---
title: ОТЧЕТ
subtitle: |
|
| ПО РЕЗУЛЬТАТАМ ПРОВЕДЕНИЯ КОМПЛЕКСНОГО ТЕСТИРОВАНИЯ НА ПРОНИКНОВЕНИЕ
| ДЛЯ ООО «РОГА И КОПЫТА»
output: pdf_document
author: |
| **Исполнитель:**
| Compliance Control Ltd
date: "2019-10-10"
titlepage: true
toc-title: "Оглавление"
titlepage-rule-height: 2
book: true
classoption: "oneside"
...
# Введение
Данный отчет содержит информацию о ходе и результатах проведения комплексного тестирования на проникновение в корпоративную информационную систему (далее – КИС) ООО "Рога и Копыта" (далее – Заказчик), выполненного компанией Compliance Control Ltd (далее – Исполнитель).
Работы проводились в период с 02.09.2019 г. по 11.09.2019 г.
# Цель и задачи проведения работ
Целью данных работ являлось определение текущего уровня защищенности КИС Заказчика по отношению к угрозам, связанным с возможными атаками злоумышленников через сеть Интернет и изнутри КИС Заказчика. Предполагалось, что основной целью злоумышленника является получение доступа к данным платежных карт и/или управлению системами, обрабатывающими, передающими и хранящими данные платежных карт.
`Задачи, решаемые в ходе проведения работ:`
1. Поиск и попытка получения несанкционированного доступа к внутренним ресурсам КИС Заказчика путем эксплуатации известных уязвимостей в сетевых сервисах и приложениях изнутри КИС Заказчика.
2. Поиск и попытка получения несанкционированного доступа к КИС Заказчика путем эксплуатации известных уязвимостей в сетевых сервисах и приложениях через сеть Интернет.
3. Формирование рекомендаций по повышению текущего уровня защищенности КИС Заказчика на основе полученной информации о возможных путях получения несанкционированного доступа.
// пустая строка обязательно
## Requirements
The student will be required to fill out this penetration testing report fully and to include the following sections:
- Overall High-Level Summary and Recommendations (non-technical)
- Methodology walkthrough and detailed outline of steps taken
- Each finding with included screenshots, walkthrough, sample code, and proof.txt if applicable
- Any additional items that were not included
# High-Level Summary
I was tasked with performing an internal penetration test towards Offensive Security Exam.
An internal penetration test is a dedicated attack against internally connected systems.
The focus of this test is to perform attacks, similar to those of a hacker and attempt to infiltrate Offensive Security’s internal exam systems – the THINC.local domain.
My overall objective was to evaluate the network, identify systems, and exploit flaws while reporting the findings back to Offensive Security.
When performing the internal penetration test, there were several alarming vulnerabilities that were identified on Offensive Security’s network.
When performing the attacks, I was able to gain access to multiple machines, primarily due to outdated patches and poor security configurations.
During the testing, I had administrative level access to multiple systems.
All systems were successfully exploited and access granted.
These systems as well as a brief description on how access was obtained are listed below:
- 192.168.xx.xx (hostname) - Name of initial exploit
- 192.168.xx.xx (hostname) - Name of initial exploit
- 192.168.xx.xx (hostname) - Name of initial exploit
- 192.168.xx.xx (hostname) - Name of initial exploit
- 192.168.xx.xx (hostname) - BOF
## Recommendations
I recommend patching the vulnerabilities identified during the testing to ensure that an attacker cannot exploit these systems in the future.
One thing to remember is that these systems require frequent patching and once patched, should remain on a regular patch program to protect additional vulnerabilities that are discovered at a later date.
# Methodologies
I utilized a widely adopted approach to performing penetration testing that is effective in testing how well the Offensive Security Exam environments is secured.
Below is a breakout of how I was able to identify and exploit the variety of systems and includes all individual vulnerabilities found.
## Information Gathering
The information gathering portion of a penetration test focuses on identifying the scope of the penetration test.
During this penetration test, I was tasked with exploiting the exam network.
The specific IP addresses were:
**Exam Network**
- 192.168.
- 192.168.
- 192.168.
- 192.168.
- 192.168.
## Penetration
The penetration testing portions of the assessment focus heavily on gaining access to a variety of systems.
During this penetration test, I was able to successfully gain access to **X** out of the **X** systems.
### System IP: 192.168.x.x
#### Service Enumeration
The service enumeration portion of a penetration test focuses on gathering information about what services are alive on a system or systems.
This is valuable for an attacker as it provides detailed information on potential attack vectors into a system.
Understanding what applications are running on the system gives an attacker needed information before performing the actual penetration test.
In some cases, some ports may not be listed.
Server IP Address | Ports Open
------------------|----------------------------------------
192.168.x.x | **TCP**: 1433,3389\
**UDP**: 1434,161
**Nmap Scan Results:**
*Initial Shell Vulnerability Exploited*
*Additional info about where the initial shell was acquired from*
**Vulnerability Explanation:**
**Vulnerability Fix:**
**Severity:**
**Proof of Concept Code Here:**
**Local.txt Proof Screenshot**
**Local.txt Contents**
#### Privilege Escalation
*Additional Priv Esc info*
**Vulnerability Exploited:**
**Vulnerability Explanation:**
**Vulnerability Fix:**
**Severity:**
**Exploit Code:**
**Proof Screenshot Here:**
**Proof.txt Contents:**
### System IP: 192.168.x.x
#### Service Enumeration
Server IP Address | Ports Open
------------------|----------------------------------------
192.168.x.x | **TCP**: 1433,3389\
**UDP**: 1434,161
**Nmap Scan Results:**
*Initial Shell Vulnerability Exploited*
*Additional info about where the initial shell was acquired from*
**Vulnerability Explanation:**
**Vulnerability Fix:**
**Severity:**
**Proof of Concept Code Here:**
**Local.txt Proof Screenshot**
**Local.txt Contents**
#### Privilege Escalation
*Additional Priv Esc info*
**Vulnerability Exploited:**
**Vulnerability Explanation:**
**Vulnerability Fix:**
**Severity:**
**Exploit Code:**
**Proof Screenshot Here:**
**Proof.txt Contents:**
### System IP: 192.168.x.x
#### Service Enumeration
Server IP Address | Ports Open
------------------|----------------------------------------
192.168.x.x | **TCP**: 1433,3389\
**UDP**: 1434,161
**Nmap Scan Results:**
*Initial Shell Vulnerability Exploited*
*Additional info about where the initial shell was acquired from*
**Vulnerability Explanation:**
**Vulnerability Fix:**
**Severity:**
**Proof of Concept Code Here:**
**Local.txt Proof Screenshot**
**Local.txt Contents**
#### Privilege Escalation
*Additional Priv Esc info*
**Vulnerability Exploited:**
**Vulnerability Explanation:**
**Vulnerability Fix:**
**Severity:**
**Exploit Code:**
**Proof Screenshot Here:**
**Proof.txt Contents:**
### System IP: 192.168.x.x
#### Service Enumeration
Server IP Address | Ports Open
------------------|----------------------------------------
192.168.x.x | **TCP**: 1433,3389\
**UDP**: 1434,161
**Nmap Scan Results:**
*Initial Shell Vulnerability Exploited*
*Additional info about where the initial shell was acquired from*
**Vulnerability Explanation:**
**Vulnerability Fix:**
**Severity:**
**Proof of Concept Code Here:**
**Local.txt Proof Screenshot**
**Local.txt Contents**
#### Privilege Escalation
*Additional Priv Esc info*
**Vulnerability Exploited:**
**Vulnerability Explanation:**
**Vulnerability Fix:**
**Severity:**
**Exploit Code:**
**Proof Screenshot Here:**
**Proof.txt Contents:**
### System IP: 192.168.x.x
**Vulnerability Exploited: bof**
Fill out this section with BOF NOTES.
**Proof Screenshot:**
**Completed Buffer Overflow Code:**
Please see Appendix 1 for the complete Windows Buffer Overflow code.
## Maintaining Access
Maintaining access to a system is important to us as attackers, ensuring that we can get back into a system after it has been exploited is invaluable.
The maintaining access phase of the penetration test focuses on ensuring that once the focused attack has occurred (i.e. a buffer overflow), we have administrative access over the system again.
Many exploits may only be exploitable once and we may never be able to get back into a system after we have already performed the exploit.
## House Cleaning
The house cleaning portions of the assessment ensures that remnants of the penetration test are removed.
Often fragments of tools or user accounts are left on an organization's computer which can cause security issues down the road.
Ensuring that we are meticulous and no remnants of our penetration test are left over is important.
After collecting trophies from the exam network was completed, Alec removed all user accounts and passwords as well as the Meterpreter services installed on the system.
Offensive Security should not have to remove any user accounts or services from the system.
# Additional Items
## Appendix - Proof and Local Contents:
IP (Hostname) | Local.txt Contents | Proof.txt Contents
--------------|--------------------|-------------------
192.168.x.x | hash_here | hash_here
192.168.x.x | hash_here | hash_here
192.168.x.x | hash_here | hash_here
192.168.x.x | hash_here | hash_here
192.168.x.x | hash_here | hash_here
## Appendix - Metasploit/Meterpreter Usage
For the exam, I used my Metasploit/Meterpreter allowance on the following machine: `192.168.x.x`
## Appendix - Completed Buffer Overflow Code
```
code here
```
Sign in with Wallet
Connect another wallet