Vulnerability mapping: identify specific software vulnerabilities (e.g. sendmail, telnet, ftp, NFS, apache).
Quest for root: root or nothing ? Su - root.
- Remote access: gaining access via the network
- exploit a listening daemon/service
- a UNIX system performing routing with IP forwarding enabled
- user-initiated remote execution (hostile Web site, Trojan horses, etc)
- Local access: having access to a shell or login to the system
- privilege escalation attacks (from login to root)
- once a remote access exploits a vulnerability it gains local shell access
Brute force attacks: (we will see John the Ripper but not Hydra)
- remote login programs: telnet, ftp, rlogin.rsh,ssh, http plus
- a tool to crack the username/password combination. The /etc/passwd file. You should use shadow passwords.
- Countermeasures: password education and software (e.g. checkpassd)