1 / 22

Security Penetration Testing

Security Penetration Testing. Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology. Agenda. Introduction to penetration testing Lab scenario Lab setup New Additions Conclusions. Penetration Testing. Actively assess network security measures

suchin
Télécharger la présentation

Security Penetration Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology

  2. Agenda • Introduction to penetration testing • Lab scenario • Lab setup • New Additions • Conclusions

  3. Penetration Testing • Actively assess network security measures • Possibly reduce costs by uncovering vulnerabilities before suffering consequences. • Black Box Vs White Box • External Vs Internal

  4. Lab Scenario • Mission: • You have been hired by Acme & Burdell to attempt to break into their network. • Acme & Burdell has allowed you to break into their network throughout dead week. However, the network admins at Acme & Burdell cannot agree on a single setup for their network. Thus they change their network setup every two days. If you want to break in, you’ll have do it within a couple of days. Are you ready?

  5. Steps Involved • Reconnaissance (Find the target IP address) • Vulnerability Scanning • Choosing a target and getting in • Maintaining Access (Look for Backdoors) • Cracking Passwords • Alternate ways to get in

  6. Reconnaissance • You are given the web address: www.acmeandburdell.com • Find the IP address of the web address • Use the tools from the course to find more about the A&B network

  7. Vulnerability Scanning • Use your favorite network scanner(s) to scan the IP address range for potential holes • Document the services running and look for suspicious ports

  8. Choosing a Target and an Attack • Based on the results of scanning choose a vulnerable target Be sure to do a full port range scan on the target machine. “Nmap” only reportsknown services by default. • Choose a attack to execute on the target The network scan may not give complete information about how you may attack. You may have to try different attacks learned in class before you succeed. Be creative and reference previous labs for hints!

  9. Maintaining Access (Look for Backdoors) • If you got in, you should assume that someone else may have done so before. What might they have left behind? • Use what you know about the target OS to look for other ways of getting in. Your client needs to know!

  10. Cracking Passwords • If you broke into a Linux machine, get the password file and try to crack as many passwords as you can. • If you broke into a windows machine, you will find a previous hacker has installed a password dump program called “pwdump2” in C:\Windows\System32\Pwdump2\ • Use pwdump2 to dump the password to a file • Crack as many passwords as you can • Get info about pwdump2 at: • http://www.securiteam.com/tools/5ZQ0G000FU.html • Do the passwords give you more ways to gain access to the system?

  11. Alternate Ways of Getting in • Each vulnerable machine is set up to allow multiple ways for getting in. You will get full credit (8 points) if you discover all of them and document your findings thoroughly. • In addition to the normal means of getting extra credit, you will get extra credit if you discover ways of getting in which were not part of the lab setup, OR if you get in a machine you were not expected to, OR if your summary recommendations for the client include something we didn’t think of.

  12. Lab Setup • Dynamic Setup changing every couple of days. You have to choose a slot of two days to complete the lab. • Slots are: Tue-Wed, Thurs-Fri, Sat-Sun, Mon-Tue • Multiple vulnerabilities (At least 2) of varying difficulty

  13. Lab Setup • Four Virtual Machines with different vulnerabilities. • Only one will be running at any one time. • The TA’s would choose a different virtual machine to run every couple of days • Two Decoy machines acting as honeypots, would always run to make things interesting

  14. Lab Setup • VM1: • OS: Red Hat 7.2 • IMAP-d exploit enabled • Remote Vulnerable program running on a random port • LRK4 rootkit installed, but telnet closed • Two users, one with easy password • One of the passwords may be used to open a VNC session

  15. Lab Setup • VM2: • OS: Redhat 7.2 • ICMP Server exploit enabled • Remote Vulnerable program running on a random port • LRK4 rootkit installed, but telnet closed • Two users, one with easy password • One of the passwords may be used to open a VNC session

  16. Lab Setup • VM3: • OS: Windows XP (No Security patch) • DCOM exploit enabled • Netcat backdoor running • “pwdump2” kept at a known place • VNC session that may be opened by cracking one of the passwords

  17. Lab Setup • VM4: • OS: Win XP with Security patch • B02k (Running on default port 18006) • Netcat backdoor running • “pwdump2” kept at a known place • VNC session that may be opened by cracking one of the passwords

  18. Lab Setup • Decoy 1 (Always running): • OS: WinXP with DCOM Security patch • Back Officer Friendly (All traffic Simulated) • No user other than administrator (with difficult password)

  19. Lab Setup • Decoy 2 • OS: Red Hat 7.2 • Http, ftp, telnet, ssh ports open • No users other than root with difficult password

  20. New Tools for Behind the Scenes • DCOM Security Patch: From Microsoft’s website http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx • Pwdump2: Used to dump windows passwords from the registry. • AutoIt: Simple scripting language used for the automation of simple windows tasks like opening or closing windows-based applications • To keep “netcat” running, thescript checks for closing of netcat and restarts it • Srvany.exe: Used to install the AutoIt script as a service so that it starts up every time WinXP starts

  21. Conclusions • Challenges the students to try out different things, not just follow instructions • Covers the breadth of the course • Students get a flavor of the whole course by completing this challenging lab

More Related