Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing & Network Defense

Published byLuiz Fernando Matheus Salgado Modified over 5 years ago

Similar presentations

Presentation on theme: "Penetration Testing & Network Defense"— Presentation transcript:

1 Penetration Testing & Network Defense
Exploitation                     Peer Instruction Questions for Cybersecurity: Pentesting by William E. Johnson, Allison Luzader, Irfan Ahmed is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

2 Upon gaining access to a machine, you find a network interface running on a /24 network. How would you map it? Run nmap on your machine with a /24 masking based on that address Use Metasploit’s autoroute and run a port scan on /24 Use Metasploit’s migration feature to gain direct access to /24 Run a broadcast scan on all interfaces Answer: B Category: port scanning

3 You’ve exploited Notepad (gaining Meterpreter access) and expect that the user may close the application. What should you do to prevent losing your Meterpreter? Background the Meterpreter Re-exploit the machine Migrate to a different process Upload a new Meterpreter payload Replace the Meterpreter with a reverse Meterpreter Answer: C Category: metasploit, meterpreter

4 Using Metasploit, you’re able to fully access a Windows XP SP2 machine
Using Metasploit, you’re able to fully access a Windows XP SP2 machine. What would be the most efficient way to upload and execute a file from your attacking host? Use the windows/upexec/bind_tcp payload to upload and execute the file in Metasploit Use Metasploit to get a Meterpreter, then use the upload and execute commands to upload and execute the file Exploit the machine with MS08-067, get a shell with windows/shell/bind_tcp payload, download the file from your machine, and execute it. Use Netcat to transfer the file and execute it in a Meterpreter session Answer: A Category: metasploit No reason to spend unnecessary time for remote execution using Meterpreter, etc. when you can just use a quick payload The goal here is to leave the smallest footprint possible

5 You’ve exploited a set of machines, and need to run an identical set of Meterpreter commands on each one. How would you do this? Use Meterpreter’s execute command to execute a Meterpreter script Use Meterpreter’s resource command to execute a local script Use Meterpreter’s resource command to execute a script placed on the remote machines Use Meterpreter’s shell command to run a shell script with Meterpreter commands Answer: B Category: metasploit, meterpreter

6 You’ve exploited a machine, gained Meterpreter access, and run autoroute to access a new network from that machine. How do you run exploits against machines on the new network without losing your Meterpreter? Run the Meterpreter migrate command to migrate to a new Metasploit session Run the Meterpreter background command to return to the Msfconsole Run the Meterpreter clearenv command to clean Meterpreter’s environment for new exploits Run the Meterpreter resource command to save access to that machine Run the Meterpreter interact command to interact with the new machines Answer: B Category: metasploit, meterpreter

Download ppt "Penetration Testing & Network Defense"

Similar presentations

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Metasploit Payloads and Antivirus Mark Baggett December 2008 GIAC GSEC GCIH.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Metasploit Payloads and Antivirus Mark Baggett December 2008 GIAC GSEC GCIH.
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.

Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
What are computers? Computers are machines that perform tasks or calculations according to a set of instructions, or programs. The first fully electronic.

What are computers? Computers are machines that perform tasks or calculations according to a set of instructions, or programs. The first fully electronic.
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.

Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.

EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.

Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
Reinsel Kuntz Lesher, LLP.  Outline Overview  netstat -an (-ano will give the PID)  ftp  bin  mget  mput  telnet  telnet bobm.us 25  helo  mail.

Reinsel Kuntz Lesher, LLP.  Outline Overview  netstat -an (-ano will give the PID)  ftp  bin  mget  mput  telnet  telnet bobm.us 25  helo  mail.

Similar presentations

Ads by Google