8.3 - Maintain Access

 8.3 - Maintain access 

 

Key Terms: 

    • Path interception – When a malicious file name is added to a service or path without quotation marks and includes spaces in the code. 
    • Backdoor – A program that grants continued access to a previously hacked system. 
    • Spyware – Malware that works by stealth to capture information and send it back to the hacker. 
    • Crackers – Programs written to crack passwords and code to gain unauthorised access to a system. 
    • Writeable services – A service with permissions that allows anyone to change their execution. 

 

Path Interception 

When a service is started, it looks for the path to the file containing it. This is no problem when the path is written in quotation marks and has no spaces: 

“C:\programfiles\subdirectory\programname.exe” 

However, paths like this: 

C:\program files\sub directory\program name.exe 

can be exploited. It is possible for a hacker to add a malicious file name to the path and reroute it to the malicious file. If the system is running administrator, the hacker can gain escalated privileges as soon as the system restarts. 

 

Writable Services 

Writable services are weak services which allow anyone to alter its execution on the system. Altering services could include creating new administrative accounts by using PSExec to replace the service with a custom service that runs a CMD.exe file. 

 

Unsecure File and Folder Permissions 

Older versions of Windows can allow administrators to access any non-admin user’s files and folders. This can lead to DLL hijacking and malicious file installations. 

 

Backdoor 

Backdoors can allow hackers to explore a system any time they want, much like leaving a key under a mat at the front of a real house. They do this by installing rootkits, trojan horses, and RATs. Rootkits have access to the OS level and trojans have access to the application level. These backdoors allow hackers to gather sensitive information for exploitation. 

 

Crackers 

Crackers allow hackers to crack code and passwords to gain access to a system. There are many different tools and methods available for cracking. Some include brute forcing, dictionary attacks, and rainbow tables. 

 

Spyware 

Spyware works by stealth to capture information and sends it to a hacker. From this, hackers can gain remote access to a system. Keylogging, activity tracking, screen capturing, and file operation are all examples of spyware. Users can unintentionally download spyware through normal web activity and its often highly hidden and undetectable. 

 

Windows Task Scheduler 

Windows task scheduler has a vulnerability in its file validation making it weak to attacks. It has a default configuration that allows regular users to write task files. A hacker may be able to modify the file to execute commands on the system with administrator privileges.  

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more