NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy



Similar documents
1 Scope of Assessment

Vulnerability Assessment and Penetration Testing

IDS and Penetration Testing Lab II

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

Metasploit Lab: Attacking Windows XP and Linux Targets

How to hack a website with Metasploit

Lab 10: Security Testing Linux Server

AUTHOR CONTACT DETAILS

Intelligence Gathering. n00bpentesting.com

Penetration Testing Report Client: Business Solutions June 15 th 2015

Firewalls and Software Updates

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Vulnerability analysis

Quick Start Guide to Ethical Hacking

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

Penetration Testing with Kali Linux

Microsoft Software Update Services and Managed Symantec Anti-virus. Michael Satut TSS/Crown IT Support

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Vulnerability Assessment Lab

Contents Who Should Read this Book... 3 Credits:... 3 Introduction and background... 3 Lab Setup... 3 A primer on windows user privileges...

SCADA Security Example

Automation of Post-Exploitation

1. LAB SNIFFING LAB ID: 10

MIEIC - SSIN (Computer Security)

Metasploit The Elixir of Network Security

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

Lab 7: Introduction to Pen Testing (NMAP)

Introduction to Network Security Lab 2 - NMap

INFORMATION SECURITY TRAINING CATALOG (2015)

Implementation & Management of Systems Security. Amavax Project. Ethical Hacking Challenge. Group Project By

Penetration Testing Workshop

Running head: USING NESSUS AND NMAP TOOLS 1

Lab 2: Secure Network Administration Principles - Log Analysis

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

FortiWeb 5.0, Web Application Firewall Course #251

Metasploit Beginners

Lab Objectives & Turn In

CYBS Penetration Testing and Vulnerability Assessments. Mid Term Exam. Fall 2015

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. ID: My Blog:

Learn Ethical Hacking, Become a Pentester

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Five Steps to Improve Internal Network Security. Chattanooga Information security Professionals

Lab 12: Mitigation and Deterrent Techniques - Anti-Forensic

Networks and Security Lab. Network Forensics

Metasploit: Penetration Testing in a Virtual Environment. (Final Draft) Christopher Steiner. Dr. Janusz Zalewski. CNT 4104 Fall 2011 Networks

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

CS 558 Internet Systems and Technologies

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

NETWORK SECURITY WITH OPENSOURCE FIREWALL

Lab Configuring Access Policies and DMZ Settings

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1

Building the Next Generation of Computer Security Professionals. Chris Simpson

IBM. Vulnerability scanning and best practices

VMware: Advanced Security

Penetration Testing. What Is a Penetration Testing?

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

SECUREIT.CO.IL. Tutorial. NetCat. Security Through Hacking. NetCat Tutorial. Straight forward, no nonsense Security tool Tutorials

Virtual Learning Tools in Cyber Security Education

Ethical Hacking and Attack Tools

Installing and Configuring Nessus by Nitesh Dhanjani

Summer Training Program CCSE V3.0 Certified Cyber Security Expert Version 3.0

STABLE & SECURE BANK lab writeup. Page 1 of 21

Network Traffic Analysis

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Keywords Vulnerability Scanner, Vulnerability assessment, computer security, host security, network security, detecting security flaws, port scanning.

Deciphering The Prominent Security Tools Ofkali Linux

A New Era. A New Edge. Phishing within your company

- Basic Router Security -

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com.

Medical Device Security Health Group Digital Output

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Lab 9: Pen Testing (NESSUS)

Course Content: Session 1. Ethics & Hacking

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Firewall Firewall August, 2003

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

The Metasploit. Framework

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Cloud Services Prevent Zero-day and Targeted Attacks

Author A.Kishore/Sachin VNC Background

CYBERTRON NETWORK SOLUTIONS

Penetration Testing - a way for improving our cyber security

ASV Scan Report Attestation of Scan Compliance

Background (

Transcription:

1 NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy

2 Item I. (What were you asked to do?) Complete Metasploit: Quick Test on page 88-108 of the Penetration Testing book. Complete Telnet: Banner Grabbing of multiple websites Complete NMap: Primer Item II. (What did you do?) Metasploit MSF Console Using MSF console I was able to gain remote access to the windows system using the console interface. The msfconsole used known vulnerabilities in the un- patched Windows XP system to gain access to the command line interface on the remote system. According to the textbook the patch that is missing is MS08-067. The vulnerability exists in the netapi32.dll file, the attacker is able to gain access using the vulnerability through the Server Message Block service. This is the same vulnerability that was used in the Conficker worm. Below are the steps in order that were taken to use this vulnerability.

3

4

5

6 MSFCLI I found the CLI to be much easier as you can set all the options and do the same thing as the console with one line of instruction. Below is the screenshot with how I did it.

7 msfvenom I found msfvenom to the most interesting of the exercises because it showed how many real world attacks are carried out. Many common attacks are carried out by creating a malicious file and convincing someone to intentionally or unintentionally execute therefore allowing access to the system. This is exactly what we did in the msfvenom portion of the lab. Below are the screenshots.

8

9 Auxiliary The auxiliary programs are the programs that are added as a part of metasploit and aid when carrying out attacks. Below is the execution and use of the pipe auditor. Below shows how it was carried out.

10 Additional Questions They way you are able to see the meterpreter session from the Kali VM on the Windows VM is through netstat. When the session is open or closed you will see it in the netstat window. See the below screenshot. Telnet As requested I completed a telnet banner grab on both the computer science network at SUNY IT and also other websites. These are the steps that I followed: 1. Log into fang via terminal.

11 2. Typed the following command: telnet <target web address> <port number> Below are the screenshots of the servers that I completed the telnet assignment on: As can be interpreted by the screenshots when I tried the Telnet banner grab on SUNY IT s servers I was able to find out that they are running HTTP 1.1, their server is running Oracle Apache 2.2.3, as well as more information, which can be seen below. On the SUNY IT server there is vulnerability in the version of Apache that they are running. (V2.2.3) One vulnerability is CVE- 2012-4558, which relates to the ability to do cross- site scripting. This vulnerability would allow attackers to place web script or HTML into the server using a crafted string. I tried doing the banner grab at Apple s website and was not able to grab nearly as much information as the SUNY IT website. Interestingly when I looked up Apple s server information I was able to figure out they are running an Akamai server. I tried doing the banner grab at Yahoo s website and was not able to grab nearly as much information as the SUNY IT website. On the Yahoo server I was able to figure out that they are running an Apache server.

12

13 NMap Nmap is a very useful tool that is used to evaluate a network and discover useful information about the network and the hosts on the network. With Nmap you are able to scan a host to find out what ports are open on the host. You are also able to run it and have it check UDP as well as TCP. This can also be useful to see what hosts are up and powered on, because if the ports are open the NIC is active and therefore the system is up. Below shows a basic nmap scan on the Windows XP VM. Below shows a basic nmap scan on the Metasploitable VM.

14 Below is a scan of an IP range. Below is a UDP scan of a range of IPs using nmap su

15 Below is a scan to discover is a host is up using the nmap sp on an entire subnet Below shows the use of Zenmap using the GUI. The GUI appears to just take your input and create the command line instruction and then execute it. It also shows you what the command syntax should be as well.

16 Additional Questions After doing the nmap lab I would prefer to use cli due its simplicity. The book used for nmap does a very good job at explaining the commands and where they are used. I believe that when I was stuck on a command I might use Zenmap to aid in the command syntax if I got stuck and couldn t figure it out. ITEM III. (Difficulties) At the beginning of the lab I was having difficulties trying to get the msfconsole to work. Since the new virtual machines were rolled out I did not have many difficulties. The obstacle that was faced is that when running the msfvenom console and creating the exe file I was receiving information that was unexpected therefore I thought it was an error. It turned out it was just a warning not an error and it was working as expected. See below where I received the unexpected information. Item IV. (What did you learn?) This lab was very interesting and was also eye opening, many times we believe cyber attacks only happen to people that fall to social engineering. After doing this lab it became evident that this is not the case and it can be very easy to carry out an attack on an unsuspecting victim. Prior to this lab I did not have any experience with the metasploit framework at all. This lab was also very useful and helpful at learning how to use metasploit. Prior to this lab I also had very minimal experience with telnet and nmap. I gained a lot of very valuable information about how to use both of these tools.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information