Owning Systems with CORE IMPACT
By secgeeks - Posted on May 27th, 2007
109
vote
The first thing we want to do is find out more about the victim. So, once again we use the Rapid Penetration Test list to help us quickly determine what is running on the system, any open ports, process list, current users, and more. In our case, our target system was a Windows NT4 box with Service Pack 6 installed.
In addition to using this form of auditing, we can optionally connect to the system via a shell that connects to the listening agent. This is done in the central window where you can now note a level0v2 icon under the owned IP address. The level0 indicates that this is a memory resident backdoor that will go away once the system is rebooted. If you right click on the listing, you are given the option to make it a level1, or persistent process on the system so you can go back and connect at any point in the future. In addition to this, you can also view the files on the system via a basic file viewer (Figure 6) or gain a command line prompt to the target (Figure 7).
Bookmark/Search this post with:
Recent comments
30 weeks 5 days ago
33 weeks 2 days ago
1 year 1 week ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 18 weeks ago
1 year 34 weeks ago
2 years 25 weeks ago
2 years 26 weeks ago
2 years 28 weeks ago