I've tried to organize common tasks within internal network penetration testing. Haven't seen something like this before..
PDF can be found here: http://sudo.co.il/attack_flow.pdf
Many aspects are excluded from this diagram, and i'm pretty sure that i forgot something.
Guys, i will be more than happy to hear suggestions on upgrading this diagram.
Some other ideas:
ReplyDelete-DHCP snooping
-PXE -> default local admin and some other stuff
-MAC flooding to transform a switch into a hub
-Yersinia (CDP attack, ...)
-VoIP Hopper to change VLAN
-DNS spoofing
-WPAD
-ICMP redirect
(some IPv6 attacks to become router)
There was a time when it was possible to mitm RDP (with Cain).
There are some PoCs of mitm of SQL protocols (SQL Server and PostgreSQL)
PWN Printers & get the account used to copy the scan on a network share
This comment has been removed by a blog administrator.
ReplyDeleteWould love to see Dnucna suggestions incorporated. Additionally I have never heard of printer attacks with driver injection. Can you do a post on that?
ReplyDeletenice.
ReplyDeletelike it.