Precautions for professional penetration personnel during penetration

1 what is the nature of your intranet entry machine? For example: 24-hour running application servers, Test Machines, employee office machines, VPN?
According to your reply, we can know that you already have the permissions of several Intranet servers, so you should bounce the backdoor forwarding port through the Intranet to enter the Intranet. I guess it is the application server. In the initial stage, it may be through the employee's office machine or the application server mapped to the Internet to enter the Intranet.

2. How many levels of Intranet does the intranet data storage server belong? You do not have to describe this problem because it often encounters a class-1, level-2, level-3, or even a deeper man-like structure.
Here we assume that you only encounter the first-level Intranet, that is, the Intranet can communicate with each other.

3. What is the purpose of your current behavior? You describe that you need to copy the data, but you have replied that you have completed several of their servers, so my problem is, according to your last reply, I don't quite understand your current situation. A Are you bored? B. Do you have other purposes? C. Have you completed that or several data storage servers?
You don't have a clear answer, so I can't help you with it. There are different solutions in various situations.
Here, I only think that you have already completed the data storage server, and you just want to continue KO their server based on your sense of accomplishment.

Based on the above conditions, it is determined that the landlord only encounters a relatively elementary Intranet. As for how many million NB firewalls are not under consideration, the things are paper tigers.
If you only want to copy data and store it as a database, we recommend that you export the database by table segment, in fact, the data you need may only be stored in a few tables. If the data is too large, it will take a lot of time during the export process. What you need to do is:

Check the Database Server login logs and determine the normal local working hours (I don't know which country) of the country in which the Intranet belongs, make sure that no one is logged on during their sleep time (that is, the safest time is Am-Am). We recommend that you do so in the early morning of the weekend. This time is considered safe, it is because even if the company has night shift staff on duty, they are not sleeping or doing their own work in the boring late night (most night shift staff are unsupervised)
Suppose that the data table segment you export is too large, export by field (note that the Database Log service is disabled before export, because I don't know what type of database you are engaged in, whether it belongs to the WIN platform or Unix-like platform, and the way to disable logs is also different on different platforms .. .)

Then, compress the data exported from each field and transmit the data to a server on the Intranet at the fastest speed. After determining the logon log, the data is at least logged on, because it is an intranet, the download speed is very fast, so don't worry about it. The reason for doing so is to minimize the time spent on the database servers that have been concerned. Because it takes too long to upload or download data to the Internet, you need to first transfer the data to another Intranet machine that is not concerned.

Judging from my personal experience, if there is a GB Data, it will certainly not be completed within three hours, then the landlord needs N "Midnight 3 hours" to repeat the above operations.

Next, we need to leave a reasonable upload time before the end of every midnight three hours to upload the data downloaded from the Intranet to your internet server every day, we recommend that you find an IDC in the same region as the Intranet to rent a local server or use it directly as a data transfer service, which will be the fastest. As for uploading, I don't know how you do it. I used my FTP program to hide it in the system and set the upload parameters (my hidden FTP program has multiple functions ), for example, you can set: this upload takes several hours, files in what format are uploaded, what format is preferentially uploaded, how much upload speed is limited, which or more disk directory paths are uploaded, whether resumable data transfer is enabled, and whether the server has login, if the Administrator logs in to the system, what measures should the Administrator take? 1. Delete all files waiting for upload and exit the program. 2. Directly interrupt the upload and exit the program.

Maybe you have completed the work now. I am entitled to participate in the discussion. The method is common, not elegant, and tired :) but it is considered a safer method. At least I usually use it.

However, it is one thing to say how to export data, but more importantly, you need to understand your "purpose". The most taboo for Intranet penetration is delay, it is worth noting that you can make quick decisions without disturbing the other party! Do not do anything similar to ARP.

Your later reply said that you have made some other machines. here you need to consider several questions:
1. Why are you engaged in these machines?
A manager is in the middle of the queue. Are you sure you want to log in?
B. What did you do with other vulnerabilities?
C password problems?

In either case, do not randomly go to "black" or "log on to view" the machine you have obtained the permission during penetration. You must clarify your purpose! It is also clear that you should not view or "black" these servers. Do not touch unrelated machines.
Of course, most of the situations may be random hits or logins to see if they are associated with the target. During the Penetration Process, for example, when there are obstacles and there is no clear idea, hackers will randomly hit the target server to hit the luck, for example, if a hacker (look up) is a computer, he can check the permissions and check whether there is any association. This is what beginner cainiao do and what they are stupid. This is a big taboo!

You need to understand that the more operations you do, even if you open a web page and read a file, you can leave a clue to the other administrator if you scan another server! Do not perform any unnecessary operations that may be noticed by administrators.

After obtaining a 24-hour Intranet machine for Intranet penetration, the best time to enter the Intranet is the early morning of the local time. Of course, if you need the Intranet of the other party to cooperate with your operations, the exception will be.
As a professional penetration engineer! During the Penetration Process, remember:

1. Use servers in more than two countries as a dual-layer jump (single-layer jump is prohibited). We recommend that you rent servers in several countries to ensure stability and security. Many of you have used the springboard, but it is still over by Uncle GA .. Planted on "broilers.
Don't save that money. Rent it! In addition, do not rent a foreign server provided by a domestic agent. Rent it directly from a foreign IDC! Pay the local currency! I am ~ (If the Intranet port forwarding speed is too slow, do not directly connect or forward locally. Please bring your own 3G network card or wifi to a place above 10KM in diameter from your home for direct connection, I usually drive my car to the vicinity of some large Unicom business halls and then insert the on-board power inverter, because I am a 3G Unicom, and the fastest and most powerful signal of China Unicom is near the Business Hall, what do they do for demonstration)

2. You are prohibited from using IDs, websites, and software associated with yourself when you are in contact with other company personnel or "machines". Be sure to erase the traces of your operations, even if you only normally access the website of the other company, you need to switch!

Remember: do not access each other's intranet easily. Before you try to penetrate them, make a detailed penetration plan based on the learned information, make a preliminary judgment on all possible problem factors. Then adapt to the actual situation.
A serious mistake that many people who are engaged in penetration can easily make is simply to play with something like "A different village", and cannot work with a server, I want to see if the surrounding servers or applications are associated.
Most of the time, there is no such thing. I did some unnecessary operations on my own. This can easily lead to problems. Do not touch anything of the other party with no aim! Both humans and machines are the same.

If you do not have a detailed penetration plan, you will blindly start the project, even if you have successfully KO the other party and obtained what you want. But what is the purpose? Only inexperienced cainiao will take success as the final penetration. After a good penetration engineer understands the situation of the other party, after making the penetration plan, it is equivalent that KO has lost the target, rather than waiting for the results to come out. What we need is a perfect process! It is not just a result.

Be sure to clarify your purpose and have a clear idea. If not, wait until you come up and try again!
For a person who is engaged in penetration, what we need to consider when determining the task target is not whether it can be done! But how long does it take! There should be no failure in our dictionary. This is my penetration criterion.