Pentesting with Powershell

Slides:

Advertisements

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Advertisements

IP ADDRESS MANAGEMENT [IPAM]

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

Chapter 7 HARDENING SERVERS.

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.

Computer Security and Penetration Testing

Browser Exploitation Framework (BeEF) Lab

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

PowerShell Desired State Configuration for Securing Systems Jeffrey Snover Distinguished Engineer (MSFT) Hemant Mahawar Senior Program Manager (MSFT) #devconnections.

Honeypot and Intrusion Detection System

Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Module 14: Configuring Server Security Compliance

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

Module 1: Configuring Windows Server Module Overview Describe Windows Server 2008 roles Describe Windows Server 2008 features Describe Windows Server.

AppSec USA 2014 Denver, Colorado CMS Hacking 101 Hacking and Securing Popular Open Source Content Management Systems.

A Tale of Two Bugs. This Fall has been bad Let’s look at two CVE AKA “Shellshock” CVE AKA “Drupalgeddon”

Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009.

Samba – Good Just Keeps Getting Better The new and not so new features available in Samba, and how they benefit your organization. Copyright 2002 © Dustin.

Microsoft Management Seminar Series SMS 2003 Change Management.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Network Security Major Problems Network Security Major Problems Why Firewall? Why Firewall? Problems with Firewalls Problems with Firewalls What is.

Linux Operations and Administration

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Module 14: Advanced Topics and Troubleshooting. Microsoft ® Windows ® Small Business Server (SBS) 2008 Management Console (Advanced Mode) Managing Windows.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.

Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.

Wharton Computer Consulting, Inc. PowerShell Basics for SQL Server One Tool to Manage All SQL Servers Michael Wharton

Chapter 17 Windows NT/2000 Domains Cisco Learning Institute Network+ Fundamentals and Certification Copyright ©2005 by Pearson Education, Inc. Upper Saddle.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

Final Project: Advanced Security Blade IPS and DLP blades.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

PowerShell 5 & Windows 10. What are we covering today? What is PowerShell? Why is PowerShell important? Some simple demos on Windows 10.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Linux Systems Administration

Intro to Ethical Hacking

Stress Free Deployments with Octopus Deploy

Top 5 Open Source Firewall Software for Linux User

Chris D Hicks Director of IT MCSE, MCP + Internet Security

Penetration Testing Karen Miller.

Network Exploitation Tool

Modernize ConfigMgr OSD with Community Tools

Intro to Ethical Hacking

Unit 27: Network Operating Systems

DHCP, DNS, Client Connection, Assignment 1 1.3

Chapter 27: System Security

Web Application Penetration Testing ‘17

Windows Active Directory Environment

Mass Hunting and exploitation with powershell

APACHE WEB SERVER.

1. Azure Data Explorer Azure Data Explorer enables rich data exploration over raw, structured, and semi-structured data delivering fast time to insight.

Module 1: Overview of Systems Management Server 2003

Penetration Testing & Network Defense

6. Application Software Security

Securing web applications Externally

How to install and manage exchange server 2010 OP Saklani.

Engineering Secure Software

Presentation transcript:

Pentesting with Powershell by Rajganesh Pandurangan

Rajganesh (Raj) Pandurangan - OSCP, CISSP, CEH, QSA, PA-QSA MCSD.NET Email: prajganesh@gmail.com Senior Managing Consultant at U.S.Bank 16 years of security consulting experience Results-driven success across a multitude of Fortune 100 companies Consulting Services Web Application security assessment. Mobile security assessment. Network penetration testing. Wireless security testing. Security code review. Payment Card Industry Assessment Security GAP assessment. Implementing effective security solutions and strategies

Web Applications and Exploitation Distro (WAED) Site: http://www.waed.info Features: WAED is based on Debian 8.0 distribution. Use Docker to provide sandboxed environment Pre-installed web application testing tools 13 pre-installed vulnerable web application Each application can be started separately DEMO

What is Powershell Microsoft attempt to make admins use command line Task automation and configuration management framework Command line shell and scripting language Built on .NET framework Provides full access to WMI and COM Perform administrative tasks on local and remote windows systems Great for log parsing and WMI queries Available by default on Windows 7 and up

Contd.. Security Lot of work in DFIR -http://www.invoke-ir.com DLL injection WMI Abuse Hard to protect against attacks

Pentesting Methodology

(Firewall, IDS, IPS, DNS, DHCP) Host Machine (Mac) Kali Linux External Testing External DMZ PFSENSE -port 80, 443 (Firewall, IDS, IPS, DNS, DHCP) 192.168.15.100 DHCP https://www.youtube.com/playlist?list=PLE726R7YUJTePGvo0Zga2juUBxxFTH4Bk Windows 2012 Domain Controller, DNS 192.168.15.248 Internal https://www.youtube.com/watch?v=50VhoeG_6rY http://www.rebeladmin.com/2014/07/step-by-step-guide-to-setup-active-directory-on-windows-server-2012/ Debian - WAED Kali Linux Internal Testing 192.168.15.249 Windows 7 192.168.15.125 Windows 8 Windows 10 192.168.15.135 https://www.youtube.com/watch?v=w1QPijf4Wa0 https://www.youtube.com/watch?v=9Rs4RSfTgL0

Tools Required for Offensive Powershell Nishang - https://github.com/samratashok/nishang Powersploit - https://github.com/PowerShellMafia/PowerSploit Empire - https://github.com/PowerShellEmpire/Empire Posh-SecMod -https://github.com/darkoperator/Posh-SecMod PSAttack - https://github.com/jaredhaight/PSAttack PowerUPSQL - http://seclist.us/powerupsql-a-powershell-toolkit- for-attacking-sql-server.html

Few Important Scripts Invoke-CredentialsPhish Import-module Port-Scan out-csv, out-excel Get-help Get-NetComputer Get-NetDomainController Get-Netuser, Get-Netuser -user pentest3 Get-NetLocalGroup Invoke-filefinder Find-LocalAdminAccess Invoke-UserHunter Get-ServiceUnquoted Invoke-TokenManipulation -enumerate Invoke-TokenManipulation -createprocess "cmd.exe" -username "NT AUTHORITY\SYSTEM” (ls hklm:\security) Get-PassHashes Invoke-Mimikatz Invoke-AllChecks Get-GPPPassword Invoke-CredentialsPhish

Powershell Empire http://www.powershellempire.com Powerful post exploitation framework built on PowerShell Integrates tools from Powersploit Easily Extensible