IDS and Penetration Testing Lab II

Similar documents
IDS and Penetration Testing Lab ISA 674

IDS and Penetration Testing Lab ISA656 (Attacker)

Remote Access to Unix Machines

Vulnerability analysis

VCL Access. VCL provides access to Linux and Windows 7 Virtual Machines. Users will only see those images that they are authorized to access.

Vulnerability Assessment Lab

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

Penetration Testing LAB Setup Guide

Smartphone Pentest Framework v0.1. User Guide

NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy

AUTHOR CONTACT DETAILS

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. ID: My Blog:

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Connecting to the School of Computing Servers and Transferring Files

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

Lab 2: Secure Network Administration Principles - Log Analysis

Using Virtual Machines

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Cybernetic Proving Ground

Remote Desktop Web Access. Using Remote Desktop Web Access

Lab 1: Network Devices and Technologies - Capturing Network Traffic

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

Lab 9: Pen Testing (NESSUS)

Lab 12: Mitigation and Deterrent Techniques - Anti-Forensic

Penetration Testing LAB Setup Guide

Running a Default Vulnerability Scan

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

File Transfer Examples. Running commands on other computers and transferring files between computers

Laboration 3 - Administration

Post Exploitation. n00bpentesting.com

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

How to Backup XenServer VM with VirtualIQ

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

UOG User Guide. Windows

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

Running a Default Vulnerability Scan SAINTcorporation.com

IIS, FTP Server and Windows

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

Miami University RedHawk Cluster Connecting to the Cluster Using Windows

Symantec Cyber Readiness Challenge Player s Manual

Penetration Testing Lab. Reconnaissance and Mapping Using Samurai-2.0

Lab 10: Security Testing Linux Server

1. LAB SNIFFING LAB ID: 10

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com.

Accessing your Staff (N and O drive) files from off campus

Download and Install the Citrix Receiver for Mac/Linux

Quick DDNS Quick Start Guide

Hallpass Instructions for Connecting to Mac with a Mac

VHA Innovations Program Future Technology Laboratory. Linux Workstation Remote Desktop Connection Manual

Shellshock Security Patch for X86

OpenVPN over SSH tunneling

Additional Information: SSH, PuTTY, and VmWare

Introduction to Vulnerability Scanners Lab

Massey University Wireless Network Client Configuration Mac OS X

Welcome to Collage (Draft v0.1)

From a Finder window choose Applications (shown circled in red) and then double click the Tether icon (shown circled in green).

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

PENN. Social Sciences Computing a division of SAS Computing. SAS Computing SSC. Remote Computing. John Marcotte Director of SSC.

Lab 8: Configuring Backups

AXIS Camera Companion Internet access

Instructions for Accessing the Advanced Computing Facility Supercomputing Cluster at the University of Kansas

Tutorial: Using HortonWorks Sandbox 2.3 on Amazon Web Services

Remote Desktop Administration

Accessing VirtualBox Guests from Host using SSH, WinSCP and Tunnelling

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

Web Application Vulnerability Testing with Nessus

GENERAL FILE TRANSFER GUIDELINES

mystanwell.com Installing Citrix Client Software Information and Business Systems

Secure Global Desktop (SGD)

Junos Pulse VPN Client Installation

NYU-Poly VLAB Introduction LAB 0

Installing and Configuring Nessus by Nitesh Dhanjani

How To Set Up Dataprotect

Intelligence Gathering. n00bpentesting.com

F-SECURE MESSAGING SECURITY GATEWAY

Lab Objectives & Turn In

How to hack a website with Metasploit

Penetration Testing Walkthrough

Firewalls and Software Updates

Managed Devices - Web Browser/HiView

Social Engineering Toolkit

How to install IDA floating licenses on a Windows server

M2M Series Routers. Port Forwarding / DMZ Setup

INASP: Effective Network Management Workshops

USING TEAMVIEWER QUICKSUPPORT FOR REMOTE ASSISTANCE FEBRUARY 2013

Virtual Private Network (VPN)

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

Lab 7: Introduction to Pen Testing (NMAP)

HPC system startup manual (version 1.30)

SSH to BeagleBone Black over USB

Manual for Configuring Cisco Any Connect Secure Mobility Client in Linux Red Hat

FTP Use. Internal NPS FTP site instructions using Internet Explorer:

Ad Hoc (Temporary) Accounts Instructions

Penetration Testing Workshop

Tips for getting started! with! Virtual Data Center!

DVS-100 Installation Guide

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

REMOTE ACCESS DDNS CONFIGURATION MANUAL

Quick DDNS Quick Start Guide

PuTTY/Cygwin Tutorial. By Ben Meister Written for CS 23, Winter 2007

Transcription:

IDS and Penetration Testing Lab II Software Requirements: 1. A secure shell (SSH) client. For windows you can download a free version from here: http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.62- installer.exe Mac/Linux distributions come with ssh, you just have to open a console to invoke the program. 2. The BackTrack Linux Penetration Testing Distribution http://www.backtrack-linux.org/downloads/ (PROVIDED, no need to download unless you want to run in locally). 3. Metasploitable 2 vulnerable platform (http://sourceforge.net/projects/metasploitable/files/metasploitable2/) (PROVIDED, no need to download unless you want to run in locally) 4. Windows Users please install Xming X Server for X-windows support (Free) 5. Mac Users install X11 XQUARTZ 6. Linux just need to start X-Windows Lab Exercise Steps: A. Connect to BackTrack Linux on DSLSRV.GMU.EDU and port 10022 (or 11022) as root using ssh and password isa674. (with the dot): - For Mac/Linux, type: ssh root@dslsrv.gmu.edu -p 11022 Or ssh root@dslsrv.gmu.edu -p 10022 You should get: root@dslsrv.gmu.edu's password: Linux bt 3.2.6 #1 SMP Fri Feb 17 10:34:20 EST 2012 x86_64 GNU/Linux

[ ] root@bt:~# For Windows Enter dslsrv.gmu.edu for Host name and 10022 or 11022 (second server) for Port and click Open

login as: root password: isa674. (with the dot). Now we are all logged in in an ssh terminal and we can continue with the Lab. Your metasploitable machines are directly connected to your backtrack on IP addresses: 10.1.1.2 and 10.1.1.3 Target Reconnaissance The first step for any penetration testing approach is the reconnaissance part. All of you used nmap in the past to: Questions: - Detect the machines with open ports available in a subnet - Identify the open ports and potentially more information about the services and machine running the services 1. How do we identify which subnets are available for us in a host? Which command will provide that to us? Can we find that command using the man k keyword search? 2. What is the NMAP syntax that we will use to scan a subnet?

3. What is the NMAP syntax to find the operating system of the machines in the subnet? 4. Can NMAP identify vulnerable services and point us to the exploits? Although nmap is a very useful tool, it is limited in what it can do for us. An alternative tool with graphical user interface and more detailed analysis of the potential vulnerabilities of each services on a target host is NESSUS (http://www.tenable.com/products/nessus) In this lab, we will be using NESSUS to scan the vulnerable machines and identify exploits that can be used to attack those machines. NESSUS is yet another tool in our penetration testing arsenal and a complement to Metasploit that we used in the last Lab. Reconnaissance with NMAP B. Start your X-windows client a. Mac Users start XQuartz b. Windows users start Xming X Server C. Start SSH connection to the Backtrack server as per step A but with a modification: a. Mac Use ssh Connect to the Backtrack servers as per step (A) but with a slight change for Mac and Linux: ssh Y root@dlssrv.gmu.edu -p 11022 b. For Windows Start putty and enable the X11 forwarding on the Putty program before you try to connect (see Figure in next page)

The -Y flag instructs the remote server to forward any graphical windows to your local X-Windows so you can view GUIs. You should be in a prompt like this: root@bt:~# To test if you have the GUI activated, type xterm on the prompt, you should get (the window might be flashing at your command bar and you have to click it to bring it up):

D. Now we are ready to start with NESSUS which is browser driven For your convenience, I have installed already NESSUS on the backtrack so you do not have to perform any steps other than execute the program. In general though, you will need to install NESSUS on a backtrack installation using the following steps: http://www.fuzzysecurity.com/tutorials/8.html In the command prompt root@bt:~#, type: firefox -ProfileManager This should bring up the window of the firefox browser. Depending on your Internet or network connection this might take few seconds. In the end, you should see: Create your own profile by clicking NEXT and then fil out your name click NEXT and then Start Firefox with your profile (See Figure next page).

Next time you can use your profile instead of creating one. E. Start Nessus Type https://localhost:8834 in the Browser Address and press return: In the NESSUS Login Window Type root for Username and msec641.

Click Login to enter and OK in the next screen. Click on Scans and Add. You need to fill the form with a name (your own), the type is Run Now and the policy is Internal Network Scan and for Scan Targets you enter the IP addresses of the hosts to scan (like in nmap). After you complete the form press Lunch Scan at the bottom right of the screen. The next step is to Browse the report (it takes 4-5 mins to complete the scan). To browse the existing reports, you click on Reports-> Browse (on top). You should get a screen similar to the one in the next page.

By selecting one of the two and clicking on Browse (or double click), you get: By clicking further you get:

Using this information and either metasploit (msfconsole or armitage which we will cover in class, you can attack the two machines). Another option is to use http://www.exploit-db.com/ (see next page)

Use the SEARCH option and copy the CVE or OSVDB option to get: By double clicking on the link, you get:

The above is a python exploit This is the exploit in python. Follow their recommended steps to exploit the vulnerability. Where you successful? Futher Questions: Select 4 High and 4 Medium threats and test to see if you can break into the machines. Note that not all exploits are exploitable! Describe what you did even if it was not successful. Include screenshots of your effots. Extra Credit - Install your own Backtrack 5 R2 (you can get it from here: (http://www.backtrack-linux.org/downloads/) - Install NESSUS using the home feed (free) http://www.fuzzysecurity.com/tutorials/8.html

- Provide scans for dslsrv.gmu.edu and the GMU mail server mh-x.gmu.edu - Provide scans for www.gmu.edu and another server of your choice - If you cannot install your own NESSUS use the one provided to perform the same scans Interesting video with some instructions but more advanced: http://www.youtube.com/watch?v=gw5xioitelw&feature=player_embedded We will discuss and dive into the tools more in class!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information