Download presentation
Presentation is loading. Please wait.
Published byJunior Hood Modified over 9 years ago
1
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by
2
Presentation to insert name here 2 Hacking Systems Financial gain Commercial secrets Credit card information Political motivations To discredit individuals Cause personal harm Lulz….
3
Presentation to insert name here 3 Hacking Systems Weapons – Stuxnet – Flame 0 day vulnerabilities Expensive cryptographic attacks Weaponised modules
4
Presentation to insert name here 4 Methodology Network/Host Mapping Service Identification Vulnerability Identification Vulnerability exploitation Privilege Escalation Maintaining Access Clearing Logs Recording actions!
5
Presentation to insert name here 5 Host Mapping - Port Scanning
6
Presentation to insert name here 6 Port Scanning Demo Basic syn scan – of a default Windows XP build nmap –sSU –A –oA winxp 192.168.0.99 -sSU Use TCP SYN scan and UDP scan -APerform all tests -oA winxpOutput multiple files
7
Presentation to insert name here 7 Vulnerability Scanners - Nessus Venerable Nessus! Bad Nessus! Still a damn good tool Free
8
Presentation to insert name here 8 Exploitation! Excitement! Risk! …. Danger! Who owns this box? Do you have permission (shouldn’t have been scanning it) Will they be really upset if you break it?
9
Service Exploitation Services available on Internet Or internally Research service Poke it Can you log onto in? Love default passwords :) What will it give you? – VOIP phone with default password and access to memory
10
Example Services SMB – Server Message Block – Protocol for application communication – Authentication mechanisms – Windows – Win2K – 'null' user allows access to entire username directory
11
Example Services Veritas Netbackup – TCP port 10000, NDMP – File backup and backup agent management – Vulnerability allows download of any file from Windows system – Another overflows buffers and allows code execution
12
Buffer Overflows
13
Shell Code
14
Reverse Shell Shell code executes TCP connection back Starts local shell process Redirects input and output streams over TCP Attacker gains command prompt Under the account of the vulnerable process Meterpreter Shell Powerful tool Launch further attacks Pivot to other systems
15
Privilege Escalation Determine current priviledge level Add user? Exploit further? Professional hackers only need go so far…
16
Reporting Reporting carried out whilst testing Both technical details and executive summary
17
Vulnerability Ratings Impact – What is the possible damage that could be done? Exploitability – How easy is it to attack and realise the impact? – How much knowledge is required? – Are there public exploits? Risk Rating – Combination of Impact and Exploitability – High impact but low exploitability = low(er) risk – Many algorithms
18
Metasploit Express
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.