Gone in 60 minutes A Practical Approach to Hacking an Enterprise with YASUO Saurabh Harit Stephen Hall

Slides:

Advertisements

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

Advertisements

Implementing Tableau Server in an Enterprise Environment

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Web Vulnerability Assessments

Presenter: Robbie Corley Organization: KCTCS

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.

This presentation is intended as a detailed WebEx, to bring potential customers to an understanding of Dream Report capabilities. This presentation focuses.

Lesson 4: Web Browsing.

Easy Website Creation Using WordPress Welcome and Thank You to our Sponsors.

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

Offensive Security Part 1 Basics of Penetration Testing

IP Address Management and Request Service Kim Huynh CS491B.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

The easy way to a nice looking website design By a total non-designer (Me!)

GreenSQL Yuli Stremovsky /MSN/Gtalk:

Web Application Security Assessment and Vulnerability Assessment.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Teaching School Wide Positive Behavior Expectations Using QR Codes Name: Barbara Grace Age of Students: Content Area of Teaching Lesson: Behavior.

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Linux Operations and Administration

By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

NOWASP Mutillidae 2.3.x An open-source web pen-testing environment for security training, practice, instruction, and you Jeremy Druin Information Security.

GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.

IIPS Summer Conference Session VI Wednesday, July 23, 2008 ~ 8:30 – 10:00 AM Presenters: Carolyn S. Evert and Susan D. Pritchard, Caldwell Community College.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.

The Professional Open Source™ Company CLI Shell JBossNetwork Enterprise Manager Command Line Interface.

Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.

AppSec USA 2014 Denver, Colorado CMS Hacking 101 Hacking and Securing Popular Open Source Content Management Systems.

October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University

CS 4720 Dynamic Web Applications CS 4720 – Web & Mobile Systems.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

Web Applications Testing By Jamie Rougvie Supported by.

CSU - DEO Introduction to CGI - Fort Collins, CO Copyright © XTR Systems, LLC Introduction to the Common Gateway Interface (CGI) Instructor: Joseph DiVerdi,

Altman IM Ltd | | process | verify | convert | route | connect Prism Software’s solutions provide advanced workflow.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Web Security Group 5 Adam Swett Brian Marco. Why Web Security? Web sites and web applications constantly growing Complex business applications are now.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.

CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.

How to Setup Scan to on most Sharp Models.

Information Security Dashboard Senior Design Spring 2008 Brian Rappach.

07/21/97 MOSS Project Introduction and Definition -Senior Project-

Firewalls Fighting Spyware, Viruses, and Malware Ch 5.

COMP2322 Lab 4 Socket Programming Toby Lam March 2, 2016.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

1 ERP Support Portal ERP Department 25 th November 2015 User Guide.

Modern information gathering Dave van Stein 9 april 2009.

Google Hacking: Tame the internet Information Assurance Group 2011.

Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Defense In Depth: Minimizing the Risk of SQL Injection

Javascript worms By Benjamin Mossé SecPro

Penetration Testing Social Engineering Attack and Web-based Exploitation CIS 6395, Incident Response Technologies Fall.

Common Methods Used to Commit Computer Crimes

Penetration Test Debrief

Battalion: Automating Recon

Metasploit a one-stop hack shop

Microsoft Flow and PowerApps End-to-End

Easy Website Creation Using WordPress

Title: Tech Training Certificate: Ace of Initiative Program

Access eJournals Form Your Home

Hacking Your Local Internets

OWASP Joomla! (CMS) Vulnerability Scanner Project Flyer

Enterprise Class Security Scanner

Presentation transcript:

Gone in 60 minutes A Practical Approach to Hacking an Enterprise with YASUO Saurabh Harit Stephen Hall

getuid Saurabh Harit Director of Security Compass Pentester i.e. Domain Admin at many companies Have a secret crush on reverse engineering Gym freak / Proud father of two beautiful dogs Stephen Hall Security Compass …… Owner of a Christmas hat

What this talk is not about No0-days No Shells

Scenario You’re on a red-team engagement You’ve bypassed physical security You’ve bypassed NAC What next? How would you pwn the network? Vulnerability scanner?

The Problem Can’t use network vulnerability scanner Have to be Stealth & Quick Can’t use Google dorks (internal network) site, link, inurl

Where do $hells come from? It’s not about what, it’s about WHERE

Popular Vulnerable Apps Apache Tomcat

Popular Vulnerable Apps JBoss jmx-console

Popular Vulnerable Apps Hudson Jenkins

$hells

Not So Popular Vulnerable Apps ADManager Plus

Not So Popular Vulnerable Apps ADManager Plus

Not So Popular Vulnerable Apps Cyberoam UTM

Not So Popular Vulnerable Apps Cyberoam UTM

YASUO what??? Written in ruby Written in ruby Did not write it on our flight here Did not write it on our flight here Scans the network for vulnerable applications Scans the network for vulnerable applications Currently supports around 100+ vulnerable applications Currently supports around 100+ vulnerable applications All currently supported apps are Metasploit-able All currently supported apps are Metasploit-able

Why Yasuo Because there are tons of vulnerable applications and its not easy to find them

World Without Automation Run nmap scan & manually poke each & every web port This CANNOT be fun

What’s currently out there Nikto by Chris Sullo Nmap script – http-enum.nse by Ron Bowes, Andrew Orr, Rob Nicholls Nmap script – http-default-accounts.nse by Paulino Calderon exp/calderon/scripts/http-default-accounts.nse

Exploring Yasuo

What’s in the Box yasuo.rbresp200.rbdefault-path.csvusers.txtpass.txtGPL

Behind the Scenes Detects false-positives Automatically extracts login form Automatically extracts login parameters

What’s New

RaNdOmIzAtIoN!!! More robust check to detect false positives Properly formatted output table More application signatures Signatures for IP Cameras / Encoder / Decoders Modular & Cleaned-up Code – if there is any such thing

Demo Time

Challenges Exploit-db – great resource but inconsistent format

Challenges Dynamic detection of login page and parameters is regex based.

Future Development Smarter version detection Support masscan output format (because y’all love to scan the Interwebs) Add support for more vulnerable applications, Ofcourse Add secondary signature Make current crappy code modular Add multi-threading Add support for vFeed??? Change format of default path file – CSV to YAML? or JSON?

CFH (cry for help) Signatures Signatures Signatures & Signatures Please submit application signatures: Post a comment on Github Update default path file on Github Drop us an Send a Pigeon.

Questions??? or not

Thank You! _stephen_h ✖

Credit Nmap ruby library The Exploit Database (EDB) - Google Image Cache