EVAPI - Enumeration Auburn Hacking club https://goo.gl/aXX18b.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Firewalls and Intrusion Detection Systems
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.
Computer Security and Penetration Testing
Deff Arnaldy
Port Scanning.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Ana Chanaba Robert Huylo
FIREWALL Mạng máy tính nâng cao-V1.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.
Linux Networking and Security
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
TCP/IP bai3110. Topics covered TCP/IP layers TCP UDP IP ICMP Unicast Broadcast Multicast ARP IGMP Sniffing Port scanning.
Lesson 7: Network Security and Attacks. Computer Security Operational Model Protection = Prevention+ (Detection + Response) Access Controls Encryption.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
1 Bus topology network. 2 Data is sent to all computers, but only the destination computer accepts 02608c
Network Management CCNA 4 Chapter 7. Monitoring the Network Connection monitoring takes place every day when users log on Ping only shows that the connection.
Footprinting and Scanning
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and.
1 DETAILS OF PROTOCOLS The Zoo Protocol - TCP - IP.
Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
Network and Port Scanning Chien-Chung Shen
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.
Protection (tools).
Hands-On Ethical Hacking and Network Defense
Penetration Testing Scanning
Enumeration The First Step.
Port Scanning James Tate II
Footprinting and Scanning
CITA 352 Chapter 5 Port Scanning.
The Linux Operating System
Linux Networking Tools
Port Scanning (based on nmap tool)
CIT 480: Securing Computer Systems
Information Gathering
Module 18 (More Network Discovery)
Footprinting and Scanning
Overview of Networking & Operating System Security
Intro to Ethical Hacking
The Siphon Project An Implementation of Stealth Target Acquisition & Information Gathering Methodologies Introduction: Introduce self, Chris introduce.
Figure 3-23: Transmission Control Protocol (TCP) (Study Figure)
Acknowledgement Content from the book:
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

EVAPI - Enumeration Auburn Hacking club https://goo.gl/aXX18b

https://goo.gl/aXX18b This Week CCleaner started serving malware when you downloaded updates in August – recently acquired by Avast in July https://goo.gl/aXX18b

EVAPI Enumeration Vulnerability Scanning Access Privilege Escalation Implant Recap what EVAPI is and means – compare it to software process (not a waterfall) Talk about what Enumeration is

Enumeration Environment Internal Networking Outside a Network ~ Wireless Outside a Network ~ Other Internal network = finding networking devices (other boxes, servers, etc) Outside network: Finding wireless, or finding other things (SDR, Bluetooth, etc)

Networking World Subnet Packets IP Address Port Routing Quickest Introduction to Networks anyone has ever seen Port Routing

Basic Bitch Networking Tools Ipconfig / Ifconfig Ping Tracert / Tracepath / Traceroute Nslookup Netstat Ssh / telnet / puTTy

Port Scanning Probing Ports -> Analyzing Results Open vs Filtered vs Closed Secure on Wire vs Insecure      SSH vs Telnet / SFTP vs FTP

Popular Types of Port Scans ARP Scan TCP Scans Vanilla, SYN, FIN, IDENT, XMAS, ACK UDP ICMP Scans Address Resolution Protocol (ARP) scan: In this technique, a series of ARP broadcast is sent, and the value for the target IP address field is incremented in each broadcast packet to discover active devices on the local network segment. This scan helps us to map out the entire network. Vanilla TCP connect scan: It is the basic scanning technique that uses connect system call of an operating system to open a connection to every port that is available. TCP SYN (Half Open) scan: SYN scanning is a technique that a malicious hacker uses to determine the state of a communications port without establishing a full connection. These scans are called half open because the attacking system doesn’t close the open connections. TCP FIN Scan: This scan can remain undetected through most firewalls, packet filters, and other scan detection programs. It sends FIN packets to the targeted system and prepares a report for the response it received. TCP Reverse Ident Scan: This scan discovers the username of the owner of any TCP connected process on the targeted system. It helps an attacker to use the ident protocol to discover who owns the process by allowing connection to open ports. TCP XMAS Scan: It is used to identify listening ports on the targeted system. The scan manipulates the URG, PSH and FIN flags of the TCP header. TCP ACK Scan: It is used to identify active websites that may not respond to standard ICMP pings. The attacker uses this method to determine the port status by acknowledgment received. UDP ICMP Port Scan: This scan is used to find high number ports, especially in Solaris systems. The scan is slow and unreliable.

Fingerprinting Active vs Passive Detection of modification of packets Service Information  Banner grabbing Active (most common): sending data to a system to see how the system responds.  Passive: examining traffic on the network to determine the operating system rather than generating network traffic by sending packets to them Common techniques are based on analyzing: IP TTL values. IP ID values. TCP Window size. TCP Options (generally, in TCP SYN and SYN+ACK packets). DHCP requests. ICMP requests. HTTP packets (generally, User-Agent field).

Tools nmap Mass-scan Nessus / Vuln Scanners Specific Tools Zenmap, sparta Mass-scan Nessus / Vuln Scanners Specific Tools Snmpwalk, arp-scan, etc

On-The-Line Information Gathering Man in the Middle Wireshark Packet Inspection / Analysis aka Sniffing Wtf is a packet

WiFi World Basically the last world with less wires SSIDS, Channels, Increases attack surface SSIDS, Channels,  WEP vs WPA2 Second Tier Auth Protocols

Everything else Radio Frequencies SDR Over the air protocols Zigbee Bluetooth NFC

Contact Info, Website, etc, etc, etc v@auburn.edu | mr@auburn.edu auctf.github.io https://goo.gl/aXX18b