1 / 15

Capture the Flag: Penetration Testing Training Day

Join our Capture the Flag training day focused on penetration testing! Teams will learn how to set up a testing environment, analyze network services, and exploit vulnerabilities in various systems. Participants will work with FTP, SMB, RPC, SSH, MySQL, and more. Using tools like Nmap and Burp, you'll engage in hands-on exercises to identify and exploit security weaknesses. Collaborate with your team to log findings and develop strategies to secure systems. Ideal for beginners and advanced learners alike!

gary-lynch
Télécharger la présentation

Capture the Flag: Penetration Testing Training Day

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Penetration Testing Training Day Capture the Flag Training

  2. Boot Up! • Insert your discs! • Press <enter> when Boot prompt appears • Start X with startx • Set static IP address • Team 1 192.168.1.1x • Team 2 192.168.1.2x • Netmask 255.255.0.0 • No gateway • Use preferences->network • Ping the scorebot 192.168.0.10 2 Presentation to insert name here

  3. Discovery • What machines can you see? • nmap 192.168.0.0/24 • nmap –oA results 192.168.0.0/24 • nmap –sV –oA results2 192.168.0.0/24 3 Presentation to insert name here

  4. Service Analysis - FTP • ftp service is enabled • ftp 192.168.0.x • Each team go to your server! • What’s there? Why is this bad? • Commands: • dir, ls… • Special commands! • ls –a • Log vulnerabilities on sheets 4 Presentation to insert name here

  5. Service Analysis - SMB • Samba is enabled! • smbclient –L 192.168.0.x • Your team box again! • Which shares are available? • Log list of shares • Browse to shares • What did you do for FTP? • What other information is there? 5 Presentation to insert name here

  6. Service Analysis - RPC • Remote Procedure Calls • rpcclient 192.168.0.x • getusername • lsaenumsid • lookupsids xxx • enumdomusers • Log users! 6 Presentation to insert name here

  7. Service Analysis - SSH • Secure Shell • Users??? • ssh –l username 192.168.0.x 7 Presentation to insert name here

  8. Service Analysis - MySQL • Database server, port 3306 • mysql –h • mysql –u root –h 192.168.0.x • Log vulnerabilities • show databases; • Show your SQL skills! • What do databases normally store? 8 Presentation to insert name here

  9. Service Analysis - netcat • Netcat – swiss army knife of hackers • Simple: Sends and receives data to and from TCP ports • nc 192.168.0.x 25 • SMTP • Netcat can be used to keep access 9 Presentation to insert name here

  10. Service Analysis - SNMP • Simple Network Management Protocol • snmpcheck.pl –t 192.168.0.x 10 Presentation to insert name here

  11. Application Testing • Start Browser and Burp • Configure Firefox proxy as localhost:8080 • Browse to http://192.168.0.x • Intercept is on! Play! • Spider site – add to scope 11 Presentation to insert name here

  12. Application Testing • Find additional content • Administration pages • http://192.168.0.x/admin • Create an account • Password vulnerabilities 12 Presentation to insert name here

  13. Application Testing • SQL Injection • Find a product • Look at the parameter list • Try injection on parameter • 1’ or a# 13 Presentation to insert name here

  14. Application Testing • XSS • Search field • Try typing things in – the view the response in burp • How can you get script in here? • Better – how can you get script in without it creating an error? 14 Presentation to insert name here

  15. Application Testing • Password and account guessing • Check security files • Mooch around • Download img.jpg 15 Presentation to insert name here

More Related