Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing Training Day Capture the Flag Training.

Published byLenard Price Modified over 9 years ago

Similar presentations

Presentation on theme: "Penetration Testing Training Day Capture the Flag Training."— Presentation transcript:

1 Penetration Testing Training Day Capture the Flag Training

2 Presentation to insert name here 2 Boot Up! Insert your discs! Press when Boot prompt appears Start X with startx Set static IP address Team 1 192.168.1.1x Team 2 192.168.1.2x Netmask 255.255.0.0 No gateway Use preferences->network Ping the scorebot 192.168.0.10

3 Presentation to insert name here 3 Discovery What machines can you see? nmap 192.168.0.0/24 nmap –oA results 192.168.0.0/24 nmap –sV –oA results2 192.168.0.0/24

4 Presentation to insert name here 4 Service Analysis - FTP ftp service is enabled ftp 192.168.0.x Each team go to your server! What’s there? Why is this bad? Commands: dir, ls… Special commands! ls –a Log vulnerabilities on sheets

5 Presentation to insert name here 5 Service Analysis - SMB Samba is enabled! smbclient –L 192.168.0.x Your team box again! Which shares are available? Log list of shares Browse to shares What did you do for FTP? What other information is there?

6 Presentation to insert name here 6 Service Analysis - RPC Remote Procedure Calls rpcclient 192.168.0.x getusername lsaenumsid lookupsids xxx enumdomusers Log users!

7 Presentation to insert name here 7 Service Analysis - SSH Secure Shell Users??? ssh –l username 192.168.0.x

8 Presentation to insert name here 8 Service Analysis - MySQL Database server, port 3306 mysql –h mysql –u root –h 192.168.0.x Log vulnerabilities show databases; Show your SQL skills! What do databases normally store?

9 Presentation to insert name here 9 Service Analysis - netcat Netcat – swiss army knife of hackers Simple: Sends and receives data to and from TCP ports nc 192.168.0.x 25 SMTP Netcat can be used to keep access

10 Presentation to insert name here 10 Service Analysis - SNMP Simple Network Management Protocol snmpcheck.pl –t 192.168.0.x

11 Presentation to insert name here 11 Application Testing Start Browser and Burp Configure Firefox proxy as localhost:8080 Browse to http://192.168.0.xhttp://192.168.0.x Intercept is on! Play! Spider site – add to scope

12 Presentation to insert name here 12 Application Testing Find additional content Administration pages http://192.168.0.x/admin Create an account Password vulnerabilities

13 Presentation to insert name here 13 Application Testing SQL Injection Find a product Look at the parameter list Try injection on parameter 1’ or a#

14 Presentation to insert name here 14 Application Testing XSS Search field Try typing things in – the view the response in burp How can you get script in here? Better – how can you get script in without it creating an error?

15 Presentation to insert name here 15 Application Testing Password and account guessing Check security files Mooch around Download img.jpg

Download ppt "Penetration Testing Training Day Capture the Flag Training."

Similar presentations

Computer Security Fundamentals

Computer Security Fundamentals
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
KX-NS1000 Initial Set Up For step by step : 16 May, 2012 1.

KX-NS1000 Initial Set Up For step by step : 16 May,
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Network Performance Toolkit (NPToolkit) A Knoppix Live-CD Rich Carlson Tools Tutorial 12/4/06.

Network Performance Toolkit (NPToolkit) A Knoppix Live-CD Rich Carlson Tools Tutorial 12/4/06.
MIS 5211.001 Week 7 Site:

MIS Week 7 Site:
UNIT - III. Installing Samba Windows uses Sever Message Block(SMB) to communicate with each other using sharing services like file and printer. Samba.

UNIT - III. Installing Samba Windows uses Sever Message Block(SMB) to communicate with each other using sharing services like file and printer. Samba.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Advanced Networking for DVRs

Advanced Networking for DVRs
NORTEL NETWORKS CONFIDENTIAL CallPilot 150 Modem Access Jan 03, 2005 Version 1.5.

NORTEL NETWORKS CONFIDENTIAL CallPilot 150 Modem Access Jan 03, 2005 Version 1.5.
1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.

1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.

One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.

Similar presentations

Ads by Google