1 / 18

Penetration Testing Training Day

Supported by. Penetration Testing Training Day. Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc. Hacking Systems. Financial gain Commercial secrets Credit card information Political motivations To discredit individuals Cause personal harm Lulz…. 2.

devona
Download Presentation

Penetration Testing Training Day

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Supported by Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc

  2. Hacking Systems • Financial gain • Commercial secrets • Credit card information • Political motivations • To discredit individuals • Cause personal harm • Lulz…. 2 Presentation to insert name here

  3. Hacking Systems • Weapons • Stuxnet • Flame • 0 day vulnerabilities • Expensive cryptographic attacks • Weaponised modules 3 Presentation to insert name here

  4. Methodology • Network/Host Mapping • Service Identification • Vulnerability Identification • Vulnerability exploitation • Privilege Escalation • Maintaining Access • Clearing Logs • Recording actions! 4 Presentation to insert name here

  5. Host Mapping - Port Scanning 5 Presentation to insert name here

  6. Port Scanning Demo Basic syn scan – of a default Windows XP build nmap –sSU –A –oA winxp 192.168.0.99 -sSU Use TCP SYN scan and UDP scan -A Perform all tests -oA winxp Output multiple files 6 Presentation to insert name here

  7. Vulnerability Scanners - Nessus Venerable Nessus! Bad Nessus! Still a damn good tool Free 7 Presentation to insert name here

  8. Exploitation! Excitement! Risk! …. Danger! Who owns this box? Do you have permission (shouldn’t have been scanning it) Will they be really upset if you break it? 8 Presentation to insert name here

  9. Service Exploitation • Services available on Internet • Or internally • Research service • Poke it • Can you log onto in? Love default passwords :) • What will it give you? • VOIP phone with default password and access to memory

  10. Example Services • SMB – Server Message Block • Protocol for application communication • Authentication mechanisms • Windows • Win2K – 'null' user allows access to entire username directory

  11. Example Services • Veritas Netbackup • TCP port 10000, NDMP • File backup and backup agent management • Vulnerability allows download of any file from Windows system • Another overflows buffers and allows code execution

  12. Buffer Overflows

  13. Shell Code

  14. Reverse Shell • Shell code executes TCP connection back • Starts local shell process • Redirects input and output streams over TCP • Attacker gains command prompt • Under the account of the vulnerable process • Meterpreter Shell • Powerful tool • Launch further attacks • Pivot to other systems

  15. Privilege Escalation • Determine current priviledge level • Add user? • Exploit further? • Professional hackers only need go so far…

  16. Reporting • Reporting carried out whilst testing • Both technical details and executive summary

  17. Vulnerability Ratings • Impact • What is the possible damage that could be done? • Exploitability • How easy is it to attack and realise the impact? • How much knowledge is required? • Are there public exploits? • Risk Rating • Combination of Impact and Exploitability • High impact but low exploitability = low(er) risk • Many algorithms

  18. Metasploit Express

More Related