Metasploit The Elixir of Network Security

Transcription

1 Metasploit The Elixir of Network Security Harish Chowdhary Software Quality Engineer, Aricent Technologies Shubham Mittal Penetration Testing Engineer, Iviz Security

2 And Your Situation Would Be

3 Main Goal Learn why and how to test computer networks against the most common but really serious security attacks using METASPLOIT

4 What are we going to talk about Penetration Testing Why Bother? Testing Network with - METASPLOIT Proof of Concept (Demonstration) (Mitigation Strategies) Conclusion

5 Penetration Testing A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. Wikipedia Environmental Attacks Input Attacks Logic and Data Attacks

6 Why Bother? Active pen-testing teaches you things that security planning will not Are your users and system administrators actually following their own policies? host that claims one thing in security plan but it totally different in reality Raises security awareness Helps identify weakness that may be leveraged by insider threat or accidental exposure. Provides Senior Management a realistic view of their security posture Great tool to advocate for more funding to mitigate flaws discovered If I can break into it, so could someone else!

7 How dangerous are Cyber attacks October 12, 2011 Sony has suffered a data breach involving the usernames and passwords of about 93,000 customers. Attackers were able to reuse to logon to people's PlayStation Network, or Sony Online Entertainment, or Sony Entertainment Network accounts. 6 June 2012 over six million passwords were stolen in a hack of the professional networking site linkedin.com. 10 June 2012 Anonymous attacked and brought down the website run by Computer Emergency Response Team India (CERT-In), the country's premier agency dealing with cyber security contingencies

8 How dangerous are Cyber attacks July 12, 2012 A Yahoo security breach exposed 450,000 usernames and passwords from a site on the huge web portal indicates that the company failed to take even basic precautions to protect the data. 2012: Latest SQL Injection Campaign Infects 1 Million Web Pages with the lilupophilupop.com During the period December 2011 to February 2012, a total number of 112 government websites were hacked, Minister of State for Communications and IT Sachin Pilot told the Lok Sabha. September 10, 2012 Network World Anonymous has claimed responsibility for knocking domain provider GoDaddy offline. Source :

9 Hacked out of Business

10 Severity Of Cyber Attacks

11 Current State : Network Security

12 Severity Of Cyber Attacks

13 Severity Of Cyber Attacks

14 Penetration Testing Application Security Application Security Review Application Security Assessment Network & System Security Secure Network Architecture & System Integration Network Security Managed Operations Security Governance & Compliance Security Management Reviews & Risk Assessment Security Policy & Process Development & Implementation ISO27001 Consulting Business Continuity / Disaster Recovery BCM & ITDR Consulting BCM Compliance Services Identity & Access Management Consulting & System Integration Support & Maintenance Managed Security Services Professional Services Remote Security Operation Centre

15 Diagrammatic Representation

16 Process of PenTest

17 Focusing Network PenTest

18 Network Security Testing

19 What is Metasploit According to the Metasploit Team; The Metasploit Framework is a platform for writing, testing, and using exploit code. The primary users of the Framework are professionals performing penetration testing, shellcode development, and vulnerability research. It is becoming the de facto standard for vulnerability assessment and PenTest. largest ruby project in existence Find vulnerability ->choose exploit -> check if exploit applies -> configure payload -> configure encoding to evade IDS and AV-> execute the exploit Includes an extensive shell code and opcode database with full source code.

20 What is Metasploit To understand the use of Metasploit we have to understand the some basic terminologies. Vulnerability The word vulnerability, refers to a weakness in a system allowing an attacker to violate the confidentiality, integrity, availability, access control, consistency or audit mechanisms of the system or the data and applications it hosts. Exploits An exploit is a security attack on a vulnerability Can exploits give access to a secured system? Ans: NO

21 What is Metasploit Exploits have more potential They are commonly used to install system malware or gain system access or recruit client machines into an existing botnet This is accomplished with the help of a Payload The payload is a sequence of code that is executed when the vulnerability is triggered Payloads are very useful because they provide an interactive shell that can be used to completely control the system remotely To make things clear, an Exploit is really broken up into two parts, EXPLOIT = Vulnerability + Payload

22 Hot Spots In a network, filtering and complex rules are generally applied on the basis of these basic factors TCP or UDP Source IP address Source Port Number Destination IP address Destination Port Number Now we have and Metasploit at our disposal and now we also have the HOT SPOTS to target the NETWORK. I

23 SAMPLE PENETRATION TEST *Note: Demonstration of the Penetration Test is only for the Research Purposes DON'T BE IRRESPONSIBLE...SERIOUSLY USE OF THESE TOOLS ON MACHINES NOT LEGALLY OWNED BY YOU COULD END UP PUTTING A NASTY MARK ON YOUR CRIMINAL RECORD This is not a live demo or real scenario of a Network Pentest. Network is emulated which is really close to the Real One

24 The Attack To conduct a Software Exploitation Attack using Metasploit Framework against a Victim machine in order to gain system access To make things interesting, the Victim s machine will also have AV in order to see how it reacts to the attack. We use MS exploit Critical - CVE MS is Vulnerability in Server Service Could Allow Remote Code Execution (958644) On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code

25 Outline of Network Topology emulate the real time network we created network of three virtual machines on WIN 7 Host Machine. VICTIM -WinXP Machine with SP2 and SP3 Flavor Ip.addr = VICTIM -WinXP Machine with SP3 and AV Ip.addr = Attacker Back Track 5 r3 with Metasploit Ip.addr =

26 Tools: Used in the PenTest Automatic tools are required to detect and exploit the vulnerabilities quickly to save crucial amount of time. You can use the following Tools: Nmap 6.01 Hyperion for Exploit /Payload Encryption Havij can be used to detect SQL injection on the website hosted target using network SQL Inject Me (FireFox AddOn) Acunetix Web Vulnerability Scanner

27 DEMO

28 Evaluate Impact on the Network and Reporting It reveals the information about all the existing vulnerabilities in the network. How deep a hacker can go inside the Network. How much data can be lost or altered. Report them accurately

29 Recommended Countermeasures Discipline Code review QA Test Plans Test with an intruder s mindset Periodic Penetration Testing

30 Recommended Countermeasures(Contd.) Best Practices Use principle of least-privilege Use names should be harder to guess Use aliases to provide more layers of separation between the data and the intruder Keep up-to-date on patches Escaping all User Supplied Input Use third-party code and applications evaluation services for greater scrutiny

31 Conclusion

32 Thank You