Today we will look at typical vulnerabilities that are typical for the majority and are actively exploited by ethical hackers during internal penetration testing. However, if you immediately contact the specialists https://www.dataart.com/services-and-technology/security/penetration-testing, you can avoid all errors.
Risks of penetration testing
Weak password policy
Simple (dictionary) passwords allow an ethical hacker to gain access to most corporate resources, often privileged ones. Access to the IS with the rights of an ordinary user makes it possible to get to know its device well. In most cases, an ordinary user account is the necessary data to exploit more critical vulnerabilities in services that are tied to the directory service.
Default accounts
Default accounts are a problem for large corporate networks. It is not difficult for an ethical hacker to identify all such devices at the reconnaissance stage by means of a banal automated analysis of web server responses. After that, in a semi-automatic mode, check the validity of the login – password pairs, which may remain unchanged after the device is installed. Under (un) successful circumstances, the attacker, for example, can access the directory service with user rights or find out the SNMP string, which on individual devices can have RW rights. And what can not be achieved by using the default accounts in the Oracle database in conjunction with stored procedures!
Managing local accounts through group policies
Using a local administrator account on workstations and servers that belong to the domain is not a good idea. Using Group Policy to manage local administrator accounts is a terrible idea. An attacker gaining access to the Active Directory directory service gains read access to Group Policies, including those responsible for creating and modifying accounts for local administrators on sites. Naturally, the local account password is encrypted, but the key to decrypt it is publicly available. Thus, the pentester immediately acquires the key to many doors, and also has every chance of obtaining extended privileges in the domain.
Windows networking architecture issues
The peculiarities of the implementation of some Windows functions allow the penetration tester to elevate privileges within the Active Directory. Pentesting boils down to obtaining a privileged user account, which is used in order to get to other privileged accounts using various attacks (for example, SMB Relay) and utilities (for example, mimikatz). The pentester’s actions continue until the coveted privileged account from the Domain Admins group and hash are received.
Lack of network segmentation
The complete lack of segmentation of the internal network is a phenomenon that never ceases to amaze. The ethical hacker, with a relatively flat network topology, looks forward to gaining access quickly. Of course, the lack of segmentation can be attributed to many reasons, but any of them are common excuses. The real reason lies in banal laziness. Differentiation of access rights should be implemented not only at the application level, but also at the network level. In the event that segmentation is implemented, the speed of obtaining maximum privileges by an ethical hacker slows down before our eyes, and the likelihood of manifesting their presence on the corporate network increases.
Conclusion
It is not worth hoping that if all the above-mentioned shortcomings and vulnerabilities are eliminated, the corporate information system will be fully protected. But if the recommendations are followed, a much more professional protection will be built than in an average organization. This will reflect attempts to violate the confidentiality, integrity and availability of information by a novice pentester. Not only the customer will be satisfied with the result of penetration testing, but also an ethical hacker who will encounter an interesting task on his way.