After collecting enough information about the target during Deliverable 2 (Reconnaissance and Scanning Plan),
you will describe how to use that information to gain access to Haverbrook’s systems. Your one- to two-page
plan on gaining access should include:
details of the gaining access process in regards to the techniques commonly used to exploit low-privileged user
accounts by cracking passwords through techniques such as brute-forcing, password guessing, and social
engineering, and then escalate the account privileges to administrative levels, to perform a protected operation.
an implementation outline of any software that will be used in gaining access to the network(s) or system(s)
You may include open source and commercial tools available to execute the actual exploit: Burp Suite, Cain
and Abel, Core Impact, John the Ripper, Metasploit, and others. You can also use some programming
languages, such as Javascript, Perl, Python, Ruby, or C++, if you choose to develop custom exploits.
As you are developing the Gaining Access Plan, keep these questions in mind:
How would you escalate your privileges?
How would you establish a command and control communication channel?
Refer to Chapter 6 in the textbook for the different techniques that can be used to gain access to the system.