Unsolved CEH Course Question / Remote Access

---

I have been watching the CEH course and am a little disappointed in the lack of demonstrations of all the topics that are being discussed. One of the biggest questions I have regards remote access and actually "Gaining access to a computer." In these segments there is discussion about getting passwords, using key loggers, other physical capture devices, etc., however, there is little discussion on how remote access to a computer is actually obtained and what is and is not possible based on how a host is configured. I have a lot of questions but one I am hoping someone can shed some light on is the following -

If a computer on a network does not have any remote connection settings enabled (SSH, Windows remote desktop, telnet, etc.) and I have a user name and password for the machine, what good is it? Can the computer even be accessed with the information that is gathered from scanning and enumeration? I realize there are other means that you can physically install or perform or prompt another user to perform in order to install malware to make the computer remotely accessible but if these services are disabled is the host at risk? If so, what techniques accomplish this?

If anyone has answers or links to additional resources where I can research this I would be grateful.

Thanks for your input.

Hi, the CEH is designed to give you the base information needed for the exam and Sean clearly states that it is up to us as individuals to go and play with the tools that he talks about.

I'm a newbie when it comes to ethical hacking so there may be an error in my understanding which is as follows.

From the scanning phase we've identified our target host.
From the enumeration (or initial foot-printing) you are suggesting that we have user credentials already and have identified that all the remote access services are disabled. We have fingerprinted the OS, identified smb shares, etc. Once we know this information we can then identify known vulnerabilities against the target and exploit these to get a shell on the target in the gaining access phase, Once we have that we can add our own user credentials if we want, look to compromise other credentials of people who may have logged onto the target (get a domain admin and you're laughing), ex-filtrate data or install a backdoor so you can maintain access if needed.

In terms of 'is there a risk?'. Yes there is - but whether it is an acceptable one or not comes down to your (your organisation's) risk appetite and the entire attack surface around and within the target host. If you are satisfied that internal and external controls (physical personnel and technical) are sufficient to protect whatever information is on the target host or could potentially be accessed via the target host then it may well be a low risk for you. All we can do is make the attack surface as small as possible.

You may find the following helpful: SANS pen test poster, see page 2

There are lots of youtube demos online and I'd recommend you start with those from:
Metasploit videos and Armitage: http://www.fastandeasyhacking.com/manual
Hak5 - youtube channel.

I previously posted lots of links from CEH course including those from the people in chat room each day here, worth a look: https://bitly.com/itpro-ceh-links

Final comment
For me I got what I needed from the CEH course as I wanted to learn about the ways I needed to think out of the box, typical attacks and countermeasures. If you are after a hands-on course then lots of stuff on youtube, etc.

Hope that helps until the itpro.tv guys are along!

If you want more "demo" check out their latest metasploit videos.

I second that CEH was great and delivered what you need for the exam