CHAPTER 10

Attacking Networks

It's important to remember the underlying context and technology that supports the application protocols discussed at length within the pages in front of you. HTTP depends on the underlying OSI layers just as much as any other protocol defined within the Application Layer of the OSI model.

Focusing on attacking browsers and web applications is one thing, but digging deeper into the underlying network will yield fantastic results for you. It's at the network layer where you can obtain direct access to non-HTTP services, potentially exposing e-mail services, print services, Internet Relay Chat servers, and more.

This chapter begins by exploring methods to discover the hooked browser's internal network configuration. That is, detecting the internal IP addresses and launching internal port scans from the browser. Armed with this information, you then focus on more advanced techniques, such as Inter-protocol Communication (IPC) and Inter-protocol Exploitation (IPE).

Of course, once you have compromised a target using IPE, you will want to connect back to your controlling device. Conventional reverse connections involve noisy communication through edge firewalls. You will explore a much more stealthy way to connect back using the BeEF Bind payload, which ricochets communication off your hooked browser.

Identifying Targets

Reconnaissance is usually the first activity you perform when trying to gain unauthorized access to systems or networks. When the source ...