Differences between revisions 3 and 4
Revision 3 as of 2010-03-11 13:22:17
Size: 320
Editor: c-68-53-233-3
Comment:
Revision 4 as of 2010-03-11 13:29:05
Size: 1476
Editor: c-68-53-233-3
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
  == Vulnerability Mapping ==
   
   *Is the process of mapping specific security attributes of a system to an associated vulnerability or potential vulnerability
  
   === Methods of Vulnerability Mapping ===
      
      *Manually map specific system attributes against publicity available sources of vulnerability information
      *Use public exploit code posted to various security mailing lists and any number of websites, or develop own code
      *Use automated vulnerability scanning tools, such as Nessus to identify true vulnerabilities

== Remote Access ==
   
   *Defined as gaining access via the network or other communication channel.
 
== Local Access ==
   
   *Defined as having an actual command shell or login to the system
   *Also referred to a privilege escalation attacks

== Remote Access ==

   *4 methods to exploit UNIX
      *Exploiting a listening service
      *Routing through a UNIX system that is providing security between two or more networks
      *UI remote access execution attacks
      *Exploiting a process or program that has placed the network interface card into promiscuous mode

The Quest for Root

  • In 1969 Ken Thompson, and Denis Ritchie hacked up MULTICS (Multiplexed Information and computing System) and created UNIX
  • Early UNIX environments were located in Bell Labs or in a university

Vulnerability Mapping

  • Is the process of mapping specific security attributes of a system to an associated vulnerability or potential vulnerability === Methods of Vulnerability Mapping ===
    • Manually map specific system attributes against publicity available sources of vulnerability information
    • Use public exploit code posted to various security mailing lists and any number of websites, or develop own code
    • Use automated vulnerability scanning tools, such as Nessus to identify true vulnerabilities

Remote Access

  • Defined as gaining access via the network or other communication channel.

Local Access

  • Defined as having an actual command shell or login to the system
  • Also referred to a privilege escalation attacks

Remote Access

  • 4 methods to exploit UNIX
    • Exploiting a listening service
    • Routing through a UNIX system that is providing security between two or more networks
    • UI remote access execution attacks
    • Exploiting a process or program that has placed the network interface card into promiscuous mode

Back to Cptr427Winter2010

HackingExposedChapter05 (last edited 2010-03-11 13:44:19 by c-68-53-233-3)