CORE IMPACT Hamde AL Tamimi Mohammad Ali Qattan Amira Mosa AL Braim Rakan Tayseer What is CORE IMPACT ? CORE IMPACT is, in fact, an automated penetration( ) تغلغلtesting tool, which scans a range of hosts looking for Weak Points for which it has effective exploits() استغالل. These exploits can then be launched against the vulnerable( ) الضعيفةhosts to attempt to gain access. Having gained access to a vulnerable host,CORE IMPACT can install Agents which provide varying levels of remote access (including directory listing, uploading and downloading files, and so on). It is even possible to use a compromised host to launch new penetration tests against other hosts on the network which may not have been visible on the initial scan. This way the penetration tester can move from host to host within the compromised network. Cont CORE IMPACT thus allows the user to safely exploit Weak Points in the network, replicating the kinds of access an intruder could achieve, and proving actual paths of attacks that must be eliminated. The product features the Rapid Penetration Test (RPT), a step-by-step automation of the penetration testing process. From the initial information gathering phase to production of the final report, the penetration testing steps within CORE IMPACT can be run completely autonomously. The steps in this process include: Information Gathering Attack and Penetration Local Information Gathering Privilege Escalation() التصعيد Clean Up Report Generation Cont Each of the six processes listed previously are available as Wizards in the Rapid Penetration Test window. By following each of them in turn, the average user will follow the typical “hacker methodology” recommended by every generic hacker’s handbook, and be able to complete a very comprehensive penetration test without recourse to experts or outside consultants. Of course, experts and consultants will also find this tool incredibly useful in their day-to-day work Information Gathering We have types of test which led to multiple ways to gather information such as: Client-Side Rapid Penetration Testing Mobile Device Rapid Penetration Testing Network Device Rapid Penetration Testing Network Rapid Penetration Testing Web Application Rapid Penetration Testing Wireless Rapid Penetration Testing Client-Side Rapid Penetration Testing In the case of end-user testing, Information Gathering involves the collection of email addresses to target with phishing, spear phishing(Instead of casting out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common—they work at the same company, bank at the same financial institution, ) or other social engineering attacks. CORE IMPACT offers a number of modules for gathering email addresses of individuals in your organization, or you can enter or import your own list of email addresses to test. Key Capabilities Crawl a website to harvest addresses published on the site The Major effect of search engines to locate addresses for a given domain Find addresses in Pretty Good Privacy (PGP)(Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. ) and Whois databases Scan a domain for documents and scrape useful information from them, such as email addresses Mobile Device Rapid Penetration Testing To specify mobile devices to test, you simply enter target device information )such as owner name, email address and phone number (into the CORE IMPACT interface. Network Device Rapid Penetration Testing If CORE IMPACT Differentiate( ) تميزthe operating system of a target and confirms it to be a network device, it will attempt to collect information about the device. Alternately, CORE IMPACT includes a Passive Cisco Discovery Protocol (CDP) network discovery module that listens for broadcasts from Cisco devices. Key Capabilities Fingerprint found devices to determine manufacturer, device model/type, and operating system details Determine the inputs on which the device accepts connections or instructions, including Simple Network Management Protocol (SNMP), Telnet, HTTP, etc. Network Rapid Penetration Testing The Information Gathering step collects data about the targeted network, typically using Network Discovery, Port Scanner, and OS and Service Identification modules. Alternately, you can complete this step by importing information from your network mapping tool or Weak Points scanner. Key Capabilities Identify the operating system and services running on targeted machines Control the IP ranges you want to scan Select from a variety of network discovery and port scanning methods, including TCP Connect, Fast synchronise packet in (TCP) and Internet Control Message Protocol (ICMP) Web Application Rapid Penetration Testing During this phase of the Web Application Rapid Penetration Test, CORE IMPACT crawls through web pages and identifies pages to test. Alternately, you can import the results from popular web application Weak Points scanners and validate imported Weak Points for exploitability() إمكانية االستغالل. Key Capabilities Specify a domain or range of web pages to crawl Set a link depth limit for the crawler Select whether to follow links outside the specified site Crawl JavaScript to discover and assess dynamically generated pages Establish the browser type and version to use Supply any login information required to emulate an attack from someone with access rights to the web application Import web scanner results for Weak Points validation Wireless Rapid Penetration Testing CORE IMPACT’s discovery capabilities allow users to identify both authorized networks and unauthorized points of access. It then profiles any networks discovered by analyzing signal and packet data to measure network strength, determine security protocols, and identify devices interacting with the involved network. Key Capabilities Discover both known and unknown Wi-Fi networks and access points Gather MAC addresses and service set identifiers (SSID)(An SSID is the name of a wireless local area network (WLAN). All wireless devices on a WLAN must employ the same SSID in order to communicate with each other. ) from beaconing machines Impersonate( ) انتحال صفةaccess points, and fingerprint / harvest information from systems that connect Gather information on network strength, security protocols and connected devices Scan traffic for streams of sensitive data Attack and Penetration We also have the same categories mentioned before such as: Client-Side Rapid Penetration Testing Mobile Device Rapid Penetration Testing Network Device Rapid Penetration Testing Network Rapid Penetration Testing Web Application Rapid Penetration Testing Wireless Rapid Penetration Testing Client-Side Rapid Penetration Testing In this test, you create an email, associate it with an exploit, and go phishing. The product includes sample email templates that simulate common phishing attacks. You can also create your own custom spear phishing emails that effects inside knowledge of your organization. CORE IMPACT’s big library of client-side exploits includes attacks that target endpoint applications, endpoint security solutions, and endpoint operating systems and services. The product also takes care of sending the email, giving you options such as selecting an Simple Mail Transfer Protocol (SMTP) server or Trick a specific “from” email address. Key Capabilities Create phishing, spear phishing and spam emails from a variety of pre-built templates Safely deploy Agents using real-world malware attacks(Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. ) to test end-user system security Track who responds to attacks and measure the effectiveness of security awareness programs with or without exploiting their systems استدراج دجال Assess data leakage risks by luring( ) users to complete imposter( ) web forms Prove the consequences of a end-user security breach by interacting with compromised workstations Mobile Device Rapid Penetration Testing CORE IMPACT uses real-world attack techniques including phishing, web form impersonation, fake wireless access points, and wireless man-in-the-middle attacks(The man-in-the-middle attack is a form of active eavesdropping( ) التنصتin which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones ) to assess end users and their devices. Key Capabilities: Phishing: send emails and texts that determine whether employees would fall prey to phishing خبيث and spear phishing attacks by clicking through to malicious( ) sites and/or installing Untrusted mobile apps Web Form Impersonation: assess data leakage threats by doing phishing tests classified with links to web forms designed to capture and record user-entered data Fake Wireless Access Points: impersonate valid wireless access points and gather profile information about the connected devices, launching attacks when the device or user requests data from the fake access point Wireless Man-in-the-Middle: identify and monitor wireless networks that have either no encryption or WEP-based encryption and observe any connected devices; intercept transmissions and insert attacks that target the connected devices Network Device Rapid Penetration Testing CORE IMPACT uses dictionary attacks (a dictionary attack is a technique for defeating authentication mechanism by trying to determine its decryption key by searching likely possibilities successively trying all the words in an list called a dictionary from a pre-arranged list of values . )to guess passwords and gain access to network devices. Once the device is compromised, CORE IMPACT offers various modules to explain the ramifications of the breach(الخرق )تداعيات. Key Capabilities: Launch dictionary attacks to gain device access Retrieve the configuration file of a compromised device and try to crack passwords that are in use Rename compromised devices Demonstrate how attackers could intercept copies of data packets via interface monitoring Network Rapid Penetration Testing During Attack and Penetration, CORE IMPACT automatically selects and launches remote attacks leveraging( ) االستفادة منIP, OS, architecture, port and service information obtained in the Information Gathering step. You can choose to launch every potential attack against each target computer, or you can have the system stop once it successfully deploys a single Network Agent, which carries the attack payload. You maintain full control over which computers are attacked and the order in which exploits are launched. In addition, you can further simplify and speed tests by excluding exploits that may leave a target service unavailable or take a long time to run. Key Capabilities Launch multiple, many attacks at the time to speed the penetration testing process Interact with compromised machines via discrete Agents that are installed only in system memory Run local exploits to attack machines internally, rather than from across the network Maintain control over which exploits are applied Web Application Rapid Penetration Testing CORE IMPACT enables you to test web applications for Persistent Cross-Site Scripting (XSS)(Dynamic Web sites have a threat that static Web sites don't, called "cross-site scripting," also known as "XSS." ), Reflective XSS (both for static HTML and Adobe Flash® objects), Remote File Inclusion for PHP applications, SQL Injection, and Blind SQL Injection. CORE IMPACT then dynamically creates exploits to prove whether the Weak Points makes actual threats. If an exploit is successful, CORE IMPACT establishes an Agent that allows you to take a number of actions to reveal at-risk information assets. Key Capabilities Analyze custom, customized and out-of-the-box web applications for security weaknesses Validate security exposures using dynamically generated exploits, emulating a hacker trying various attack paths and methods Guess application usernames and passwords with dictionary attacks The effect of Web Application Firewall (WAF) evasion( )التهربcapabilities Explain the consequences of an attack by interacting with web server file systems and databases through command shells and database consoles Perform penetration tests without corrupting web applications or running code on targeted servers Wireless Rapid Penetration Testing CORE IMPACT determines keys by taking advantage of known Weak Points in WEP-secured networks(Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks ). The solution also assesses networks secured by WPA(Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed to secure wireless computer networks ) and WPA2 (using a Pre-Shared Key) via dictionary attacks that leverage information from sniffed authentication attempts. Finally, CORE IMPACT enables you to intercept wireless transmissions and conduct Man-in-the-Middle attacks Key Capabilities Replicate attacks against WEP, WPA and WPA2-encrypted networks Do Man-in-the-Middle attacks, intercept wireless transmissions, and insert exploits into relayed traffic Impersonate access points to connect with beaconing systems and test them against remote exploits Local Information Gathering The Local Information Gathering step collects information about computers that have CORE IMPACT agents deployed on them. During this step, you leverage Network Agents to interact with compromised computers and gather previously unavailable information about the OS, privileges, users and installed applications. CORE IMPACT can collect information from all deployed Agents or only from those that you specify. Key Capabilities Browse file structures and view file contents on compromised machines View rights obtained on compromised machines Interact with compromised machines via command shells Explain the consequences of security breaches by replicating the steps an attacker would take after gaining access to a system Extract data from compromised mobile devices, including call, SMS and MMS logs; GPS location; and contact information Privilege Escalation During the Privilege Escalation step, CORE IMPACT attempts to penetrate deeper into a compromised computer by running local exploits in an attempt to obtain administrative privileges. After Privilege Escalation, you can shift the source Agent to one of the newly compromised systems and cycle back to the initial Information Gathering step, thereby establishing a beachhead from which to run attacks deeper into the network. Key Capabilities Run local exploits to attack systems internally, rather than from across the network Gain administrative privileges on compromised systems View the networks to which a compromised computer is connected Launch attacks from any compromised system to other computers on the same network, gaining access to systems with increasing levels of security Cleanup The Cleanup step automatically uninstalls every connected Agent. Agents are uninstalled in post order to support complex Agent chains. In addition, all Agents are automatically uninstalled when closing the active workspace, regardless of whether the Cleanup step is executed or not. Key Capabilities Quickly and easily remove all Agents from compromised machines, leaving your network and end-user systems in their original states Penetration Testing Report Generation CORE IMPACT generates clear, informative reports that provide data about targeted systems and applications, results of end-user penetration tests, audits of all exploits performed, and details about proven Weak Points. You can view and print reports using Crystal Reports or export them in popular formats such as HTML, PDF and Microsoft Word. Key Capabilities Obtain actionable information about exploited Weak Points, compromised end-user systems, web application weaknesses and associated risks Create activity audits to satisfy Commitment and regulatory requirements Export report content in popular formats that can be easily customized and shared