1 / 22

Security Boot Camp Intro

Security Boot Camp Intro. Why this course. A few years ago a few friends that used to be part of a very successful attack and pen team wrote a course very similar to this

padma
Télécharger la présentation

Security Boot Camp Intro

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Boot CampIntro

  2. Why this course • A few years ago a few friends that used to be part of a very successful attack and pen team wrote a course very similar to this • They now have remembered a course very similar to the original so that everyone can share the experience and gain a better understanding of the subject matter

  3. Who is that Fat Man? • Mark holds the following certifications: • CISSP and CISM • Checkpoint CCSA + CCSE • Cisco CCNA + CSSP • BA Computing + MBA What did Mark Do: • The most popular 802.11 IDS • Invent an IDS collation engine • Discover several zero day vulnerabilities • Coin the term WAP-GAP • The London Hacker survey • Contribute to the CEH Cert • Expert witness a famous dirty tricks legal action etc etc etc

  4. Outline • Overview of the types of hacking tools and platforms used • Sites used by hackers • Building your white-hat hacker toolkit

  5. Origination of tools • Tools tend to be freely downloadable from the web • Many tools shared via IRC • Pirated – commercial tools are also available • Many available through peer to peer programs • Tools tend to be developed for specific vulnerabilities

  6. Types of tools • Network and system scanning/mapping • Vulnerability scanning and testing (Nessus, whisker) • Password crackers (Brutus, LC3) • Encryption tools • Network sniffers • War dialling

  7. Nmap – Port Scanner Nessus – Port scanner & Vulnerability assessment Traceroute – with the source route patch or LFT Hping2 – Scanning and tracerouting tool Whisker – Web vulnerability scanner (Nikto is also based on Whisker) Stunnel/SSLPROXY– De-SSL HTTP/s Sniffit – command line sniffer Netcat – raw socket access Tcpdump – command line sniffer Icmptime juggernaut Net::SSLeay – SSL module for PERL (for many tools) John the Ripper – Password cracker Hunt/Sniper – TCP/IP connection hijacking tool nimrod – website enumerator Spike archives Ethereal – sniffer dsniff The Unix hacker toolkit

  8. The Windows hacker toolkit • Brutus – Brute force utility • Mingsweeper – TCP/IP scanning tool • Superscan – TCP/IP scanning tool • MPTraceroute/LFT • SamSpade – Footprinting tool • NessusWX – Nessus interface • ISS Scanner / Cyber Cop • Netstumbler – Wireless LAN Scanner • WinDump – tcpdump for Windows • Toneloc – War dialling tool • Finger – Backdoor tool • NetBios Auditing Tool (NAT) • Netcat - Enumeration tool • Legion – Enumeration tool • LC3 (l0phtcrack)

  9. The Windows hacker toolkit cont. • Cygwin – Unix like environment for Windows (provides many UNIX command line tools including shell & compiler) • ToneLoc – Wardialling tool • NT resource kit – many tools applicable to NT network enumeration and penetration • NMAP (Win32 port) -- available from insecure.org

  10. Denial Of Service tools From the spike package • Land and Latierra • Smurf & Fraggle • Synk4 • Teardrop, newtear, bonk, syndrop • Zombies

  11. Network Sniffers • tcpdump • Sniffit • dsniff • Observer • Sniffer Pro • Ethereal • Snoop

  12. Underlying requirements Certain tools, have pre-requisites before installation • Perl • SSLeay • Open SSL • Linux Variations • Example: Whisker requires Perl to be installed

  13. Websites Websites where tools can be found : • www.securityfocus.com • www.packetstormsecurity.org • www.astalavista.box.sk • www.securiteam.com

  14. Lab • Visit the sites used for the hacker toolkit and familiarise yourself with some of the tools available • Good searches: • Denial of service • Backdoor / netbus / backoriface • http://www.securityfocus.com/ vulnerability section Time: 30 minutes

  15. -- Knoppix 3.7 • Bootable CD • Boots in most Intel/AMD systems • Linux 2.x with basic security tools Also see Trustix, Trinux and Packetmaster on sourceforge

  16. Lab • Boot Linux (trinux Knoppix or Packetmasters) and have a play Time: 35 minutes

  17. A methodology

  18. A network penetration methodology Test Objective To identify insecure protocols or insecure settings of services related to available protocols or services

  19. Research PhaseObjective and Strategy • Objective: Find out technical information about the target site • Using external information sources • Not touching the target servers • Strategy: Review information available from • DNS • RIPE • Netcraft • News groups (particularly firewall newsgroups)

  20. Identifying router and firewall • Identify the Web or Mail server • Get the Next-Hop before this • This will probably be the perimeter router or the firewall • PIX does not appear as a hop (Fw1 & NetScreen do) • 80% chance it will be NetScreen, PIX or Firewall 1 • To figure out which • ICMP ( i.e. Address Mask Request) • Use TCP Stack finger printing • Key ports (258, 259 + 263 could be firewall 1) • IPSEC Exploit vulnerabilities with pre-written tools

  21. Hacking the servers • Scan TCP ports • Scan UDP ports !!! Only HTTP or HTTPS ports should be visible If it is a webserver etc • Run CGI scanner (I.e. Whisker, Crazymad or Nikto) to look for web server exploits • Check Scanner • Identify exploits

  22. Security Boot CampIntro

More Related