Advanced Penetration Testing -Week-9

advertisement
MIS 5212.001
Week 9
Site:
http://community.mis.temple.edu/mis5212sec001s16/





In the news
Last Presentations
WebGoat Issues
Ettercap
Next Week
MIS 5212.001
2
MIS 5212.001
3

Submitted






http://krebsonsecurity.com/2016/03/seagate-phishexposes-all-employee-w-2s/
http://www.cnet.com/news/not-in-my-house-amazonsunencrypted-devices-a-sitting-target-cybersecurityexperts-say/
http://thehackernews.com/2016/03/subgraph-secureoperating-system.html
http://www.bbc.com/news/technology-31042477 (Chips
under skin)
http://www.philly.com/philly/news/20160226_Apple_f
ights_FBI_s_iPhone_demand_as__oppressive_.html
http://www.bbc.com/news/uk-35750127 (GCHQ on
Apple)
MIS 5212.001
4

Submitted





http://www.homelandsecuritynewswire.com/dr2016020
4-vulnerability-found-in-in-twofactorauthentication?page=0,1
http://www.afr.com/technology/web/security/pwccreates-cyber-security-game-to-let-board-members-playas-hackers-20160229-gn713x
http://n4bb.com/amazon-shocks-cybersecurity-expertsdisables-fire-os-5-encryption-update-promises-reverse/
http://thehackernews.com/2016/03/mac-os-xransomware.html
http://techcrunch.com/2016/03/07/apple-has-shutdown-the-first-fully-functional-mac-os-x-ransomware/
MIS 5212.001
5

What I noted




http://www.latimes.com/business/technology/lafi-tn-snapchat-phishing-attack-20160228-story.html
http://www.cnbc.com/2016/03/06/reutersamerica-apple-users-targeted-in-first-known-macransomware-campaign.html
http://www.pcworld.com/article/3041115/security
/mits-new-5-atom-quantum-computer-couldtransform-encryption.html#tk.rss_all
http://datagenetics.com/blog/september32012/ind
ex.html (Pin Guessing)
MIS 5212.001
6
MIS 5212.001
7

Access Control Flaws




Stage 1
Stage 3
Authentication Flaws
Cross-Site Scripting
Phishing
 Stage 1
 Stage 5
 Reflected XSS Attacks


Improper Error Handling

Fail Open Authentication Scheme
MIS 5212.001
8

Injection Flaws:
Command Injection: " & netstat -ant & ifconfig“
 Numerical SQL Injection: or 1=1
 Log Spoofing
 XPATH Injection
 String SQL Injection
 Modifying Data with SQL Injection
 Adding Data with SQL Injection
 Blind Numeric SQL Injection
 Blind String SQL Injection

MIS 5212.001
9

Intercepting traffic
Source: http://www.valencynetworks.com/articles/cyber-attacks-explainedman-in-the-middle-attack.html
MIS 5212.001
10


Ettercap supports active and passive dissection of
many protocols (including ciphered ones).
Ettercap offers four modes of operation:
IP-based: packets are filtered based on IP source and
destination.
 MAC-based: packets are filtered based on MAC address,
useful for sniffing connections through a gateway.
 ARP-based: uses ARP poisoning to sniff on a switched
LAN between two hosts (full-duplex).
 PublicARP-based: uses ARP poisoning to sniff on a
switched LAN from a victim host to all other hosts (halfduplex).

MIS 5212.001
11

Other Features:











Character injection
SSH1 support: the sniffing of a username and password
HTTPS support: the sniffing of HTTP SSL secured data—even
Remote traffic through a GRE tunnel
Plug-in support
Password collectors for: TELNET, FTP, POP, IMAP, rlogin,
SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC,
RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HalfLife, Quake 3, MSN, YMSG
Packet filtering/dropping
OS fingerprinting
Kill a connection
Passive scanning of the LAN
Hijacking of DNS requests
MIS 5212.001
12


A tool for performing man in the middle
attacks
Pre-installed in Kali
MIS 5212.001
13

After Launch:
MIS 5212.001
14

Click “Unified Sniffing”
MIS 5212.001
15

Select Your Network Connection (May not be
same)
MIS 5212.001
16

Now we will see who is out there:
MIS 5212.001
17

Available Hosts, I’m going after the last one!
MIS 5212.001
18

Setup to ARP Poison
MIS 5212.001
19

Doesn’t Work in a VM
You will need real machines on a switch to get
this fully functioning

A good walkthrough is


http://www.thegeekstuff.com/2012/05/ettercaptutorial/
MIS 5212.001
20


In the news
Intro to Wireless
MIS 5212.001
21
?
MIS 5212.001
22
Download