Ethical Hacking and Attack Tools



Similar documents
Testing for Security


Vulnerability Assessment and Penetration Testing

Penetration Testing with Kali Linux

Designing and Coding Secure Systems

Linux Operating System Security

CS5008: Internet Computing

by Penetration Testing

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Ethical Hacking Course Layout

Ethical Hacking as a Professional Penetration Testing Technique

Build Your Own Security Lab

CRYPTUS DIPLOMA IN IT SECURITY

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Information Security. Training

ANTI-HACKER TOOL KIT. ourth Edition

CYBERTRON NETWORK SOLUTIONS

Chapter 8 Phase3: Gaining Access Using Network Attacks

Virtual Learning Tools in Cyber Security Education

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

What is Web Security? Motivation

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Web Application Security

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

Advanced Linux System Administration on Red Hat

INFORMATION SECURITY TRAINING CATALOG (2015)

Evaluation of Penetration Testing Software. Research

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Learn Ethical Hacking, Become a Pentester

Linux Network Security

Course Content: Session 1. Ethics & Hacking

Web App Security Audit Services

Client logo placeholder XXX REPORT. Page 1 of 37

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Security Tools - Hands On

Kerem Kocaer 2010/04/14

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Audience. Pre-Requisites

Computer Security SEGC-00 - Overview

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Certified Penetration Testing Specialist

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

information security and its Describe what drives the need for information security.

Open Source Security Tool Overview

VMware: Advanced Security

NETWORK SECURITY WITH OPENSOURCE FIREWALL

Demystifying Penetration Testing

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

(WAPT) Web Application Penetration Testing

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Certified Penetration Testing Engineer

Lab 10: Security Testing Linux Server

2016 TÜBİTAK BİLGEM Cyber Security Institute

Malicious Network Traffic Analysis

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

CEH Version8 Course Outline

June 2014 WMLUG Meeting Kali Linux

Some Tools for Computer Security Incident Response Team (CSIRT)

Description: Objective: Attending students will learn:

INFORMATION SECURITY TRAINING CATALOG (2016)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

Securing Cisco Network Devices (SND)

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

Introduction to Network Penetration Testing

Certified Ethical Hacker Exam Version Comparison. Version Comparison

SONDRA SCHNEIDER JOHN NUNES

Penetration Testing LAB Setup Guide

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Certified Ethical Hacker (CEH)

Penetration Testing Workshop

Penetration Testing 2014

Web Application Penetration Testing

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus.

RMAR Technologies Pvt. Ltd.

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Creation of Pentesting Labs

TEACHING COMPUTER SECURITY TO UNDERGRADUATES A Hands-On Approach

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Basic & Advanced Administration for Citrix NetScaler 9.2

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Certified Cyber Security Expert V Web Application Development

Using Free Tools To Test Web Application Security

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Conducting an IP Telephony Security Assessment

Transcription:

Ethical Hacking and Attack Tools Kenneth Ingham September 29, 2009 1 Course overview Attackers have at their disposal a large collection of tools that aid their exploiting systems. If you plan to defend against attacks, knowledge of these tools and the techniques behind their use is imperative. This class covers vulnerabilities in systems, how attackers locate these security holes, and how they can then exploit them to achieve their goals. Additionally, the class covers defenses against the attacker s tools and techniques. Labs in this course are of two types: (1) Attacking a vulnerable system, and (2) preventing your classmates from successfully attacking your system. 2 Course objectives Learn techniques attackers use to compromise systems. Learn how to defend against these attacks. Learn many of the tools available to attackers. 3 Student background If you are attending this class, then we assume that You have a basic knowledge of Windows, including the ability to install software. You are familiar with the Linux command line, including using a text editor, file manipulation commands, and basic system administration tasks. You can read documentation for both of these systems. You know the ISO seven-layer model for networking, including what services each layer provides. 1

You understand the basics of TCP, UDP, and ICMP and know the differences between the protocols. You understand programming in a major programming language (e.g., C, C++, C#, Java, PHP, Python, Ruby,...). 4 Logistics The class lasts 4 days. The student computers need to run both Linux and Windows. Notable amounts of class time will be saved by having the tools pre-installed on the class machines. The total time for the students to install all the software exceeds two hours, and this time is better spent on class topics. Additionally, the class needs the Backtrack 2 attack tools CD. The class uses the following software: Internet access A collection of virtual and/or real machines for the class to scan (The instructor must set these up. A honeynet configuration is on the class web site. Other virtual machines are the responsibility of the instructor.) A web browser Backtrack 2 CD Firefox (on Linux distribution but needed for Windows) Firefox Web Developer toolbar Gnu C/C++ compiler (on Linux distribution but needed for Windows) Internet access Java JDK 1.6 Metasploit framework (on class web site) Missing from blackbox-attack.tex Missing from reverse-engr.tex Netcat (on Linux distribution) Nikto (on class web site) One or more (virtual and/or real) machines supporting SNMP on the class network Paros proxy PortSwigger burp suite Scapy (on class web server) WebGoat v5.2 WebScarab WinARPWatch (on class web site) arping (on Linux distribution) arpwatch (on Linux distribution) dig (on Linux distribution) dsniff (on Linux distribution and class web site) emacs (on Linux distribution) 2

etherflood (on class web site) ettercap (on class web site) fping (on Linux distribution) fudp (on class web server) gcc (on Linux distribution) gdb (on Linux distribution but needed for Windows) gdb (on Linux distribution) host (on Linux distribution) hping (on class web server) hunt (on class web server) juggernaut (on class web server nessus (on class web site) netcat (get this for Windows as part of Cygwin from cygwin.com; On Linux it is on the distribution media) nmap (on Linux distribution) nm (on Linux distribution) objdump (on Linux distribution but needed for Windows) p0f (on class web site) pscan rats (on class web site) rpcinfo (on Linux distribution) snmpcheck (on class web site) snmpget (on Linux distribution) snmpset (on Linux distribution) snmpwalk (on Linux distribution) stresser (on class web server) tcpdump (on Linux distribution) tcptraceroute (on class web server) telnet (on Linux and Windows distributions) telnet (on Linux distribution) traceroute (on Linux distribution) tracert (on Windows distribution) trout (on class web server) udpflood.exe (on class web server) whois (on Linux distribution) winfingerprint (on class web site) wireshark (on Linux distribution but needed for Windows) xprobe2 (on class web site) a class web server that can run perl CGI programs at least one of ddd or the GNU Visual Debugger (on Linux distribution) development tools such as make (on Linux distribution but needed for Windows) development tools such as make (on Linux distribution) 3

perl 5.8 (On Linux distribution but needed for Windows) sufficient network address space for a honeynet (private IP addresses are acceptable) Because the students will be using a collection of attack tools, we strongly recommend that the class network be isolated from the corporate network. However, Internet access (HTTP, HTTPS, DNS, possibly POP or IMAP) is necessary. This access can be through a firewall, but the firewall cannot prevent access to hacker sites. The students will be gathering publically-available information about the customer s company. Permission to gather this information from remote sites should be explicitly given. Attackers are gathering this information already. However, the gathering of this information may reveal security issues in the corporate presence on the Internet. Students will be explicitly directed not to attack production machines. The class network needs to be a /16. Private Internet space is acceptable. Students will also need an external email address. Web-based email is preferred, but IMAP and/or POP access will also work. Note that the mail user agent (web or other) must allow the user to view the full set of headers. For an extra fee, this access can be provided. In addition to the machines the students will use, the instructor needs a machine with at least a dual-core 64-bit CPU with 4GB of RAM and a DVD reader. More memory would be an asset, as would additional CPUs. This machine will run many of the victim systems as virtual machines, as well as simulate a victim network full of machines. Software for this machine will be provided on a DVD, and the instructor will install and test the setup on the day before the class starts. Additionally, for an extra fee we can supply a bridging firewall placed between the class network and the outside world that will enforce the rules and guidelines, as well as log any attempted violations of the policy. To utilize this service requires: the class has its own Ethernet switch, and the instructor can access the room containing the switch and can place the firewall between the class switch and the outside world. The location for the firewall must provide sufficient cooling (ambient temperature not to exceed 75F), power (500 watts), and a stable physical location for the firewall machine. Using this firewall is recommended because it will also be properly configured to act as a local DHCP and DNS server as well as a web proxy and provide network address translation (NAT) services. The instructor will set up the firewall the day before the class starts. The class needs a web server for the class web site. The instructor s laptop may be this web server; otherwise the machine provided in the classroom for the instructor is a good choice. This machine obviously will need web server software installed. 5 Class outline 1. Introduction (Lecture: 15; Lab: 0) 4

(a) Class Introductions (b) Class Logistics i. Class schedule ii. Breaks iii. Question policy iv. Break room and restroom locations v. Assumptions about your background (c) Typographic conventions (d) What the class covers 2. Ethical hacking introduction (Lecture: 45; Lab: 15) (b) Vocabulary (c) Attack goals (d) Types of vulnerabilities that exist (e) Attack procedure (f) Defending (g) Risk analysis (h) Legal issues (i) Notes about this class (j) Summary (k) Lab 3. Intelligence about the target (Lecture: 50; Lab: 35) (b) Internal and external web sites (c) Network information i. Finding this information ii. whois iii. Simple Forward and Reverse DNS Lookups (d) Netcraft (e) Email (f) Web tools i. Maltego (g) Defenses (h) Summary (i) Lab 4. Network mapping (Lecture: 40; Lab: 35) (b) Scanning for hosts i. ARP pings ii. arping 5

iii. nmap iv. ICMP scans A. nmap B. fping v. TCP A. nmap B. hping (c) traceroute i. tcptraceroute ii. mtr iii. trout (d) Firewalls (e) Defenses (f) Lab 5. Host mapping (Lecture: 45; Lab: 30) (b) Port scanning i. TCP A. TCP scan types ii. TCP scanning with nmap iii. TCP scanning with netcat or nc iv. UDP (c) Remote procedure call protocols (d) Banner grabbing i. Tools A. telnet B. netcat C. nmap (e) Protocol identification with amap (f) OS identification i. Active ii. Passive OS identification (g) Evading detection (h) Defenses (i) Lab 6. SNMP mapping (Lecture: 25; Lab: 30) i. SNMP traps ii. SNMP Overview 6

(b) What you can do with SNMP (c) SNMP Versions and their security (or lack thereof) (d) Tools i. snmpwalk ii. snmpget iii. snmpset iv. onesixtyone v. snmpcheck (e) Defenses (f) Lab 7. Network Monitoring and Eavesdropping (Lecture: 60; Lab: 75) (b) Monitoring tools i. tcpdump ii. wireshark iii. webspy (c) Password grabbers i. dsniff (d) Attacking switches i. macof ii. etherflood iii. arpspoof iv. ettercap (e) DNS spoofing i. dnsspoof (f) What to look for or do when performing these attacks i. webmitm ii. sshmitm (g) Defenses (h) Lab 8. Attacking the network protocols (Lecture: 25; Lab: 35) (a) SYN flooding i. Launching a SYN flood attack (b) TCP hijacking (c) TCP session termination (d) Port flooding (e) Defenses (f) Lab 9. Network traffic injection (Lecture: 25; Lab: 50) 7

(a) Why inject traffic (b) Scapy (c) Hping (d) packeth (e) Defenses (f) Lab 10. Reverse Engineering (Lecture: 15; Lab: 45) (b) IDA Pro (c) Linux tools i. Static analysis A. strings B. nm C. objdump ii. Dynamic analysis A. gdb B. strace C. ltrace (d) wine (e) Java (f) Microsoft CLR (g) Lab 11. Black-box Testing (Lecture: 30; Lab: 35) (b) Syntax Testing (c) Equivalence Partitioning (d) Boundary Condition Testing (e) Fuzzing (f) Resource Limits and Failure Conditions (g) Tools for Testing i. Fuzz testing tools ii. The Peach Fuzzer (h) Summary (i) Lab 12. How HTTP works (Lecture: 20; Lab: 25) (b) Common Gateway Interface (CGI) Parameters (c) GET and POST (d) Cookies (e) Lab 8

13. Attacking Web Applications (Lecture: 50; Lab: 45) (b) PortSwigger s Burp Suite (c) WebScarab (d) Paros Suite (e) Nikto (f) Firefox Web Developer toolbar (g) WebGoat (h) Summary (i) Lab 14. State and the web (Lecture: 25; Lab: 65) (a) Overview (b) Ways of tracking state i. Hidden fields in forms ii. Cookies iii. CGI parameters iv. HTTP Referer field (c) Session hijacking i. Solutions (d) Summary (e) Lab 15. Other Injection attacks (Lecture: 15; Lab: 35) (b) SQL injection i. Overview ii. Solutions (c) Shell code injection i. Overview ii. Solutions (d) Summary (e) Lab 16. Cross-site scripting (XSS) (Lecture: 40; Lab: 30) (a) Overview (b) A simple example (c) Example XSS attacks i. DoS the user s browser A. Session hijacking ii. DoS a web server iii. Make a web site contents not what the owner expects 9

iv. Port scanning v. Worms and viruses (d) Locations to place script references (e) Ways attackers try to obscure XSS (f) Types of XSS attacks (g) XSS is not just for HTML (h) XSS solutions (i) Summary (j) Lab 17. Buffer overflow introduction (Lecture: 20; Lab: 0) (b) A simple buffer overflow example (c) Memory layout i. Example (d) Summary 18. Stack overflows (Lecture: 20; Lab: 60) (b) Exploit: calling another function (c) Other exploits for stack overflows (d) More stack overflow information (e) A real stack overflow exploit program (f) Avoiding these problems (g) Summary (h) Lab 19. Format string errors (Lecture: 25; Lab: 60) i. Example (b) It gets worse! (c) A real attack program (d) The problem (e) How can you avoid this problem? (f) Summary (g) Lab 20. Pointer issues (Lecture: 35; Lab: 50) i. Example (b) Pointers to functions (c) C++ virtual method table i. Example 10

ii. Destructors (d) Global offset table (GOT) (e) The.dtors section i. Example (f) Exit handlers i. Example (g) setjmp/longjmp (h) Exception handling (i) Avoiding these problems (j) Summary (k) Lab 21. Vulnerability analysis (Lecture: 45; Lab: 60) (b) Vulnerability databases (c) Attacker web sites (d) Vulnerability assessment tools (e) Other non-commercial penetration testing tools (f) Commercial penetration testing tools (g) nessus i. Installing and running nessus (h) Defenses (i) Lab 22. Metasploit (Lecture: 40; Lab: 45) Appendices (b) Using metasploit i. Web interface ii. Console interface iii. Command-line interface (c) Auxiliary modules (d) The Data Store (e) Summary (f) Lab A. Cryptography Overview (Lecture: 70; Lab: 55) i. Cryptographic Applications ii. Open design (b) Cryptographic Primitives 11

i. Cryptographic hash functions ii. Symmetric key encryption iii. Public key encryption (c) Digital signatures (d) Public Key Management i. The Problem ii. Certificates iii. Trust Models iv. Example: PGP/GnuPG v. Example: SSL/TLS vi. Overview A. The server B. The client (e) Random numbers (f) Parameter sizes (g) Insecure Cryptography i. Key management errors (h) Do not innovate in cryptography (i) Summary (j) Lab B. Debugging with gdb (Lecture: 25; Lab: 30) (b) Compiling programs to be debugged (c) Working in gdb i. Starting and exiting gdb ii. gdb commands iii. Help iv. Info v. Show vi. Running programs (d) Breakpoints and watchpoints (e) Continuing and single stepping (f) Viewing data and the stack (g) Demonstration (h) GUI front ends for gdb (i) Lab 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information