Automated Penetration Test



Similar documents
Lab Objectives & Turn In

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

HIPAA Compliance Use Case

The Trivial Cisco IP Phones Compromise

Lab assignment #1 Firewall operation and Access Control Lists

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

AP6511 First Time Configuration Procedure

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

NETASQ SSO Agent Installation and deployment

Information Security Training. Assignment 1 Networking

IPv6 Diagnostic and Troubleshooting

VELOCITY. Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

Router Lab Reference Guide

Cloud Storage Quick Start Guide

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

SNMP Manager User s Manual

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

Lab Configure Basic AP Security through IOS CLI

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

SonicWALL SRA Virtual Appliance Getting Started Guide

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

ILTA HANDS ON Securing Windows 7

PFSENSE Load Balance with Fail Over From Version Beta3

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Deploying in a Distributed Environment

Common Services Platform Collector 2.5 Quick Start Guide

Lab 2 - Basic Router Configuration

Acellus Lab Cart. User s Manual. Version 4B. Acellus Corporation Copyright 2010 Acellus Corporation. All Rights Reserved.

Configuring PA Firewalls for a Layer 3 Deployment

NMS300 Network Management System

In this lab you will explore the Windows XP Firewall and configure some advanced settings.

Lab Organizing CCENT Objectives by OSI Layer

LAB THREE STATIC ROUTING

4. Getting started: Performing an audit

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

How to Configure an Initial Installation of the VMware ESXi Hypervisor

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Guide to the LBaaS plugin ver for Fuel

[HOW TO RECOVER AN INFINITI/EVOLUTION MODEM IDX ] 1

Lab - Configure a Windows XP Firewall

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

StarMOBILE Network Configuration Guide. A guide to configuring your StarMOBILE system for networking

Cisco Prime Collaboration Deployment Troubleshooting

Web Application Firewall

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Pharos Control User Guide

Configuring DHCP Snooping

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

VXOA AMI on Amazon Web Services

AppLoader 7.7. Load Testing On Windows Azure

Configuring Security for FTP Traffic

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

Classroom Management network FAQ and troubleshooting

Cisco 7940 How To. (c) Bicom Systems

NetBrain Operator Edition Workspace Maintenance Workflow

Software and Settings Instructions

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

HotelTV2. Easy Start Guide REV A0.6 D October. Web : Mail : support@vestek.com.tr Tel :

GregSowell.com. Mikrotik Basics

Lab Creating a Logical Network Diagram

Comodo Endpoint Security Manager SME Software Version 2.1

KM Embedded. Configuration Guide. AIT Ltd 2 Hawthorn Park Coal Road Leeds LS14 1PQ UK

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

FortKnox Personal Firewall

How to connect to the University of Exeter VPN service

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

Install Guide for JunosV Wireless LAN Controller

IP Address and Pre-configuration Information

NetBrain Discovery Appliance Manual

File Transfer Examples. Running commands on other computers and transferring files between computers

Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

Penetration Testing LAB Setup Guide

Network Management Deployment Guide

Lab Configuring Access Policies and DMZ Settings

1. LAB SNIFFING LAB ID: 10

Smart Business Architecture for Midsize Networks Network Management Deployment Guide

Manual Wireless Extender Setup Instructions. Before you start, there are two things you will need. 1. Laptop computer 2. Router s security key

Troubleshooting the Firewall Services Module

WhatsUp Gold 2016 Getting Started Guide

CASHNet Secure File Transfer Instructions

Running a Default Vulnerability Scan SAINTcorporation.com

SOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.

Lab - Configure a Windows 7 Firewall

Side-by-side Migration Guide for Snare Server v7

Windows Server 2008 R2 Initial Configuration Tasks

Enabling Remote Access to the ACE

DEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.

Freshservice Discovery Probe User Guide

How To Get Started With Whatsup Gold

Penetration Testing Report Client: Business Solutions June 15 th 2015

F-SECURE MESSAGING SECURITY GATEWAY

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Application Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1.

Configuring MailArchiva with Insight Server

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

Cisco ISE Command-Line Interface

Strategies to Protect Against Distributed Denial of Service (DD

Transcription:

Automated Penetration Test TABLE OF CONTENTS Introduction.... 2 Test Structure.... 2 Manually Launching The Automated Penetration Test.... 3 Automatically Launching The Automated Penetration Test On Boot.... 4 BONUS Email Security Report Directly To You!... 6

Introduction. The OG150 is pre-configured with scripts that enable the user to launch an automated penetration test against the network infrastructure where it has been deployed. A penetration test, in simple terms, can be described as a method of evaluating the security of a computer system or network. The tests performed by the OG150 are NOT all-encompassing and should not be viewed as a direct replacement for a full scale penetration test performed by a certified/experienced Security Consultant. It does, however, provide useful information about the target infrastructure which may allow more focussed attacks to be launched. Test Structure. The OG150 is pre-configured to execute 11 tests by default. It is important to stress that these tests are modular and can be added to very easily. If you do create your own test, please share them with me so that the wider community can benefit! The result of each test is displayed in a consolidated Security Report. The 11 default tests are summarised below: DISPLAY OG150 IP DETAILS Displays the IP address assigned to the OG150 via DHCP. This is useful to map out the IP structure of the target infrastructure. VERIFY ICMP CONNECTIVITY TO THE INTERNET Attempts to ping www.google.com. This is useful to determine if ICMP traffic is permitted by the firewall. TRACEROUTE TO THE INTERNET Attempts to traceroute to www.google.com. This is useful to map out the IP structure of the target infrastructure. DISCOVER HOSTS AND SERVICES ON THE LOCAL NETWORK USING NMAP Performs an NMAP scan against the OG150s local subnet. This is useful to determine what services are running on host machines. CDP (Cisco Discovery Protocol) SNOOPING Listens for CDP messages. This protocol can leak sensitive information about Cisco network infrastructure devices for example, switches. FHRP (First Hop Redundancy Protocol) SNOOPING Listen for FHRP messages. If detected, FHRP attacks can be launched resulting in MITM (Man In The Middle) or DOS (Denial of Service) attacks. DYNAMIC ROUTING PROTOCOL SNOOPING Listen for dynamic routing protocol messages. If detected, routing protocol attacks can be launched resulting in MITM (Man In The Middle) or DOS (Denial of Service) attacks. NBTSCAN (NETBIOS SCAN) Lists important information about users and/or devices. This can be used for further, more focussed, attacks. WIRELESS NETWORK SCANNING Lists any wireless networks within range of the OG150. This can be used for a range of attacks against the wireless infrastructure. PUBLIC IP ADDRESS INFORMATION Provides details about the public IP address used by the target infrastructure. This can be later used for external attacks. REMOTE ACCESS STATUS Confirms whether a reverse SSH connection has been successfully established.

Manually Launching The Automated Penetration Test. The easiest way to launch the automated penetration test is MANUALLY. Once the OG150 has been connected to the target network infrastructure, you simply need to connect to it (using SSH) and launch the automated penetration test script. Screenshot 1 shown below demonstrates the command that will execute the automated penetration test script. Screenshot 1 Execute the automated penetration test script The time it takes for the penetration test to complete depends on the size of the target infrastructure. During my own testing, this time varies between 5-10 minutes. You can monitor progress of the penetration test. To do this, establish a second SSH connection to the OG150, and enter logread f as shown Screenshot 2. The log will update in real-time and confirms when each individual test has completed. To exit logread enter CTRL+C. Screenshot 2 Monitoring progress of the automated penetration test Once the automated penetration test is finished, you will see output similar to that shown in Screenshot 3.

Screenshot 3 Screen output when the automated penetration test has finished Every Security Report is archived with a date/timestamp in the following location: /etc/og150/archived-security-reports/. You can list the Security Reports in the archive as shown is Screenshot 4. Note: It is important to regularly delete old Security Reports otherwise you will eventually run out of memory space. Screenshot 4 Display the archived Security Reports To open the Security Report, you can use the cat command as shown in Screenshot 5. Personally, I prefer to transfer the Security Report to my laptop using WinSCP and view it from there. Screenshot 5 Open a Security Report using the cat command Automatically Launching The Automated Penetration Test On Boot. A more covert way to launch the automated penetration test is automatically upon bootup. All this requires is that the user plugs the OG150 into the target infrastructure, waits approximately 10 minutes (time duration to complete the automated penetration test varies depending on the size of the target network) and then removes the OG150. The user can then view the Security Report when they get back to the privacy of their office/home.

So, how do you do this? The rc.local file executes near the end of the boot process. You can add scripts to this file which will result in the scripts being executed each time the OG150 boots (due to a power cycle, reboot, etc). The default contents of the rc.local file is displayed in Screenshot 6. As you can see, the automated penetration script (shown earlier in Screenshot 1) IS included in the rc.local file, however it is prepended with a # - which means it is effectively ignored. Screenshot 6 Default rc.local file contents To ensure that the automated penetration script is executed as part of the boot sequence, we simply need to remove the # for the automated penetration script. Although there are a few ways to do this, the simplest way is to use the vi program. In simple terms, vi is a text editor and allows you to change the contents of a file from a CLI (SSH) session. This first step is to open the file with vi as shown in Screenshot 7. Screenshot 7 Open rc.local file with vi The full tutorial on the use of vi is outside the scope of this guide, there are lots of references online regarding this subject. This guide will illustrate the steps to make and save changes to a file. Once the file is opened with vi, pressing CTRL+i will allow you to make changes to the file. Use the cursor keys to move up, down, left and right. You can now navigate to the automated penetration script line and delete the # as shown in Screenshot 8. Screenshot 8 Editing rc.local file using vi In order to save the changes, you need to exit out of the editing mode, to do this press ESC. Next type :wq and then a carriage return to save the changes. Finally, verify the changes have been applied using the cat command shown in Screenshot 9.

Screenshot 9 Verify rc.local file changes To test this functionality, simply power cycle the OG150. Once booted you can SSH to the OG150 and monitor progress of the automated penetration test, as previously shown in Screenshot 2. You now have a simple, automated, penetration testing drop box that only needs to be connected to a target network for a very short time very covert and very useful. BONUS Email Security Report Directly To You! Another useful feature is to automatically email the Security Report to you once it is complete. This means you don t have to login to the OG150 to retrieve the content. This is relatively simple to set up and for best results I recommend using Gmail for the OG150 email account. Note: I have tried other email providers Yahoo for example with mixed results, bottom line is that Gmail works best. The first step to configure the SSMTP config file. This is the email (Gmail) account that the OG150 will use to email you the Security Report results. Screenshot 10 illustrates the default SSMTP config file. A sample configuration is provided at the bottom of this config file to assist with the configuration Screenshot 10 Default SSMTP configuration

Although there are a few ways to edit this configuration file, the simplest way is to use the vi program. Assuming you are using Gmail, the only variables that should differ from the SAMPLE CONFIGURATION shown in Screenshot 10 are: root=<enter your full Gmail address here> hostname=<enter your full Gmail address here> AuthUser=<enter your Gmail username here> AuthPass=<enter your Gmail password here> Screenshot 11 shows the edited configuration (with censoring to protect my own credentials). Screenshot 11 Edited SSMTP configuration You can now test this functionality to ensure that the OG150 is able to send emails using the configured Gmail account. An example test is demonstrated in Screenshot 12. As you can see, the OG150 will send the contents of the /etc/config/system file to the email address joebloggs@gmail.com. If you receive the test email your SSMTP configuration is working and you can proceed to the final step. Screenshot 12 SSMTP test The final step is to edit the automated penetration test script to include the email destination. Once this is done, the OG150 will email the contents of the Security Report to this email address. The automated penetration test script is a large file, if you display the contents using the command cat /etc/og150/working-files/penetration-test-script-v1.0.sh you will see the SSMTP configuration near the end of the script as shown in Screenshot 13.

Screenshot 13 SSMTP configuration in the automated penetration test script You need to change the your email address to the actual destination email address (where you want to email the Security Report to). Although there are a few ways to do this, the simplest way is to use the vi program. Screenshot 14 Automated penetration test script will send the Security Report to my <censored>@yahoo.co.uk email address Once these changes have been made, you are done You now simply need to invoke the automated penetration test script and you will receive the Security Report via email. It is important to highlight that it does NOT matter if you invoke the automated penetration test script manually or automatically you will ALWAYS be emailed the Security Report if it has been configured. Screenshot 15 illustrates a Security Report that was emailed to me and viewed on my iphone.

Screenshot 15 Security Report email received on iphone

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information