2. 2Networks and servers - Mon@eal.dk
Are you secure?
● Bad question
● More correct: Are you
secure enough?
● Use penetration
testing
3. 3Networks and servers - Mon@eal.dk
Penetration test
● Periodic tests
● External consultants
● Test reports
● Example
Don't google for images related to “penetration testing”
4. 4Networks and servers - Mon@eal.dk
Movie time
Go here . ● Questions
● Is this realistic?
● Implied stuff?
● What is no told?
● Easy/difficult?
● Software used?
● Attack traces?
5. 5Networks and servers - Mon@eal.dk
Quick summary, part I
FTP server
● Enumerating
● Proftpd sql injection
vuln.
● Reverse shell
● Locating user
● Database credentials
Database server
● Bypassing non-
routing network
● Firewall hole on port
3306
● Reverse shell
6. 6Networks and servers - Mon@eal.dk
Quick summary, part II
Mail server
● Encrypted tunnel from
target
● Port 445 “SMB over
TCP”
● “Circumvent NX”
● Add privileged user
and login user remote
desktop
7. 7Networks and servers - Mon@eal.dk
SQL injection
Sidetrack:
“This is your son's school..”
Social engineering attempt?