• XSS.stack #1 – первый литературный журнал от юзеров форума

Post Initial Access

Отслеживать

Mfortune

floppy-диск
Пользователь
Регистрация
03.09.2023
Сообщения
3
Реакции
0
Hello,

I have enough experience in pentesting and coding in infosec background and recently i started gaining access to vpns (about 25-30).

I would like to hear your methodology after gaining access for getting as much critical data as possible without using some sort of attack tool (or using the minimum) as i can not invest so much time bypassing AV/EDR.

Is it possible or i need to work in a team. If so as i am new to xss how can i start networking with pentesters?

The general idea is that from experience and from what i read in forums a lot of time and effort is needed for a succesfull attack and i came to the conclusion that it is better to just focus and get better in one sector of pentesting such as gaining access or bypassing edr etc. and work with a team.
 
Here's a methodology you might consider after gaining access to VPNs:

  1. Initial Reconnaissance:
    • Gather information about the network infrastructure, systems, and services available.
    • Identify potential targets of interest within the network.
  2. Privilege Escalation:
    • Exploit vulnerabilities in systems to escalate privileges and gain higher levels of access.
    • Look for misconfigurations, weak passwords, or known exploits to escalate privileges.
  3. Lateral Movement:
    • Move laterally within the network to explore and access other systems (read about MITRE and try implementing them)
    • Exploit trust relationships between systems to expand your foothold.
  4. Data Collection:
    • Identify critical data repositories, such as databases, file shares, or sensitive documents.
    • Collect as much critical data as possible without triggering alarms or detection mechanisms.
  5. Data Exfiltration:
    • Develop strategies to exfiltrate the collected data without raising suspicion.
    • Use encrypted channels or disguise the data to avoid detection.
  6. Covering Tracks:
    • Erase or modify logs to cover your tracks and minimize evidence of the intrusion.
    • Remove any traces of your presence to maintain stealth.
Regarding networking with other pentesters and potentially joining a team:

  • Engage with cyber community through forums, conferences, and online platforms like LinkedIn or Twitter.
  • Participate in Capture The Flag (CTF) competitions and challenges to sharpen your skills and connect with like-minded members.
  • Contribute to open-source projects or research initiatives related to pentesting to establish credibility and build connections.
 
blacky сказал(а):
Here's a methodology you might consider after gaining access to VPNs:

  1. Initial Reconnaissance:
    • Gather information about the network infrastructure, systems, and services available.
    • Identify potential targets of interest within the network.
  2. Privilege Escalation:
    • Exploit vulnerabilities in systems to escalate privileges and gain higher levels of access.
    • Look for misconfigurations, weak passwords, or known exploits to escalate privileges.
  3. Lateral Movement:
    • Move laterally within the network to explore and access other systems (read about MITRE and try implementing them)
    • Exploit trust relationships between systems to expand your foothold.
  4. Data Collection:
    • Identify critical data repositories, such as databases, file shares, or sensitive documents.
    • Collect as much critical data as possible without triggering alarms or detection mechanisms.
  5. Data Exfiltration:
    • Develop strategies to exfiltrate the collected data without raising suspicion.
    • Use encrypted channels or disguise the data to avoid detection.
  6. Covering Tracks:
    • Erase or modify logs to cover your tracks and minimize evidence of the intrusion.
    • Remove any traces of your presence to maintain stealth.
Regarding networking with other pentesters and potentially joining a team:

  • Engage with cyber community through forums, conferences, and online platforms like LinkedIn or Twitter.
  • Participate in Capture The Flag (CTF) competitions and challenges to sharpen your skills and connect with like-minded members.
  • Contribute to open-source projects or research initiatives related to pentesting to establish credibility and build connections.

Chatgpt ass reply 😂

For the poster -
Evading AV/EDR can be extremely simple, or extremely hard. You have access to 25-30 vpns, it seems like you got a pretty good method for getting access. It should be okay for you to fail a little bit. Try some shit out. Get some experience in what works and what doesnt.
Look into how EDRs work.. look at Elastic EDRs' public detection rules and other public detection rules. They outline what specific actions trigger an alert. They wont cover absolutely everything but should give you a solid grasp. For exfiltrating data in an EDR protected environment
you may be able to do so by utilizing services already in use in that organization. For example if they use Microsoft OneDrive for cloud storage, you can exfiltrate the data to a OneDrive server which would make the network traffic look less suspicious.

Look into AV/EDR kill scripts. Every once in a while someone releases an EDR killer script that uses a vulnerable driver to kill whatever AV/EDR is running. You can also make one yourself which would likely give you better results.

Youre also gonna need to make a tool that automatically searches for and retrieves sensitive information. A good place to start is just automatically pulling all .txts, images, .pdf, .doc, .excel, powerpoint, .sql, .git, etc. You can also create REGEXs that search for specific types of info.
For example, you can create a REGEX that looks for a 16 digit string, that could be a credit card. You can go even further and include stuff like the first number being 4 for visa and 5 for mastercard. Here is the format (in python)

Python: 
pattern = r"(?P<format1>\d{4}-\d{4}-\d{4}-\d{4})|(?P<format2>\d{16})"

The networking aspect is going to be difficult. Very few if any experienced people are going to just be willing to take on a new guy and teach him their secret sauce. Most of these groups hang out on telegram or IRC chats that are private and gatekept. You'll have more luck
if you bring something to offer (which you do, you seem to be good at getting initial access). You can start by offering to sell the credentials to the vpn. People who know what theyre doing after the initial access will be the ones buying from you. You can make long term relationships through
that and offer your best customers a partnership of some sorts.


Good luck.
 
Последнее редактирование:
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх