1 / 15

Penetration Testing Training Day

Penetration Testing Training Day. Capture the Flag Training. Boot Up!. Insert your discs! Press <enter> when Boot prompt appears Start X with startx Set static IP address Team 1 192.168.1.1x Team 2 192.168.1.2x Netmask 255.255.0.0 No gateway Use preferences->network

gary-lynch
Télécharger la présentation

Penetration Testing Training Day

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Penetration Testing Training Day Capture the Flag Training

  2. Boot Up! • Insert your discs! • Press <enter> when Boot prompt appears • Start X with startx • Set static IP address • Team 1 192.168.1.1x • Team 2 192.168.1.2x • Netmask 255.255.0.0 • No gateway • Use preferences->network • Ping the scorebot 192.168.0.10 2 Presentation to insert name here

  3. Discovery • What machines can you see? • nmap 192.168.0.0/24 • nmap –oA results 192.168.0.0/24 • nmap –sV –oA results2 192.168.0.0/24 3 Presentation to insert name here

  4. Service Analysis - FTP • ftp service is enabled • ftp 192.168.0.x • Each team go to your server! • What’s there? Why is this bad? • Commands: • dir, ls… • Special commands! • ls –a • Log vulnerabilities on sheets 4 Presentation to insert name here

  5. Service Analysis - SMB • Samba is enabled! • smbclient –L 192.168.0.x • Your team box again! • Which shares are available? • Log list of shares • Browse to shares • What did you do for FTP? • What other information is there? 5 Presentation to insert name here

  6. Service Analysis - RPC • Remote Procedure Calls • rpcclient 192.168.0.x • getusername • lsaenumsid • lookupsids xxx • enumdomusers • Log users! 6 Presentation to insert name here

  7. Service Analysis - SSH • Secure Shell • Users??? • ssh –l username 192.168.0.x 7 Presentation to insert name here

  8. Service Analysis - MySQL • Database server, port 3306 • mysql –h • mysql –u root –h 192.168.0.x • Log vulnerabilities • show databases; • Show your SQL skills! • What do databases normally store? 8 Presentation to insert name here

  9. Service Analysis - netcat • Netcat – swiss army knife of hackers • Simple: Sends and receives data to and from TCP ports • nc 192.168.0.x 25 • SMTP • Netcat can be used to keep access 9 Presentation to insert name here

  10. Service Analysis - SNMP • Simple Network Management Protocol • snmpcheck.pl –t 192.168.0.x 10 Presentation to insert name here

  11. Application Testing • Start Browser and Burp • Configure Firefox proxy as localhost:8080 • Browse to http://192.168.0.x • Intercept is on! Play! • Spider site – add to scope 11 Presentation to insert name here

  12. Application Testing • Find additional content • Administration pages • http://192.168.0.x/admin • Create an account • Password vulnerabilities 12 Presentation to insert name here

  13. Application Testing • SQL Injection • Find a product • Look at the parameter list • Try injection on parameter • 1’ or a# 13 Presentation to insert name here

  14. Application Testing • XSS • Search field • Try typing things in – the view the response in burp • How can you get script in here? • Better – how can you get script in without it creating an error? 14 Presentation to insert name here

  15. Application Testing • Password and account guessing • Check security files • Mooch around • Download img.jpg 15 Presentation to insert name here

More Related