by Offensive Security (www.exploit-db.com) or using an exploitation development framework such as Metasploit (https://www.rapid7.com/products/metasploit/). 

Usually an attacker will compromise a standard account on a target system to minimize detection, then they will attempt to escalate privileges to either a system/administration or root privileges. During this phase, the penetration tester implants malicious code within the compromised systems to create backdoors for remote access and begins lateral movement on the network to compromise other potential targets.

主站蜘蛛池模板: 托里县| 五家渠市| 九江市| 荆门市| 武宁县| 新巴尔虎左旗| 阳东县| 瓦房店市| 黔西| 巫山县| 永安市| 工布江达县| 根河市| 新源县| 缙云县| 旅游| 河源市| 朝阳市| 桂平市| 沙田区| 大同市| 集贤县| 蕉岭县| 温宿县| 张家口市| 清流县| 平顺县| 自贡市| 博罗县| 潍坊市| 太湖县| 新野县| 江永县| 连平县| 邢台县| 宁晋县| 礼泉县| 泸州市| 通城县| 临泉县| 平顺县|