1
00:00:00,090 --> 00:00:03,480
Let's briefly talk about maintaining access.

2
00:00:03,480 --> 00:00:10,320
So when it comes to maintaining access that means that as an attacker if something were to happen to

3
00:00:10,380 --> 00:00:17,470
the machine that we are on we have a way to gain access back to that machine.

4
00:00:17,490 --> 00:00:24,000
Now say for example we're in the middle of working on a shell and the user decides to shut down the

5
00:00:24,000 --> 00:00:25,350
computer and go home for the day.

6
00:00:25,560 --> 00:00:26,160
Well guess what.

7
00:00:26,160 --> 00:00:32,820
We're gonna lose that shell and we could have it to where you know maybe if they go home and they turn

8
00:00:32,820 --> 00:00:37,590
it on for work then we'd have access back to it regardless of where they're at.

9
00:00:37,590 --> 00:00:43,470
And we could attempt to maintain access you know be a command and control and there's a lot of these

10
00:00:43,470 --> 00:00:51,270
advanced techniques now typically as a penetration tester you're not going to be doing this the most

11
00:00:51,270 --> 00:00:55,050
maintaining access that you're going to do is gonna be right down here.

12
00:00:55,200 --> 00:01:00,990
Perhaps you get on a machine and you're in an environment where the you know it's a pen task not a red

13
00:01:00,990 --> 00:01:02,550
team assessment a pen test.

14
00:01:02,550 --> 00:01:04,170
The environment's not great.

15
00:01:04,170 --> 00:01:08,970
You know we're we're just up against it they're not catching most of stuff you're doing you can pretty

16
00:01:08,970 --> 00:01:12,330
easily add a user to a local machine.

17
00:01:12,330 --> 00:01:17,160
And then guess what you can use P.S. exact or do whatever you want to go back to that machine and have

18
00:01:17,160 --> 00:01:19,040
a shell on it pretty easily.

19
00:01:19,050 --> 00:01:21,270
So this is what I like to do for persistence.

20
00:01:21,270 --> 00:01:22,340
I just like to add a user.

21
00:01:22,350 --> 00:01:24,640
I don't like to go and do crazy things.

22
00:01:24,690 --> 00:01:31,320
So all these persistent scripts like here's a persistent script here the run persistence says H this

23
00:01:31,320 --> 00:01:34,020
is all my display when I'm showing you here.

24
00:01:34,110 --> 00:01:41,970
Now this this is dangerous because what you're doing here is you are opening a port on a machine in

25
00:01:41,970 --> 00:01:46,200
that port has zero authentication mechanism.

26
00:01:46,200 --> 00:01:49,610
It's literally just an open port when you connect to it you get a shell in the machine.

27
00:01:49,620 --> 00:01:53,730
Super dangerous to run this and you really have to have a reason to do it.

28
00:01:53,850 --> 00:01:56,700
I have never felt that I had a reason to do it on a pen desk.

29
00:01:56,700 --> 00:01:58,170
Now that's just me.

30
00:01:58,170 --> 00:02:02,370
Other people might disagree but in my opinion I just don't I don't have a reason.

31
00:02:02,460 --> 00:02:05,680
The other thought is that you can run a scheduled task.

32
00:02:05,730 --> 00:02:09,390
So basically what happens is you have malware on the computer.

33
00:02:09,510 --> 00:02:13,690
And this task will check in every so often say every five minutes.

34
00:02:13,830 --> 00:02:18,600
So that way if the computer gets rebooted the task runs again.

35
00:02:18,630 --> 00:02:23,500
And while it's you know while it runs you get the shell back to your machine.

36
00:02:23,580 --> 00:02:26,200
And guess what you have access again.

37
00:02:26,250 --> 00:02:27,660
We typically don't worry about this.

38
00:02:27,660 --> 00:02:28,050
All right.

39
00:02:28,440 --> 00:02:33,240
So this is just concepts I wanted to show you and talk about because they are part of the five stages

40
00:02:33,240 --> 00:02:34,770
of hacking.

41
00:02:34,770 --> 00:02:41,130
In my opinion this falls way more in line with red teaming which is a lot more advanced than pen testing

42
00:02:41,670 --> 00:02:48,540
and a lot more of a quiet skill set where pen testing is kind of being loud and adding a user is definitely

43
00:02:48,540 --> 00:02:49,260
being loud.

44
00:02:49,710 --> 00:02:55,410
But most the time you're going to go up against clients where being loud is perfectly fine.

45
00:02:55,440 --> 00:03:01,460
I would say 75 percent of the time or greater your client's not gonna catch this.

46
00:03:01,470 --> 00:03:05,760
So keep that in mind just understand what maintaining access is.

47
00:03:05,760 --> 00:03:09,800
It's not really in scope for what we're doing or what we're trying to achieve.

48
00:03:09,840 --> 00:03:15,030
And my guess is you probably won't see this come up on an interview and if you do you can talk about

49
00:03:15,030 --> 00:03:19,790
scheduled tasks you can talk about adding a user and just kind of understand what these are.

50
00:03:19,800 --> 00:03:24,930
But I really do doubt that you're gonna be asked to do this on a majority of your assessments.

51
00:03:25,020 --> 00:03:26,700
So that's it for this lesson.

52
00:03:26,700 --> 00:03:31,530
We're gonna go ahead and move on to pivoting and then we'll talk about cleanup and we'll be done.