Itet2 its penetration testing

303 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
303
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Itet2 its penetration testing

  1. 1. 2010 Spring Morten Bo Nielsen Mon@eal.dk Servers and network Penetration testing
  2. 2. 2Networks and servers - Mon@eal.dk Are you secure? ● Bad question ● More correct: Are you secure enough? ● Use penetration testing
  3. 3. 3Networks and servers - Mon@eal.dk Penetration test ● Periodic tests ● External consultants ● Test reports ● Example Don't google for images related to “penetration testing”
  4. 4. 4Networks and servers - Mon@eal.dk Movie time Go here . ● Questions ● Is this realistic? ● Implied stuff? ● What is no told? ● Easy/difficult? ● Software used? ● Attack traces?
  5. 5. 5Networks and servers - Mon@eal.dk Quick summary, part I FTP server ● Enumerating ● Proftpd sql injection vuln. ● Reverse shell ● Locating user ● Database credentials Database server ● Bypassing non- routing network ● Firewall hole on port 3306 ● Reverse shell
  6. 6. 6Networks and servers - Mon@eal.dk Quick summary, part II Mail server ● Encrypted tunnel from target ● Port 445 “SMB over TCP” ● “Circumvent NX” ● Add privileged user and login user remote desktop
  7. 7. 7Networks and servers - Mon@eal.dk SQL injection Sidetrack: “This is your son's school..” Social engineering attempt?

×