Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Presentation Title

advertisement 
The OWASP Foundation
http://www.owasp.org
OWASP German Chapter
Advanced Penetration Testing in secured
Enviroments
Part 1
Marko Winkler
marko.wnklr@gmail.com
Content
 Virtual Lab
 Planning
 Reconnaissance
 Exploitation
 Prospects
Marko Winkler
OWASP German Chapter
2
Virtual Lab
WLAN
192.168.75.0/24
Kali Linux (Debian)
Penetration Tester
DHCP
Kioptrix Lvl 1 (RedHat)
Target
DHCP
Kali Linux: http://www.kali.org/downloads/
Kioptrix: http://www.kioptrix.com/dlvm/Kioptrix_Level_1.rar
Marko Winkler
OWASP German Chapter
3
Planning – Dradis Framework
 Ruby on Rails (RoR) framework
 web-based interface
 simplifies data collection throughout the testing cycle
 manage data overload that can occur when pentesting
 combining disparate data sources, such as Nmap, Nessus,
and even Metasploit
 sharing data with team members
Marko Winkler
OWASP German Chapter
4
Planning – Dradis Framework
Source: http://dradisframework.org/
Marko Winkler
OWASP German Chapter
5
Reconnaissance

Information
Gathering
Correllation,
Verification, and
Prioritization
Putting the
information to
use
Intelligence Gathering is performing reconnaissance against a target to gather as
much information as  utilized when penetrating the target during the vulnerability
assessment and exploitation phases
• Find everything you can about a corporation and its employees. Looking for include
documents originating from the corporation, images, web sites, IP information and anything
else you come across that has the potential to be used for social engineering attacks and
physical or logical breaches.
• Weed out obvious false or misleading data, sift through anything that is unnecessary and
finally to prioritize and categorize your findings.
• Use the information you have gathered to develop one or more attack plans.
Sources: http://www.pentest-standard.org/index.php/Intelligence_Gathering#Intelligence_Gathering
Lee Allen - Advances Penetration Testing for Highly-Secured Enviroments: The Ultimate Security Guide
Marko Winkler
OWASP German Chapter
6
Reconnaissance – nmap
 Active Footprinting : Port Scanning & Banner Grabbing
 Nmap ("Network Mapper") written by Gordon Lyon
 standard for network auditing/scanning
 runs on both Linux and Windows (cmd line & GUI)
 Nmap command syntax: nmap
-{type(s)} -{opt(s)} {target}
 Nmap scripting engine allows you to create and use custom
scripts that perform many different functions
Marko Winkler
OWASP German Chapter
7
Reconnaissance – nmap
• Further Information: DefCon18 -
http://www.youtube.com/watch?v=wMammEJywyA
Marko Winkler
OWASP German Chapter
8
Reconnaissance – Banner Grapping
 enumeration technique used to glean information about
computer systems on a network and the services running its
open ports
 used to identify network the version of applications and
operating system
 sually performed on Hyper Text Transfer Protocol (HTTP),
File Transfer Protocol (FTP), and Simple Mail Transfer
Protocol (SMTP)
 Tools commonly used to perform banner grabbing are
Telnet, nmap, and Netcat
Source: http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Banner_Grabbing_2
Marko Winkler
OWASP German Chapter
9
Exploitation – Exploit-DB
 Exploit Database (EDB) – an ultimate archive of exploits and
vulnerable software
 aim is to collect exploits from submittals and mailing lists
and concentrate them in one, easy to navigate database
Marko Winkler
OWASP German Chapter
10
Exploitation – searchsploit
 shell script to search a local repository of exploitdb

root@pentest ~# searchsploit [term1] [term2] [term3]
Marko Winkler
OWASP German Chapter
11
Exploitation – The Hard Way
 Get exploit: /usr/share/exploitdb/platforms/
 Path: /linux/remote/10.c
 gcc 10.c -o SambaRemoteExploit
 Troubleshooting?
Marko Winkler
OWASP German Chapter
12
Exploitation – Metasploit!!
 single most useful auditing tools/framework freely available
to security professionals (MSFconsole & Armitage)
 Ruby based
 easily build attack vectors to add exploits, playloads,
encoders
 create and execute advanced attacks
 uses PostgreSQL as its database
Source: http://www.offensive-security.com/metasploit-unleashed/Msfconsole
Marko Winkler
OWASP German Chapter
13
Prospects – Part 2
Kali Linux
VLAN1
Kioptrix VM Lvl 3
VLAN1
WebApp
Vbox Host
Maschine
PFSense
VLAN1
WLAN
Load Balancing
Ubuntu
VLAN1
WebApp Mutillidae 2.1.7
Marko Winkler
Kioptrix VM Lvl 3
VLAN1
WebApp
OWASP German Chapter
14
Resources
 Lee Allen - Advances Penetration Testing for Highly-Secured
Enviroments: The Ultimate Security Guide
Marko Winkler
OWASP German Chapter
15
Related documents
Dangerous Wi-Fi Access Point: Attacks to Benign Smartphone
Dangerous Wi-Fi Access Point: Attacks to Benign Smartphone
Computers and Internet
Computers and Internet
Common Web Vulnerabilities
Common Web Vulnerabilities
Click here to Promo Slide
Click here to Promo Slide
Origins, Cookies and Security * Oh My!
Origins, Cookies and Security * Oh My!
PROPOSED ADVERTISEMENT
PROPOSED ADVERTISEMENT
Application Security 101
Application Security 101
IUTGetRoot
IUTGetRoot
Download
advertisement