After collecting enough information about the target during Deliverable 2 (Reconnaissance and Scanning Plan), you will describe how to use that information to gain access to Haverbrook’s systems. Your one- to two-page plan on gaining access should include:

  • details of the gaining access process in regards to the techniques commonly used to exploit low-privileged user accounts by cracking passwords through techniques such as brute-forcing, password guessing, and social engineering, and then escalate the account privileges to administrative levels, to perform a protected operation.
  • an implementation outline of any software that will be used in gaining access to the network(s) or system(s) You may include open source and commercial tools available to execute the actual exploit: Burp Suite, Cain and Abel, Core Impact, John the Ripper, Metasploit, and others. You can also use some programming languages, such as Javascript, Perl, Python, Ruby, or C++, if you choose to develop custom exploits.

As you are developing the Gaining Access Plan, keep these questions in mind:

  • How would you escalate your privileges?

How would you establish a command and control communication channel?