266
Chapter 17
In this example, we clear all the event logs, but the examiner might notice
other interesting things on the system that could alert him to an attack. In
general though, the examiner will not be able to piece together the puzzle to
identify what happened during the attack, but he will know that something
bad had occurred.
Remember to document your changes to a target system to make it easier
to cover your tracks. Usually, you’ll leave a small sliver of information on
the system, so you might as well make it extremely difficult for the incident
response and forensics analysis team to find it.
Wrapping Up
Having gotten this far, we could continue to attack other machines on the
internal network using Metasploit and Meterpreter, with our attacks limited
only by our creativity and ability. If this were a larger network, we could fur-
ther penetrate the network using information gathered from various systems
on the network.
For example, earlier in this chapter we compromised a Windows-based
system. We could use the Meterpreter console to extract the hash values from
that system and then use those credentials to authenticate to other Windows-
based systems. The local administrator account is almost always the same from
one system to another, so even in a corporate environment, we could use the
information from one system to bridge attacks to another.
Penetration testing requires you to think outside the box and combine
pieces of a puzzle. We used one method during this chapter, but there are
probably several different ways to get into the systems and different avenues
of attack you can leverage. This all comes with experience and spending the
time to become creative. Persistence is key to penetration testing.
Remember to establish a fundamental set of methodologies you are com-
fortable with, but change them as necessary. Often, penetration testers change
their methodologies at least once per test to stay fresh. Changes might include
a new way of attacking a system or use of a new method. Regardless of the
method you choose, remember that you can accomplish anything in this
field with a bit of experience and hard work.