250 likes | 369 Views
Security Tools Workshop Part I. Ernest Staats, MSIA, CISSP, CEH, Security+ , MCSE, CWNA,CNA, I-Net+, Server+, Network+, A+ http://es-es.net. The Disclaimer!.
E N D
Security Tools Workshop Part I Ernest Staats, MSIA, CISSP, CEH, Security+ , MCSE, CWNA,CNA, I-Net+, Server+, Network+, A+ http://es-es.net
The Disclaimer! In attending this session you agree that any software demonstrated comes absolutely with NO WARRANTY. Use entirely at your own risk. Ernest or Edison, & the other 3rd party vendors whose software is demonstrated as part of this session are not responsible for any subsequent loss or damage whatsoever!
Class Structure • Mile wide, 2.5 feet deep • Feel free to ask questions at any time • There will be many breaks to play with the tools mentioned • Use the thumb drive provided by Linoma • The BT4 DVD will be used later • Cain and rainbow tables may cause an AV alert as they are used to crack passwords
Problem: Unorganized Response • What should I do? • Who should I call? • Should I shut the system down? • Should I run the virus cleaner? • Should I trust my Anti-virus quarantine? • Should I re-image the system?
People can be Your Greatest Asset Or your Weakest !!
Office Security Tips • Ensure Employees are Security Aware • Adopt an “Acceptable Use” Policy in terms of IT, Email, Internet etc • Ensure Employees are Security Vetted • Wear ID Badges • Question Visitors – “Offer Help” • Secure all Entrances & Exits • Know Emergency Procedures • Secure your Valuables • Laptops, Phones, Keys, IDs Etc
Keeping up Appearances! • Airport Security at its best.. Ok maybe not • The military teaches that the appearance of a hard target can deter attacks
Google Hacking • Various usernames and passwords (both encrypted and in plain text) • Internal documents • Internal site statistics • Intranet access • Database access • Open Webcams • VNC Connections • Mail server access • And much more
Google Hacking Examples! • Site:com filetype:xls "Accounts“ • "vnc desktop" inurl:5800 • inurl:indexFrame.shtml Axis • inurl:hp/device/this.LCDispatcher • site:gov.uk filetype:xls users • site:gov.uk filetype:doc staff • site:co.uk "index of /" +passwd • "Index of /” +.htaccess • site:dk +hotel filetype:xls • site:com +password filetype:xls • Inurl:admin users passwords • inurl:admin intitle:index.of • "Microsoft-IIS/5.0 Server at" intitle:index.of
Don’t Get Google Hacked! • Keep sensitive information off the internet • Be careful how you write your scripts and access your databases • Use robots.txt to let Google know what parts of your website it is ok to index. Specify which parts of the website are “off bounds” • Ensure directory rights on your web server are in order • Monitor your site for common errors • “Google hack” your own website
DNS/Domain Tools • http://serversniff.net/subdomains.php • http://serversniff.net/nsreport.php gcasda.org • http://serversniff.net/content.php?do=httprobots • http://whois.domaintools.com/ • Tools on Thumb Drive • DNS Lookup good DIG tool(GUI) http://nscan.org/dig.html • Nirsoft’s http://www.nirsoft.net/utils/whois_this_domain.htmlhttp://www.nirsoft.net/utils/ipnetinfo.html
People/Image Info K12 • http://www.pipl.com • http://www.peekyou.com • http://yoname.com • Image Info: • http://tineye.com • Take sample image from http://www.governor.nebraska.gov/about/index.html
Maltego • Maltego offers to both network and resource based entities the aggregation of information posted all over the internet - whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits
Maltego Hands on • Software located on Thumb drive run against gcasda.org or a site you have permissions to urn it on
Website Testing made easy • Netsparker delivers detection, confirmation and exploitation of vulnerabilities • Exploitation of SQL Injection Vulnerabilities • Getting a reverse shell from SQL Injection vulnerabilities • Exploitation of LFI (Local File Inclusion) Vulnerabilities • Downloading the source code of all the crawled pages via LFI (Local File Inclusion) • Downloading known OS files via LFI (Local File Inclusion)
Netsparker Hands on • The software is located on thumb drive. You can run against 6.110.220.24 or a site you have permissions to run it against
Portable Apps • Process Kill
Things to hack with • So many tools, so little time to install them all: • Great list of security toolshttp://sectools.org/ • Nmaphttp://nmap.org/ • Metasploithttp://www.metasploit.com/ • Wiresharkhttp://www.wireshark.org/ • Kismethttp://www.kismetwireless.net/ • Nessushttp://www.nessus.org/nessus/ • Cainhttp://www.oxid.it/cain.html • Netcat\Ncathttp://netcat.sourceforge.net/ • Ettercaphttp://ettercap.sourceforge.net/ • Niktohttp://cirt.net/nikto2 • Paros Proxyhttp://www.parosproxy.orgBurp Suitehttp://www.portswigger.net/suite/ • XSS Mehttps://addons.mozilla.org/en-US/firefox/addon/7598 • SQL Inject Mehttps://addons.mozilla.org/en-US/firefox/addon/6727?src=reco • Tamper Data https://addons.mozilla.org/en-US/firefox/addon/966
Easy way with Live CDs and VMs • BackTrack (Security OS of Choice) http://www.remote-exploit.org/backtrack_download.html • Samurai WTF (web pen-testing )http://samurai.inguardians.com/ • DEFT Linux (Computer Forensics)http://www.deftlinux.net/
Staying up to date on trends and exploits • Milw0rm http://www.milw0rm.com/ • SANS Internet Storm Centerhttp://isc.sans.org/ • PacketStormhttp://www.packetstormsecurity.org/ • BugTraqhttp://www.securityfocus.com/archive/1 • RootSecurehttp://www.rootsecure.net/
Podcasts: Learn about new tools as they come out • Pauldotcomhttp://www.pauldotcom.com/ • Exotic Liability http://www.exoticliability.com/ • Security Justicehttp://securityjustice.com/ • Securabithttp://www.securabit.com/
Specially built scenarios • De-ICE & pWnOS Live CDshttp://heorot.net/livecds/ • Damn Vulnerable Linuxhttp://www.damnvulnerablelinux.org/
Deliberately vulnerably web apps • Hacme Series from Foundstone (Hacme Travel, Hacme Bank, Hacme Shipping, Hacme Books)http://www.foundstone.com/us/resources-free-tools.asp • WebGoathttp://www.owasp.org/index.php/Category:OWASP_WebGoat_Project • Mutillidaehttp://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10