Session 1
Upcoming SlideShare
Loading in...5
×
 

Session 1

on

  • 1,374 views

 

Statistics

Views

Total Views
1,374
Views on SlideShare
1,374
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Provide a link to the ISS hack
  • Provide a link to the ISS hack
  • Provide a link to the ISS hack
  • Provide a link to the ISS hack

Session 1 Session 1 Presentation Transcript

  • Security Boot Camp Intro
  • Why this course
    • A few years ago a few friends that used to be part of a very successful attack and pen team wrote a course very similar to this
    • They now have remembered a course very similar to the original so that everyone can share the experience and gain a better understanding of the subject matter
  • Who is that Fat Man?
    • What did Mark Do :
    • The most popular 802.11 IDS
    • Invent an IDS collation engine
    • Discover several zero day vulnerabilities
    • Coin the term WAP-GAP
    • The London Hacker survey
    • Contribute to the CEH Cert
    • Expert witness a famous dirty tricks legal action
    • etc etc etc
    • Mark holds the following certifications:
    • CISSP and CISM
    • Checkpoint CCSA + CCSE
    • Cisco CCNA + CSSP
    • BA Computing + MBA
  • Outline
    • Overview of the types of hacking tools and platforms used
    • Sites used by hackers
    • Building your white-hat hacker toolkit
  • Origination of tools
    • Tools tend to be freely downloadable from the web
    • Many tools shared via IRC
    • Pirated – commercial tools are also available
    • Many available through peer to peer programs
    • Tools tend to be developed for specific vulnerabilities
  • Types of tools
    • Network and system scanning/mapping
    • Vulnerability scanning and testing (Nessus, whisker)
    • Password crackers (Brutus, LC3)
    • Encryption tools
    • Network sniffers
    • War dialling
  • The Unix hacker toolkit
    • Nmap – Port Scanner
    • Nessus – Port scanner & Vulnerability assessment
    • Traceroute – with the source route patch or LFT
    • Hping2 – Scanning and tracerouting tool
    • Whisker – Web vulnerability scanner (Nikto is also based on Whisker)
    • Stunnel/SSLPROXY– De-SSL HTTP/s
    • Sniffit – command line sniffer
    • Netcat – raw socket access
    • Tcpdump – command line sniffer
    • Icmptime
    • juggernaut
    • Net::SSLeay – SSL module for PERL (for many tools)
    • John the Ripper – Password cracker
    • Hunt/Sniper – TCP/IP connection hijacking tool
    • nimrod – website enumerator
    • Spike archives
    • Ethereal – sniffer
    • dsniff
  • The Windows hacker toolkit
    • Brutus – Brute force utility
    • Mingsweeper – TCP/IP scanning tool
    • Superscan – TCP/IP scanning tool
    • MPTraceroute/LFT
    • SamSpad e – Footprinting tool
    • NessusWX – Nessus interface
    • ISS Scanner / Cyber Cop
    • N etstumbler – Wireless LAN Scanner
    • WinDump – tcpdump for Windows
    • Toneloc – War dialling tool
    • Finger – Backdoor tool
    • NetBios Auditing Tool (NAT)
    • Netcat - Enumeration tool
    • Legion – Enumeration tool
    • LC3 (l0phtcrack )
  • The Windows hacker toolkit cont.
    • Cygwin – Unix like environment for Windows (provides many UNIX command line tools including shell & compiler)
    • ToneLoc – Wardialling tool
    • NT resource kit – many tools applicable to NT network enumeration and penetration
    • NMAP (Win32 port) -- available from insecure.org
  • Denial Of Service tools
    • From the spike package
    • Land and Latierra
    • Smurf & Fraggle
    • Synk4
    • Teardrop, newtear, bonk, syndrop
    • Zombies
  • Network Sniffers
    • tcpdump
    • Sniffit
    • dsniff
    • Observer
    • Sniffer Pro
    • Ethereal
    • Snoop
  • Underlying requirements
    • Certain tools, have pre-requisites before installation
    • Perl
    • SSLeay
    • Open SSL
    • Linux Variations
    • Example: Whisker requires Perl to be installed
  • Websites
    • Websites where tools can be found :
    • www. securityfocus .com
    • www. packetstormsecurity . org
    • www. astalavista .box. sk
    • www. securiteam .com
  • Lab
    • Visit the sites used for the hacker toolkit and familiarise yourself with some of the tools available
    • Good searches:
      • Denial of service
      • Backdoor / netbus / backoriface
      • http://www. securityfocus .com/ vulnerability section
    • Time: 30 minutes
  • -- Knoppix 3.7
    • Bootable CD
    • Boots in most Intel/AMD systems
    • Linux 2.x with basic security tools
    • Also see Trustix, Trinux and Packetmaster on sourceforge
  • Lab
    • Boot Linux (trinux Knoppix or Packetmasters) and have a play
    • Time: 35 minutes
  • A methodology
  • A network penetration methodology Test Objective To identify insecure protocols or insecure settings of services related to available protocols or services
  • Research Phase Objective and Strategy
    • Objective: Find out technical information about the target site
      • Using external information sources
      • Not touching the target servers
    • Strategy: Review information available from
      • DNS
      • RIPE
      • Netcraft
      • News groups (particularly firewall newsgroups)
  • Identifying router and firewall
    • Identify the Web or Mail server
    • Get the Next-Hop before this
      • This will probably be the perimeter router or the firewall
      • PIX does not appear as a hop (Fw1 & NetScreen do)
      • 80% chance it will be NetScreen, PIX or Firewall 1
    • To figure out which
      • ICMP ( i.e. Address Mask Request)
      • Use TCP Stack finger printing
      • Key ports (258, 259 + 263 could be firewall 1)
      • IPSEC
    • Exploit vulnerabilities with pre-written tools
  • Hacking the servers
      • Scan TCP ports
      • Scan UDP ports
        • !!! Only HTTP or HTTPS ports should be visible
        • If it is a webserver etc
      • Run CGI scanner (I.e. Whisker, Crazymad or Nikto) to look for web server exploits
      • Check Scanner
      • Identify exploits
  • Security Boot Camp Intro