Читать книгу Hacking For Dummies - Kevin Beaver - Страница 72

You can use identified security vulnerabilities to do the following:

 Gain further information about the host and its data

 Obtain a remote command prompt

 Start or stop certain services or applications

 Access other systems

 Disable logging or other security controls

 Capture screenshots

 Access sensitive files

 Send an email as the administrator

 Perform SQL injection

 Launch a denial of service attack

 Upload a file or create a backdoor user account proving the exploitation of a vulnerability

Metasploit (www.metasploit.com) is great for exploiting many of the vulnerabilities you find and allows you to fully penetrate many types of systems. Ideally, you’ve already made your decision about whether to fully exploit the vulnerabilities you find. If you have chosen to do so, a screenshot of a remote command prompt on a vulnerable system via Metasploit is a great piece of evidence demonstrating vulnerability.

If you want to delve further into best practices for vulnerability and penetration testing methodologies, I recommend that you check out the Open Source Security Testing Methodology Manual (www.isecom.org/research.html). The Penetration Testing Execution Standard (www.pentest-standard.org/index.php/Main_Page) and PCI DSS Penetration Testing Guidance (http://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf) are great resources as well.