Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Discussion In Penetration Testing Marcial White.

Published byKelley Boyd Modified over 9 years ago

Similar presentations

Presentation on theme: "A Discussion In Penetration Testing Marcial White."— Presentation transcript:

1 A Discussion In Penetration Testing Marcial White

2 Introduction Definition of “Hacker” White Hat vs. Black Hat Open Source Methodologies

3 Penetration Testing Concepts What is a penetration test? –Public Image –Border Networks –Interior Networks What do they produce? –What don’t they produce? How extensive are they? White Box vs. Black Box

4 Methodology Overview Footprinting –Search Engine Hacking –Social Engineering –White Box Footprinting –Black Box Footprinting Network Enumeration Gaining Access to the Network Escalating Privileges Covering Your Tail Retaining Control –Rogue User Accounts If All Else Fails … Some Defenses

5 Google Hacking Zero-footprint profiling of the target Start with the simple stuff –Company Name Do popularity searches on the people you find in the first search Look for important looking people A full list of operators available at –http://www.google.com/help/operators.htmlhttp://www.google.com/help/operators.html http://johnny.ihackstuff.com For example, “ filetype:txt inurl:robots site:whitehouse.gov “

6 Social Engineering “The practical application of sociological principles to particular social problems” (http://www.dictionary.com)http://www.dictionary.com “the practice of obtaining confidential information by manipulation of legitimate users” (Wikipedia)Wikipedia Examples: Lord Nikon and Cereal Killah from Hackers (the most realistic hacking movie ever). Relying on people not reading the EULAs – the Microsoft PLUS! Scheme. Kevin Mitnick: The Art of Deception & The Art of Intrusion

7 White Box Footprinting Consult the existing network diagram Scan the network Compare results –Find running services –Find live hosts fping, ICMPenum, Ethereal –Record hops between an interior host and the border of the network (traceroute) WhoIs

8 Black Box Footprinting What do you know? –Most get a single IP to start with Find out what you can on that IP WhoIs it? –http://www.centralops.nethttp://www.centralops.net –http://www.samspade.orghttp://www.samspade.org –NSLookup –Visual Route –Email Tracker PRO (wooptyfriggindo) Often times more systems will be found than were reported. Document everything.

9 Enumerate the Network Overlaps a bit of the footprinting … NMap is your friend –XMAS Scan nmap –sX host.com –A successful XMAS scan will find one of two things »A closed port on a host will reply with RST »Open ports will lay conspicuously silent. –Fe3d for documentation nmap –oX filename.xml host.com

10 Nmap XMAS Scan

11 Fe3d

12 Gaining Access … Sniff passwords with a protocol analyzer Ethereal Etherpeek TCPDump Snort Nessus NASL NT Info Scan ReadSMB

13 Escalating Privileges Be SILENT! Brute Force Tools John The Ripper Cain and Abel L0phtCrack Trojan\Back doors Netbus “Remote Administration and Spy Tool” Man in the Middle Attacks Inherent TCP/IP flaws –Three Way Handshakes –Packet Headers –ARP »Ettercap

14 Unix\Linux rhosts files Usually located at ~/.rhosts »Recommended permissions: 600 + HostName -HostName +@NetGroup -@NetGroup Also of interest: /etc/host.equiv »Allows remote machines to execute commands on the local machine Windows LSA Secrets Older Windows machines (NT 3.51 – 4.0) Dumps various LSA secrets such as service passwords (plain text), cached password hashes of the last users to login to a machine, FTP, WEB, etc. plaintext passwords, RAS dial up account names, passwords etc, workstation passwords for domain access, etc.

15 Covering your tail It’s all in the configuration Command history ftp/telnet/ssh/etc logs Dynamically generated routing tables Logging daemons klogd metalog »Look in /var/log/, /etc/, /usr/bin Hide your tools Hidden files Obscure naming convention *nix »/.rootkits »Veto files »Burying the files *doze: »Hidden system files »Burying the files

16 Keeping your doors open Creating rogue user accounts Permissions »RWXRWXRWX »Groups »Creating accounts called “tty” Windows Administrator Retaining control cron jobs Keyloggers »Regload »LKL

17 Still can’t get in? Denial of service? »Yes! …. I mean, no! Resource Consumption »Attempts to use finite resources (memory, CPU, file handling) Poor programming »Vulnerable variables, which usually lead to more serious vulnerabilities »Ex: “The Register” HTML variables (exposed to phishing attacks http://wheresthebeef.co.uk/show.php/xss/clicknbuild.html)

18 Conclusion … people suck. Do your homework. Be cool. Stay in school. Questions? marwhit1@uat.edu

Download ppt "A Discussion In Penetration Testing Marcial White."

Similar presentations

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L1 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L1 1 Implementing Secure Converged Wide Area Networks (ISCW)
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.

Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Hacking Unix/Linux.

Hacking Unix/Linux.
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville

Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville

Similar presentations

Ads by Google