Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

Size: px
Start display at page:

Download "Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy"

Transcription

1 Lab 7 - Exploitation 1 NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

2 Lab 7 - Exploitation 2 Item I. (What were you asked to do?) Metasploit Server Side Exploits Perform the exercises in chapter 8 of the Penetration Testing book Provide a summary of the exploits you performed and their results in your lab write up Password Attacks Perform the exercises in chapter 9 of the Penetration Testing book Provide as summary of the exploits you performed and their results in your lab write up Metasploit Client Side Exploits Perform the exercises in Chapter 10 of the Penetration Testing book Provide as summary of the exploits you performed and their results in your lab write up

3 Lab 7 - Exploitation 3 Item II. (What did you do?) Revisiting MS Metasploit payloads In this section of the lab we recreate the exploit that we did in Chapter 4. In this section we utilize the MS exploit to attack the Windows XP machine from the Kali virtual machine. This was fairly simple as this was previously completed in chapter 4. The options and results are in figure 1.1. Figure 1.1 Exploiting WebDav Default Credentials In the previous chapter we discovered that there was an installation of XAMPP running on the target XP machine. Since the credentials were not changed the default credentials are in place. This will allow us to upload our own items to the server. First we create a test.txt file and login to the server will the default credentials of wampp and xampp. We then upload our test.txt and attempt to reach the file with a web browser which was successful. See figure 1.2 and 1.3.

4 Lab 7 - Exploitation 4 Figure 1.2 Figure 1.3 Running a Script on the Target Web Server While uploading a text file is a success it is not able to do as much as a script would be able to do. Therefore in this section of the lab we upload a script to the same server with default credentials. See figure 1.4. Figure 1.4 shows a ls of the webdav directory which shows the test.php script that was uploaded. Figure 1.4

5 Lab 7 - Exploitation 5 Uploading a Msfvenom payload Uploading script will only get us so far on the target, it would be more beneficial to be able to upload msfvenom payload. This is because it is much easier to create a msfvenom payload then it would be to write a script. In this section we first create a msfvenom payload that will cause the infected system to open a session with the kali target. See figure 1.5. Figure 1.5 We next upload the payload to the same XAMPP server that had the default credentials. See figure 1.6. Figure 1.6 We then setup the handler that will accept the request that is generated upon execution of the payload. Then we set started the handler so that when the request was made it could exploit it and allow access to the system. See figure 1.7.

6 Lab 7 - Exploitation 6 Figure 1.7 Lastly we downloaded the file from the server and the payload was executed. It allowed the session to be created and the attacker was able to gain access to the system. See figure 1.8. Figure 1.8 Exploiting Open phpmyadmin The same server that we were previously able to exploit with default credentials also has an open phpmyadmin service which is able to be exploited. By navigating to the MyAdmin page on the server we are able to run an SQL query that will also allow us access to the target system. It will also enable us to be able to gain files as well as important information from the target. In the phpmyadmin shown in figure 1.9 we are able to run the following script SELECT "<?php system($_get['cmd']);?>" into outfile "C:\\xampp\\htdocs\\shell.php. This script will allow us to use the get command to obtain files off the server. To test the newly exploited vulnerability we tried to run ipconfig and were able to

7 Lab 7 - Exploitation 7 successfully do so see figure Figure 1.9 Figure 1.10 Downloading a File with TFTP In this section we attempt a second method for downloading files from our Kali machine. This method is to use TFTP. First we start the service using the following command: atftpd --daemon --bind-address /tmp. Next, we downlaod the file using the following command: get meterpreter.php C:\\xampp\\htdocs\\meterpreter.php.

8 Lab 7 - Exploitation 8 Downloading Sensitive Files In this section we focus again on exploiting XAMPP and downloading files from the target XP Machine. First we download the Zervit server configuration using the following command: Stored in this file are the hashes of the users passwords which can be obtained using a password cracker which we will discuss in the next chapter. The next file that we downlaod using this method is the SAM file. The SAM file is the Windows Security Accounts Manager file. This file stores the hashes for the user account passwords. We first try to do this on the currently running SAM file and this was unsuccessful see figure Therefore we obtained the files from the backup of the files. This method was successful and we were able to obtain the SAM and SYSTEM file. See figure 1.12 and Figure 1.11 Figure 1.12

9 Lab 7 - Exploitation 9 Figure 1.13 Exploiting a Buffer Overflow in Third-Party Software This section was designed to exploit the SL Mail program that is running on the Windows XP target. Unfortunately, it was unsuccessful due to the services on the XP Machine failing to launch. See figure These services were suppose to run on POP3 which would have enabled us to be able to exploit that service. This issue was not discovered until after the exploit failed to launch therefore figure 1.14 shows setting the options, figure 1.15 shows the exploit that failed, and figure 1.16 shows the service that would not start. Figure 1.14 Figure 1.15

10 Lab 7 - Exploitation 10 Figure 1.16 Exploiting Third-Party Web Applications Unfortunately, similar to the previous section of the lab this section failed to launch successfully. I was able to load the module and set the options but the exploit would not launch the payload. It was able to figure out server information but not launch the payload. This was the same issue that others in the class were having as well. See figure 1.17.

11 Lab 7 - Exploitation 11 Figure 1.17 Exploiting a Compromised Service This section focuses on how to exploit a vulnerability in the Very Secure FTP This exploit involves placing a smiley face after the username and then entering any password. If the service is vulnerable it will allow access to the system. In our case it was vulnerable.(figure 1.18) We were then able to start a netcat session. (Figure 1.19) Figure 1.18 Figure 1.19 Exploiting Open NFS Shares In this section we exploit the vulnerability that was discovered in the first hacking challenge that we completed. First we start by mounting an NFS share. We then cs to the mount and view the contents of the.ssh directory. In the directory are the public and private keys as well as the authorized keys. See figure 1.20.

12 Lab 7 - Exploitation 12 Figure 1.20 Next we generate new SSH keys using the default options. See figure 1.21 Figure 1.21

13 Lab 7 - Exploitation 13 Next we added our key to the targets list of authorized keys. Once we have done that we are able to gain SSH access to the system without the need for a password. See figure Figure 1.22

14 Lab 7 - Exploitation 14 Chapter 9 focuses on password attacks. It starts with the basics such as what a password list is as well as what a username list it. It then discusses as tool called crunch which will generate a brute force list based on the given parameters. See figure 2.1 for an example. Figure 2.1 Guessing Usernames and Passwords with Hydra This section utilizes the POP3 service that we were not able to run in chapter 8, therefore this was unsuccessful and not able to be completed. Recovering Password Hashes from a Windows SAM file In this section we use the files obtained in chapter 8 to try and determine the passwords for the users of the Windows XP target. We utilize the bkhive program on the key that we obtained and it returned the Root Key and the Boot Key. We then input this information into the samdump2 program and are able to determine the hashes. Dumping Passwords with Physical Access We do not have physical access to the system therefore we could not complete this section.

15 Lab 7 - Exploitation 15 All Ports The allports module in metasploit will try to set up a connection on each port until it finds a successful port. This can be very useful if there is a firewall in place and we do not know which port can be leveraged. In this section we attempt this attack on the Windows XP system. See figure 2.2, 2.3, 2.4. Figure 2.2 Figure 2.3 Figure 2.4 Browser Exploitation Since different types of traffic can be filtered we can utilize HTTP which is very commonly allowed through the firewall because it is essential. It can be filtered based on certain parameters but good attacks can bypass these filters. These types of attacks will be demonstrated in this section. The module we will use in metasploit is aurora. We set the options and then begin the service which can be used until out target connects back to the system. See figure 2.5.

16 Lab 7 - Exploitation 16 Figure 2.5 Now we would utilize some sort of social engineering or spam to get our target to connect to the needed web address. Once we do that the exploit is completed and we obtain a session with the target. See figure 2.6. Figure 2.6 The problem with the above solution is that it causes the targets Internet Explorer to stop responding causing them to close the program. When they close the program that causes our session to be closed. Therefore the more practical application of the attack would be to have the target immediately migrate the session to a separate process that way it is persistent. This is exactly what we did in this section and is demonstrated in figure 2.7.

17 Lab 7 - Exploitation 17 Figure 2.7 PDF Exploits In this section we package an exploit into a PDF that way we are able to have our target open the PDF to launch the attack and gain access. We start by using the adobe_utilprintf module of metasploit to make the pdf. No options need to be set to create the PDF. We then moved the files to the apache server on our local system so they can be accessed. See figure 2.8. See figure 2.8 We then start the reverse handler on the Kali system to get the incoming request to be able to exploit it. We then start the handler and direct the target to the file and we have established a session. See figure 2.9.

18 Lab 7 - Exploitation 18 Figure 2.9 We then run into an issue where the handler closes after the first system is attached. Therefore we set the advanced options in the handler to allow for multiple sessions see figure Figure 2.10 PDF Embedded Executable In this section we bundle a malicious payload inside a PDF to exploit the target system. The first step is to create the PDF. Unfortunately the PDF file is not where the book says to find it. First I had to use locate to the find the file. See figure Figure 2.11 I then tried to change the filetype to a regular PDF since it was.pdf.gz and the module would not accept it. Unfortunately it was unsuccessful and would not accept the file. See figure 2.12, 2.13, 2.14.

19 Lab 7 - Exploitation 19 Figure 2.12 Figure 2.13 Figure 2.14 Java Exploits In this section we set up a scenario very similar to the one with Adobe. We start by creating the malicious payload using similar options to the other modules. The module used is the java_jre17_jmxbean. The options for the module were set in figure 2.15, we then started the service. Next we directed the target to the URL and the connection was established in figure Figure 2.15

20 Lab 7 - Exploitation 20 Figure 2.16 Signed Java Applet This module in metasploit is very similar to the previous module. The benefit is that no vulnerability is needed because we ask the user to approve the action. While it seems like doing this would be unsuccessful many users to not bother to read the messages and just approve the action. The options for the module were set in figure 2.17 and we began the exploit. Figure 2.17 We then connected the target to the URL listed. Upon loading the page the user is asked to approve the action, see figure 2.18.

21 Lab 7 - Exploitation 21 Figure 2.18 Once the user clicks run we are then able to obtain access to the system. See figure 2.19 Figure 2.19 browser_autopwn Unfortunately, this module would not run successfully, it was tried multiple times and we always received back that there were no exploit modules. See figure 2.20

22 Lab 7 - Exploitation 22 Figure 2.20 The last section was the Winamp section. In this section we convince the user to install a vulnerable skin that will allow us access to the target system. First we have to create the malicious file to place in the skin files. We do this by using a metasploit module named winamp_maki_bof. Once we set the options the malicious file is created see figure Figure 2.21

23 Lab 7 - Exploitation 23 We then send the file to the apache server so that it can be access from the other systems. Next we copied the default skin for Winamp and rename it rocketship. We then replace the mcvcore.maki with the malicious file that we created. We then set the skin in Winampp to the malicious skin, once we do this Winamp will close and we then have an open session to the Windows 7 target. Difficulties Through out the lab we faced many difficulties that caused many of the sections to not function properly. For example the POP3 service would not start which caused parts of Chapter 8 not work, which then caused part of chapter 9 not to function. Another issue that was present was that the User Manual file would not be accepted by the metasploit module because it said it was not the correct format. In addition some of the instructions in the text were vague which resulted in having to complete some steps several times before the user is able to properly interpret the instructions. One of the greatest points of frustration was when trying to complete the lab was that the book says to kill the handler job and that you can just start it back up but every time I did this I was not able to bring the handler back up. Each time the handler was started and no session was started I would have to reboot the entire VM before I could relaunch the handler. What did I learn? While there were frustrating moments in the lab in the end I did learn a lot. Firstly, I learned many different ways to obtain access to a system besides the traditional ways that were learned in previous chapters. The lab also caused me to think twice anytime I skip an update for a piece of software. I always knew how important software updates were but never realized how easy it was to exploit an outdated version of Java. In addition I learned how easy it was to create malicious payloads and place them into a file or link to a malicious website. It may be that I was naive but I always thought these types of exploits took someone with a high level of programming knowledge but it turns out it doesn't. This lab was definitely an eye-opener.

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy

NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy 1 NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy 2 Item I. (What were you asked to do?) Complete Metasploit: Quick Test on page 88-108 of the Penetration Testing book. Complete

More information

STABLE & SECURE BANK lab writeup. Page 1 of 21

STABLE & SECURE BANK lab writeup. Page 1 of 21 STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth

More information

SYWorks Vulnerable Web Applications Compilation For Penetration Testing Installation Guide

SYWorks Vulnerable Web Applications Compilation For Penetration Testing Installation Guide SYWorks Vulnerable Web Applications Compilation For Penetration Testing Installation Guide This document provides installation guide on how to create your own penetration testing environment with the pre-installed

More information

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts)

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Module: 1. Introduction to Ethical Hacking 2. Footprinting a. SAM Spade b. Nslookup c. Nmap d. Traceroute

More information

Penetration Testing Walkthrough

Penetration Testing Walkthrough Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...

More information

Post Exploitation. n00bpentesting.com

Post Exploitation. n00bpentesting.com Post Exploitation n00bpentesting.com Prerequisites Hardware Software Topics Covered A Note Before You Begin Lab 0ne Post Exploitation What s Next? 3 3 3 4 4 4 5 8 2 Prerequisites Thank you for downloading

More information

Training module 2 Installing VMware View

Training module 2 Installing VMware View Training module 2 Installing VMware View In this second module we ll install VMware View for an End User Computing environment. We ll install all necessary parts such as VMware View Connection Server and

More information

Metasploit ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of

Metasploit ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of Metasploit ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of Metasploit Framework make the penetrators life quite

More information

Backup and Restore MySQL Databases

Backup and Restore MySQL Databases Backup and Restore MySQL Databases As you use XAMPP, you might find that you need to backup or restore a MySQL database. There are two easy ways to do this with XAMPP: using the browser-based phpmyadmin

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Network Security EDA491 2011/2012. Laboratory assignment 4. Revision A/576, 2012-05-04 06:13:02Z

Network Security EDA491 2011/2012. Laboratory assignment 4. Revision A/576, 2012-05-04 06:13:02Z Network Security EDA491 2011/2012 Laboratory assignment 4 Revision A/576, 2012-05-04 06:13:02Z Lab 4 - Network Intrusion Detection using Snort 1 Purpose In this assignment you will be introduced to network

More information

Network and Host-based Vulnerability Assessment

Network and Host-based Vulnerability Assessment Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:

More information

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection Description Lab flow At the end of this lab, you should be able to Discover how to harness the power and capabilities

More information

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London

More information

1. Building Testing Environment

1. Building Testing Environment The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,

More information

MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER

MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER This document provides instructions for migrating to Avalanche 5.0 from an installation of Avalanche MC 4.6 or newer using MS SQL Server 2005. You can continue

More information

Internal Penetration Test

Internal Penetration Test Internal Penetration Test Agenda Time Agenda Item 10:00 10:15 Introduction 10:15 12:15 Seminar: Web Application Penetration Test 12:15 12:30 Break 12:30 13:30 Seminar: Social Engineering Test 13:30 15:00

More information

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER A C a s e s t u d y o n h o w Z e n Q h a s h e l p e d a L e a d i n g K - 1 2 E d u c a t i o n & L e a r n i n g S o l u t i o n s P r o v i d e r i n U S g a u g e c a p a c i t y o f t h e i r f l

More information

Migrating helpdesk to a new server

Migrating helpdesk to a new server Migrating helpdesk to a new server Table of Contents 1. Helpdesk Migration... 2 Configure Virtual Web on IIS 6 Windows 2003 Server:... 2 Role Services required on IIS 7 Windows 2008 / 2012 Server:... 2

More information

EVault for Data Protection Manager. Course 361 Protecting Linux and UNIX with EVault

EVault for Data Protection Manager. Course 361 Protecting Linux and UNIX with EVault EVault for Data Protection Manager Course 361 Protecting Linux and UNIX with EVault Table of Contents Objectives... 3 Scenario... 3 Estimated Time to Complete This Lab... 3 Requirements for This Lab...

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Configuring WildFire. Version 1.0 PAN-OS 5.0.1. Johan Loos. johan@accessdenied.be

Configuring WildFire. Version 1.0 PAN-OS 5.0.1. Johan Loos. johan@accessdenied.be Configuring WildFire Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be WildFire Overview WildFire is a cloud based malware detection service. Basically is the idea when the user downloads a file,

More information

Web attacks and security: SQL injection and cross-site scripting (XSS)

Web attacks and security: SQL injection and cross-site scripting (XSS) Web attacks and security: SQL injection and cross-site scripting (XSS) License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike

More information

Five Steps to Improve Internal Network Security. Chattanooga Information security Professionals

Five Steps to Improve Internal Network Security. Chattanooga Information security Professionals Five Steps to Improve Internal Network Security Chattanooga Information security Professionals Who Am I? Security Analyst: Sword & Shield Blogger: averagesecurityguy.info Developer: github.com/averagesecurityguy

More information

VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager

VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager VMTurbo, Inc. One Burlington Woods Drive Burlington, MA 01803 USA Phone: (781) 373---3540 www.vmturbo.com Table of Contents Introduction

More information

IP Application Security Manager and. VMware vcloud Air

IP Application Security Manager and. VMware vcloud Air Securing Web Applications with F5 BIG- IP Application Security Manager and VMware vcloud Air D E P L O Y M E N T G U I D E Securing Web Applications Migrating application workloads to the public cloud

More information

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example. Testing of Network and System Security 1 Testing of Network and System Security Introduction The term security when applied to computer networks conveys a plethora of meanings, ranging from network security

More information

A New Era. A New Edge. Phishing within your company

A New Era. A New Edge. Phishing within your company Phishing within your company Learning Objectives What is phishing and how to minimize its impact Obtain a basic understanding of how to use virtual machines Use BackTrack, a tool used by many security

More information

Oracle Solaris Remote Lab User Guide for Release 1.01

Oracle Solaris Remote Lab User Guide for Release 1.01 Oracle Solaris Remote Lab User Guide for Release 1.01 Table of Contents 1. INTRODUCTION... 1 PURPOSE OF THE OSRL... 1 GAINING ACCESS TO THE OSRL... 2 Request access to the Oracle Solaris Remote Lab...

More information

How to hack a website with Metasploit

How to hack a website with Metasploit How to hack a website with Metasploit By Sumedt Jitpukdebodin Normally, Penetration Tester or a Hacker use Metasploit to exploit vulnerability services in the target server or to create a payload to make

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may

More information

TIMETABLE ADMINISTRATOR S MANUAL

TIMETABLE ADMINISTRATOR S MANUAL 2015 TIMETABLE ADMINISTRATOR S MANUAL Software Version 5.0 BY GEOFFPARTRIDGE.NET TABLE OF CONTENTS TOPIC PAGE 1) INTRODUCTION 1 2) TIMETABLE SPECIFICATIONS 1 3) SOFTWARE REQUIRED 1 a. Intranet Server (XAMPP

More information

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network

More information

Advanced Web Security, Lab

Advanced Web Security, Lab Advanced Web Security, Lab Web Server Security: Attacking and Defending November 13, 2013 Read this earlier than one day before the lab! Note that you will not have any internet access during the lab,

More information

Using Internet or Windows Explorer to Upload Your Site

Using Internet or Windows Explorer to Upload Your Site Using Internet or Windows Explorer to Upload Your Site This article briefly describes what an FTP client is and how to use Internet Explorer or Windows Explorer to upload your Web site to your hosting

More information

MySQL Quick Start Guide

MySQL Quick Start Guide Quick Start Guide MySQL Quick Start Guide SQL databases provide many benefits to the web designer, allowing you to dynamically update your web pages, collect and maintain customer data and allowing customers

More information

Running a Default Vulnerability Scan

Running a Default Vulnerability Scan Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s integrated vulnerability

More information

System Administration Training Guide. S100 Installation and Site Management

System Administration Training Guide. S100 Installation and Site Management System Administration Training Guide S100 Installation and Site Management Table of contents System Requirements for Acumatica ERP 4.2... 5 Learning Objects:... 5 Web Browser... 5 Server Software... 5

More information

How To Install Amyshelf On Windows 2000 Or Later

How To Install Amyshelf On Windows 2000 Or Later Contents I Table of Contents Part I Document Overview 2 Part II Document Details 3 Part III Setup 4 1 Download & Installation... 4 2 Configure MySQL... Server 6 Windows XP... Firewall Settings 13 3 Additional

More information

FTP, IIS, and Firewall Reference and Troubleshooting

FTP, IIS, and Firewall Reference and Troubleshooting FTP, IIS, and Firewall Reference and Troubleshooting Although Cisco VXC Manager automatically installs and configures everything you need for use with respect to FTP, IIS, and the Windows Firewall, the

More information

Exploiting Fundamental Weaknesses in Command and Control (C&C) Panels

Exploiting Fundamental Weaknesses in Command and Control (C&C) Panels Exploiting Fundamental Weaknesses in Command and Control (C&C) Panels What Goes Around Comes Back Around! Aditya K Sood Senior Security Researcher and Engineer 1 Dr. Aditya K Sood About the Speaker! Senior

More information

SEAGATE BUSINESS NAS ACCESSING THE SHELL. February 1, 2014 by Jeroen Diel IT Nerdbox

SEAGATE BUSINESS NAS ACCESSING THE SHELL. February 1, 2014 by Jeroen Diel IT Nerdbox SEAGATE BUSINESS NAS ACCESSING THE SHELL February 1, 2014 by Jeroen Diel IT Nerdbox P a g e 1 Table of Contents Introduction... 2 Technical specifications... 3 Gaining access to the shell... 4 Enable the

More information

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning

More information

Two Novel Server-Side Attacks against Log File in Shared Web Hosting Servers

Two Novel Server-Side Attacks against Log File in Shared Web Hosting Servers Two Novel Server-Side Attacks against Log File in Shared Web Hosting Servers Seyed Ali Mirheidari 1, Sajjad Arshad 2, Saeidreza Khoshkdahan 3, Rasool Jalili 4 1 Computer Engineering Department, Sharif

More information

Vulnerability analysis

Vulnerability analysis Vulnerability analysis License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents License Contents

More information

Penetration Testing LAB Setup Guide

Penetration Testing LAB Setup Guide Penetration Testing LAB Setup Guide (External Attacker - Intermediate) By: magikh0e - magikh0e@ihtb.org Last Edit: July 06 2012 This guide assumes a few things... 1. You have read the basic guide of this

More information

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them) WEB APPLICATION HACKING Part 2: Tools of the Trade (and how to use them) Jonathan Eddy September 27, 2013 Last Updated September 27, 2013 MAPPING THE APPLICATION 4 2 ENUMERATING CONTENT AND FUNCTIONALITY

More information

Installing Drupal on Your Local Computer

Installing Drupal on Your Local Computer Installing Drupal on Your Local Computer This tutorial will help you install Drupal on your own home computer and allow you to test and experiment building a Web site using this open source software. This

More information

1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux

1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux CSC 482/582 Assignment #2 Securing SimpleWebServer Due: September 29, 2015 The goal of this assignment is to learn how to validate input securely. To this purpose, students will add a feature to upload

More information

Attack and Penetration Testing 101

Attack and Penetration Testing 101 Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing

More information

Customer Control Panel Manual

Customer Control Panel Manual Customer Control Panel Manual Contents Introduction... 2 Before you begin... 2 Logging in to the Control Panel... 2 Resetting your Control Panel password.... 3 Managing FTP... 4 FTP details for your website...

More information

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange

More information

Cyber Essentials. Test Specification

Cyber Essentials. Test Specification Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8

More information

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will

More information

Kaseya Server Instal ation User Guide June 6, 2008

Kaseya Server Instal ation User Guide June 6, 2008 Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's

More information

Hacking Database for Owning your Data

Hacking Database for Owning your Data Hacking Database for Owning your Data 1 Introduction By Abdulaziz Alrasheed & Xiuwei Yi Stealing data is becoming a major threat. In 2012 alone, 500 fortune companies were compromised causing lots of money

More information

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca!

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca! Quick Start Guide Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca! How to Setup a File Server with Cerberus FTP Server FTP and SSH SFTP are application protocols

More information

Central Administration QuickStart Guide

Central Administration QuickStart Guide Central Administration QuickStart Guide Contents 1. Overview... 2 Licensing... 2 Documentation... 2 2. Configuring Central Administration... 3 3. Using the Central Administration web console... 4 Managing

More information

Joomla Admin Protection

Joomla Admin Protection Joomla Admin Protection We congratulate you on installation of our plug-in that will not only help you to protect your website but will also make your work with CMS much easier and secure. Our plug-in

More information

Build it with Drupal 8

Build it with Drupal 8 Build it with Drupal 8 Comprehensive guide for building common websites in Drupal 8. No programming knowledge required! Antonio Torres This book is for sale at http://leanpub.com/drupal-8-book This version

More information

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not

More information

Running a Default Vulnerability Scan SAINTcorporation.com

Running a Default Vulnerability Scan SAINTcorporation.com SAINT Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Install SAINT Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s

More information

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security

More information

Penetration Testing LAB Setup Guide

Penetration Testing LAB Setup Guide Penetration Testing LAB Setup Guide (Internal Attacker - Beginner version) By: magikh0e - magikh0e@ihtb.org Last Edit: July 07 2012 This guide assumes a few things... 1. You have installed Backtrack before

More information

Web Application Security

Web Application Security E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Web Application Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Modern threat landscape The majority of modern vulnerabilities are found in web

More information

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

ASL IT Security Advanced Web Exploitation Kung Fu V2.0 ASL IT Security Advanced Web Exploitation Kung Fu V2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: There is a lot more in modern day web exploitation than the good old alert( xss ) and union

More information

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Reference and Troubleshooting: FTP, IIS, and Firewall Information APPENDIXC Reference and Troubleshooting: FTP, IIS, and Firewall Information Although Cisco VXC Manager automatically installs and configures everything you need for use with respect to FTP, IIS, and the

More information

13.1 Backup virtual machines running on VMware ESXi / ESX Server

13.1 Backup virtual machines running on VMware ESXi / ESX Server 13 Backup / Restore VMware Virtual Machines Tomahawk Pro This chapter describes how to backup and restore virtual machines running on VMware ESX, ESXi Server or VMware Server 2.0. 13.1 Backup virtual machines

More information

Polar Help Desk Installation Guide

Polar Help Desk Installation Guide Polar Help Desk Installation Guide Copyright (legal information) Copyright Polar 1995-2005. All rights reserved. The information contained in this document is proprietary to Polar and may not be used or

More information

Cybernetic Proving Ground

Cybernetic Proving Ground Cybernetic Proving Ground Penetration Testing Scenario Jakub Čegan, Martin Vizváry, Michal Procházka cegan@ics.muni.cz Institute of Computer Science, Masaryk University About The Scenario "In this game

More information

Smartphone Pentest Framework v0.1. User Guide

Smartphone Pentest Framework v0.1. User Guide Smartphone Pentest Framework v0.1 User Guide 1 Introduction: The Smartphone Pentest Framework (SPF) is an open source tool designed to allow users to assess the security posture of the smartphones deployed

More information

Penetration Test Report

Penetration Test Report Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787

More information

Application Security Testing. Generic Test Strategy

Application Security Testing. Generic Test Strategy Application Security Testing Generic Test Strategy Page 2 of 8 Contents 1 Introduction 3 1.1 Purpose: 3 1.2 Application Security Testing: 3 2 Audience 3 3 Test Strategy guidelines 3 3.1 Authentication

More information

equate Installation QUICK START GUIDE

equate Installation QUICK START GUIDE equate Installation QUICK START GUIDE CONTENTS 1 Before You Begin 2 Server Installation 3 Server Configuration 3a Connecting to VirtueMart / Prestashop 4 Client Installation (Windows) 5 Client Installation

More information

Comodo Endpoint Security Manager SME Software Version 2.1

Comodo Endpoint Security Manager SME Software Version 2.1 Comodo Endpoint Security Manager SME Software Version 2.1 Quick Start Guide Guide Version 2.1.111114 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Endpoint Security Manager - SME Quick

More information

Installation Guide for WebSphere Application Server (WAS) and its Fix Packs on AIX V5.3L

Installation Guide for WebSphere Application Server (WAS) and its Fix Packs on AIX V5.3L Installation Guide for WebSphere Application Server (WAS) and its Fix Packs on AIX V5.3L Introduction: This guide is written to help any person with little knowledge in AIX V5.3L to prepare the P Server

More information

CA arcserve Unified Data Protection Agent for Linux

CA arcserve Unified Data Protection Agent for Linux CA arcserve Unified Data Protection Agent for Linux User Guide Version 5.0 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as

More information

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Five Steps to Improve Internal Network Security. Chattanooga ISSA Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical

More information

Web Application Security Payloads. Andrés Riancho Director of Web Security OWASP AppSec USA 2011 - Minneapolis

Web Application Security Payloads. Andrés Riancho Director of Web Security OWASP AppSec USA 2011 - Minneapolis Web Application Security Payloads Andrés Riancho Director of Web Security OWASP AppSec USA 2011 - Minneapolis Topics Short w3af introduction Automating Web application exploitation The problem and how

More information

Advanced Endpoint Protection Overview

Advanced Endpoint Protection Overview Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking

More information

NTT Web Hosting Service [User Manual]

NTT Web Hosting Service [User Manual] User Version 0.11 August 22, 2014 NTT Web Hosting Service [User Manual] Presented By: OAM Linux A NTT Communications (Thailand) CO., LTD. Table of Contents NTT Web Hosting Service [User Manual] 1 General...

More information

IDS and Penetration Testing Lab ISA656 (Attacker)

IDS and Penetration Testing Lab ISA656 (Attacker) IDS and Penetration Testing Lab ISA656 (Attacker) Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible

More information

Networks and Security Lab. Network Forensics

Networks and Security Lab. Network Forensics Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite

More information

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications 1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won

More information

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification Secure Web Development Teaching Modules 1 Security Testing Contents 1 Concepts... 1 1.1 Security Practices for Software Verification... 1 1.2 Software Security Testing... 2 2 Labs Objectives... 2 3 Lab

More information

Extending Remote Desktop for Large Installations. Distributed Package Installs

Extending Remote Desktop for Large Installations. Distributed Package Installs Extending Remote Desktop for Large Installations This article describes four ways Remote Desktop can be extended for large installations. The four ways are: Distributed Package Installs, List Sharing,

More information

FAQ. How does the new Big Bend Backup (powered by Keepit) work?

FAQ. How does the new Big Bend Backup (powered by Keepit) work? FAQ How does the new Big Bend Backup (powered by Keepit) work? Once you establish which of the folders on your hard drive you ll be backing up, you ll log into myaccount.bigbend.net and from your control

More information

Marcum LLP MFT Guide

Marcum LLP MFT Guide MFT Guide Contents 1. Logging In...3 2. Installing the Upload Wizard...4 3. Uploading Files Using the Upload Wizard...5 4. Downloading Files Using the Upload Wizard...8 5. Frequently Asked Questions...9

More information

Introduction to Vulnerability Scanners Lab

Introduction to Vulnerability Scanners Lab Introduction to Vulnerability Scanners Lab Introduction: Lets take enumeration (and scanning) to the next level and automate what we have been doing manually. Lets use a tool that does just what we have

More information

Symantec Cyber Readiness Challenge Player s Manual

Symantec Cyber Readiness Challenge Player s Manual Symantec Cyber Readiness Challenge Player s Manual Version 1.6 January 20, 2014 Table of Contents Introduction... 3 1 The Cyber Readiness Challenge... 4 1.1 Your Credentials... 4 1.2 Accessing the Competition...

More information

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Setting up VMware ESXi for 2X VirtualDesktopServer Manual Setting up VMware ESXi for 2X VirtualDesktopServer Manual URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples

More information

NAS 224 Remote Access Manual Configuration

NAS 224 Remote Access Manual Configuration NAS 224 Remote Access Manual Configuration Connect to your ASUSTOR NAS through the Internet A S U S T O R C O L L E G E COURSE OBJECTIVES Upon completion of this course you should be able to: 1. Configure

More information

Audience. Pre-Requisites

Audience. Pre-Requisites T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices

More information

The Web Pro Miami, Inc. 615 Santander Ave, Unit C Coral Gables, FL 33134 6505. T: 786.273.7774 info@thewebpro.com www.thewebpro.

The Web Pro Miami, Inc. 615 Santander Ave, Unit C Coral Gables, FL 33134 6505. T: 786.273.7774 info@thewebpro.com www.thewebpro. 615 Santander Ave, Unit C Coral Gables, FL 33134 6505 T: 786.273.7774 info@thewebpro.com www.thewebpro.com for v.1.06 and above Web Pro Manager is an open source website management platform that is easy

More information

NovaBACKUP xsp Version 15.0 Upgrade Guide

NovaBACKUP xsp Version 15.0 Upgrade Guide NovaBACKUP xsp Version 15.0 Upgrade Guide NovaStor / November 2013 2013 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject

More information