penetration testing training day
DESCRIPTION
Supported by. Penetration Testing Training Day. Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc. Hacking Systems. Financial gain Commercial secrets Credit card information Political motivations To discredit individuals Cause personal harm Lulz…. 2. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/1.jpg)
Penetration Testing Training Day
Penetration Testing Tools and Techniques – pt 1
Mike Westmacott, IRM plc
Supported by
![Page 2: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/2.jpg)
Presentation to insert name here 2
Hacking Systems
• Financial gain• Commercial secrets• Credit card information• Political motivations• To discredit individuals• Cause personal harm• Lulz….
![Page 3: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/3.jpg)
Presentation to insert name here 3
Hacking Systems
•Weapons–Stuxnet– Flame
•0 day vulnerabilities•Expensive cryptographic attacks•Weaponised modules
![Page 4: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/4.jpg)
Presentation to insert name here 4
Methodology
•Network/Host Mapping•Service Identification•Vulnerability Identification•Vulnerability exploitation•Privilege Escalation•Maintaining Access•Clearing Logs•Recording actions!
![Page 5: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/5.jpg)
Presentation to insert name here 5
Host Mapping - Port Scanning
![Page 6: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/6.jpg)
Presentation to insert name here 6
Port Scanning Demo
Basic syn scan – of a default Windows XP build
nmap –sSU –A –oA winxp 192.168.0.99
-sSU Use TCP SYN scan and UDP scan-A Perform all tests-oA winxpOutput multiple files
![Page 7: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/7.jpg)
Presentation to insert name here 7
Vulnerability Scanners - Nessus
Venerable Nessus!Bad Nessus!Still a damn good toolFree
![Page 8: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/8.jpg)
Presentation to insert name here 8
Exploitation!
Excitement! Risk! …. Danger!Who owns this box?Do you have permission (shouldn’t have been scanning it)Will they be really upset if you break it?
![Page 9: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/9.jpg)
Service Exploitation
•Services available on Internet
•Or internally
•Research service
•Poke it
•Can you log onto in? Love default passwords :)
•What will it give you?
– VOIP phone with default password and access to memory
![Page 10: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/10.jpg)
Example Services
•SMB – Server Message Block
– Protocol for application communication
– Authentication mechanisms
– Windows
– Win2K – 'null' user allows access to entire username directory
![Page 11: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/11.jpg)
Example Services
•Veritas Netbackup
– TCP port 10000, NDMP
– File backup and backup agent management
– Vulnerability allows download of any file from Windows system
– Another overflows buffers and allows code execution
![Page 12: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/12.jpg)
Buffer Overflows
![Page 13: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/13.jpg)
Shell Code
![Page 14: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/14.jpg)
Reverse Shell
Shell code executes TCP connection backStarts local shell processRedirects input and output streams over TCPAttacker gains command prompt
Under the account of the vulnerable process Meterpreter ShellPowerful toolLaunch further attacksPivot to other systems
![Page 15: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/15.jpg)
Privilege Escalation
•Determine current priviledge level
•Add user?
•Exploit further?
•Professional hackers only need go so far…
![Page 16: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/16.jpg)
Reporting
•Reporting carried out whilst testing
• Both technical details and executive summary
![Page 17: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/17.jpg)
Vulnerability Ratings
• Impact
– What is the possible damage that could be done?
• Exploitability
– How easy is it to attack and realise the impact?
– How much knowledge is required?
– Are there public exploits?
•Risk Rating
– Combination of Impact and Exploitability
– High impact but low exploitability = low(er) risk
– Many algorithms
![Page 18: Penetration Testing Training Day](https://reader036.vdocuments.us/reader036/viewer/2022062518/568148d7550346895db5f21c/html5/thumbnails/18.jpg)
Metasploit Express