Network penetration-----How to open a breach _ security tutorial

The idea of intranet infiltration is originated from the thought of Trojan Horse---Fortress is easiest to penetrate from the inside, a large website, a large company, a large target, outside meat, the administrator will always do everything possible to strengthen the prevention and repair loopholes, conventional methods in almost impossible.
The breach of intranet penetration is how we get an intranet personal machine or intranet server, my personal experience has three kinds, one is penetrates from the outside network to the intranet, two is Tongfa Ma Xin obtains the intranet machine, the third is uses obtains the trust to obtain the intranet machine.
First, from the external network to infiltrate the substation into the intranet
Usually a large site has a lot of stations, there are many of our unknown stations or unknown site Directory, the larger the site to show in front of us the more opportunities, you can use the traditional method to get a station server permissions, such as injection, guess solution, overflow and so on. Get the station server in the case of two kinds of thinking: first, through the station infiltration to the main station or other stations, they need to allocate a network does not divide the VLAN, then you can obtain a password or intranet sniffing and other ways to obtain more substation. Second, through the analysis of the station server, to induce the manager in the horse, such as the server in the substation to obtain the password of the administrator, collect the mailbox information on the station, view the FTP information of the server, collect the tools commonly used by the administrator, Or a file that an administrator might download back (usually in the tools file of the Administrator's Transport tool) or a tool that the administrator saves in the site directory.
Second, send a Trojan letter access to the intranet machine
This should be a combination of social engineering and vulnerability, such as 0day, where word or PDF or ie0day play a role. A lot of people get Ie0day is directly used to hang horses, in fact, Ie0day sent a higher value, how to deceive the administrator click on your email URL link is also an art. Also can think about, relate to his website problem, his product problem, such thing administrator always click, want to consider after the administrator clicks will be hundred percent this is a technical problem. The regular Trojan letter sends the process, the CHM Trojan uses more, because does not kill, the hit rate can reach 100%, then must consider the administrator to be able to open? Even the horse in the customer service machine is very useful. For example, I am in a Trojan letter sent, the use of the attachment is a packaged CHM, the intranet of the letter is: "After using your XX, I feel quite good, but in the use of the process found some bugs, do not know whether it is my machine problem or you do not take into account, the specific information I am in the form of text saved in the attachment." "Of course, find the email address of the target, which is easy to find on the website or Google."
Third, use to obtain the trust to obtain the intranet machine
Webmaster or customer service, there will be email or MSN or QQ, or the real person, we can slowly set close, grasp his weakness, or psychology, such as his favorite things, slowly chat with him, reduce his psychological defense, in the mature time to send a URL, or packaged software bundled Trojan, Nor is it not possible. Specifically related to social engineering, mainly to see how they play.


Intranet penetration-----How to open the breach, this is just a few experience summary, there is no specific steps, only a thought, black station is not a simple play injection of the era. After a period of time will be written "intranet penetration-----Basic methods", only to do technical discussion and sharing