Conceal

Overview

---

• 1-Recon
  • Conceal_Recon
• 2-Enumeration

  • attachments

  • Conceal_FTP

  • Conceal_IKE

  • Conceal_IPsec

  • Conceal_MSRPC

  • Conceal_Re-Scan

  • Conceal_SMB

  • Conceal_SNMP

  • Conceal_Web

• 3-Exploitation

  • attachments

  • Conceal_Exploitation

  • Conceal_Payload

• 4-Post_Enumeration

  • attachments

  • Conceal_Automated

  • Conceal_Cleanup

  • Conceal_Initial_Foothold_WIN

  • Conceal_User_Privileges

• 5-Privilege_Escalation

  • attachments

  • Conceal_Payload

  • Conceal_Privilege_Escalation

• attachments

Target IP

---

10.10.10.116

Credential

---

Dudecake1!(vpn)

some_notes

---

SNMP

---

simple network management protocol (snmp) is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

For compatibility with different client-server combinations across different manufactures, MIB (Management Information Base) was created. It is an independent format for storing device information

A MIB is a text file in which all query-able SNMP objects of a device are listed in a standardized tree hierarchy. It contains at least one Object Identifier (OID), which, in addition to the necessary unique address and a name, also provides information about the type, access rights, and a description of the respective object MIB files are written in the Abstract Syntax Notation One (ASN.1) based ASCII text format

The MIBs do not contain data, but they explain where to find which information and what it looks like, which returns values for the specific OID, or which data type is used.

snmp(simple network management protocol):

• is a protocol used to monitor different devices in the network (like routers, switches, printers, IoTs…
• is typically supported by cable modems, routers, switches, servers, workstations, printers, and more
• exposes management data in the form of variables on the managed systems organized in a management information base (MIB) which describe the system status and configuration
  • These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications
• has three versions; SNMPv1 being the original, SNMPv2c and SNMPv3, with improvements in performance, flexibility and security
• has issues with each version for authentication
  • SNMP v1 sends passwords in clear-text over the network which then can be read via packet sniffing
  • Virtually all network management software support SNMP v1, but not necessarily SNMP v2 or v3
  • SNMP v2 allows password hashing with MD5, but this has to be configured
  • SNMP v2 was specifically developed to provide data security, that is authentication, privacy and authorization, but only SNMP version 2c gained the endorsement of the Internet Engineering Task Force (IETF), but the versions 2u and 2* failed to gain IETF approval due to security issues
  • SNMP v3 uses MD5, Secure Hash Algorithm (SHA) and keyed algorithms to offer protection
• more here

IPSEC

---

IPSEC(Internet Protocol Security):

• is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network
• is used in virtual private networks (VPNs)
• includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to use during the session
• can protect data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host)
• supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection (protection from replay attacks)
• has an architecture that uses the following protocols:
  • Authentication Header (AH) - Provides data integrity (will know if data is modified between senders), data source authentication (will know if the source isn’t what is expected for that connection), and protects against replay attacks
  • Encapsulating Security Payloads (ESP) - Provides similar capabilities, plus confidentiality (someone in the middle can’t see the data) Internet Security Association and Key Management Protocol (ISAKMP) - provides a framework for authentication and key exchange with actual authenticated keying material provided either by manual configuration with pre-shared keys, Internet Key Exchange (IKE and IKEv2), Kerberized Internet Negotiation of Keys (KINK), or IPSECKEY DNS records. The purpose is to generate the security associations (SA) with the bundle of algorithms and parameters necessary for AH and/or ESP operations.

Tunnel Mode: In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access) and host-to-host communications (e.g. private chat). Tunnel mode supports NAT traversal.

Transport Mode: In transport mode, only the payload of the IP packet is usually encrypted or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be modified by network address translation, as this always invalidates the hash value. The transport and application layers are always secured by a hash, so they cannot be modified in any way, for example by translating the port numbers.

A means to encapsulate IPsec messages for NAT traversal has been defined by RFC documents describing the NAT-T mechanism.

/etc/ipsec.secrets

ISAKMP(Internet Security Association Key Management Protocol)/IKE(Internet Key Exchange):

Basic Information

IPsec is the most commonly used technology for both gateway-to-gateway (LAN-to-LAN) and host to gateway (remote access) enterprise VPN solutions.

IKE is a type of ISAKMP (Internet Security Association Key Management Protocol) implementation, which is a framework for authentication and key exchange. IKE establishes the security association (SA) between two endpoints through a three-phase process: • Phase 1: Establish a secure channel between 2 endpoints using a Pre-Shared Key (PSK) or certificates. It can use main mode (3 pairs of messages) or aggressive mode. • Phase1.5: This is optional, is called Extended Authentication Phase and authenticates the user that is trying to connect (user+password). • Phase2: Negotiates the parameter for the data security using ESP and AH. It can use a different algorithm than the one used in phase 1 (Perfect Forward Secrecy (PFS)).

Default port: 500/udp