Alison Buben Jay Pataky COSC 316.  Main purpose: Penetration Testing ◦ Evaluating the security of a computer by simulating an attack ◦ Showing where.

Slides:



Advertisements
Similar presentations
Patch Management Patch Management in a Windows based environment
Advertisements

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Armitage and Metasploit Penetration Testing Lab
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.
Virtual Trouble Shooting & Tutorial For students automation Using 64bits computer Or Apple OS Or Windows Vista Or …
Port Scanning.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
MIS Week 6 Site:
SCSC 555 Frank Li.  Introduction to Enumeration  Enumerate Microsoft OS  Enumerate *NIX OS  Enumerate NetWare OS (skip) 2.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
MIS Week 6 Site:
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Penetration Testing 101 (Boot-camp)
Small Business Security Keith Slagle April 24, 2007.
1 The Main Event Battle Of the Sniffers. ● The Champion – Ethereal: Network Analyzer ● The Challenger – Ettercap: Network Security Suite.
TCOM Information Assurance Management System Hacking.
| nectar.org.au NECTAR TRAINING Module 9 Backing up & Packing up.
Understand Malware LESSON Security Fundamentals.
Installing VERITAS Cluster Server. Topic 1: Using the VERITAS Product Installer After completing this topic, you will be able to install VCS using the.
GFI LANguard Matt Norris Dave Hone Chris Gould. GFI LANguard: Description Through the performances of the three (3) cornerstones of vulnerability management:
The Future With Windows XP Microsoft announced that after April 16, 2014 it will not longer support Windows XP. No statement on continued inclusion of.
Steven Geisel Gabe Owens.  Angry IP Scanner is an open-source and cross-platform network scanner  Features include IP Address scanning, port scanning,
The Challenges of Teaching an Interdisciplinary IA Course Rose Shumba Indiana University of Pennsylvania EPASEC 2006.
HOW TO FIX MSVCR100. DLL IS MISSING ERROR? missing-error.
Jen Beveridge and Joe Kolenda. Developed by Gordon Lyon Features –Host discovery –Port scanning –Version detecting –OS detection –Scriptable interaction.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
MASS-ANALYZING A CHUNK OF THE INTERNET: THE ROMANIAN IT LANDSCAPE GEORGE-ALEXANDRU ANDREI.
How To Silent-Install The AVG Antivirus 2017 Using The DOS Command.
How To Run AVG Antivirus Software 2017 In DOS. AVG is antivirus software used to detect and remove the virus from your system. It is an international.
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Jen Beveridge and Joe Kolenda
Metasploit Framework (MSF) Fundamentals
Nessus Vulnerability Scan
Penetration Testing: Concepts,Attacks and Defence Stratagies
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Security Testing Methods
Penetration Testing Karen Miller.
Network Exploitation Tool
Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016
Metasploit a one-stop hack shop
Module 22 (Metasploit Introduction)
Common Operating System Exploits
CIT 480: Securing Computer Systems
Module 36 (Expanding Your Control of Windows Victims)
Metasploit assignment
Backtracking Intrusions
CIS 329 Innovative Education-- snaptutorial.com
PT0-001 Dumps PDF CompTIA PenTest+ Exam Exam Code Exam Name.
forgot laptop password Windows 10 with no reset disk
Nessus Vulnerability Scanning
Intro to Ethical Hacking
Mobile Pen Testing w/ drozer
Intro to Ethical Hacking
Hands-On Ethical Hacking and Network Defense
Metasploit Assignment
Web Application Penetration Testing ‘17
Metasploit Analysis Report Overview
Intro to Kali Linux & Tools
Operating System Security
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Metasploit assignment – Arkadiy Kantor – Mis-5212
Penetration Testing & Network Defense
Presentation transcript:

Alison Buben Jay Pataky COSC 316

 Main purpose: Penetration Testing ◦ Evaluating the security of a computer by simulating an attack ◦ Showing where the weak points are  IMPORTANT ◦ Having good integrity checking and encryption can be lessoned or weakened if your system can be accessed ◦ It is critical to get approval before actually testing a system

 Vulnerabilities and Payloads ◦ Vulnerabilities are found by doing an open port scan ◦ Pick and choose a payload you want to run  The one we are using is widely used because all windows XP before service pack 2 have this port open  Remote Procedure Call

 Search results for exploit  Pick your exploit and it shows that it loaded  Options showed ◦ use exploit and show options for that exploit  What info is supplied and what still needs to be entered ◦ Remote host (RHOST)

 Set RHOST ◦ Shows all payloads that can be used  Meterpreter (more automated command prompt) ◦ "penetration tester's swiss army knife" - offensive security  Select: bind_tcp (easiest because nothing extra is needed) ◦ Set payload and look at options (Shows status of exploit and payload) ◦ Execute

 Fairly easy  Other tutorials help quite a bit  Your choice to pick ◦ GUI was easier ◦ Also a command line option Ease to Install  Steps ◦ Download a VM ◦ Open with VM ◦ Log in ◦ Generally easy

 This was our second tool ◦ 1 st tool selected we had installation problems ◦ Too many packets that it required  Overall biggest challenge ◦ Installation ◦ Finding tutorials that helped us ◦ Having a pre made VM with it already installed  QUESTIONS?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.