Your SlideShare is downloading. ×
How to Setup A Pen test Lab and How to Play CTF
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

How to Setup A Pen test Lab and How to Play CTF

12,658
views

Published on

How to Setup A Pen test Lab and How to Play CTF by Anant Shrivastava @ null Pune Meet, August 2011

How to Setup A Pen test Lab and How to Play CTF by Anant Shrivastava @ null Pune Meet, August 2011

Published in: Technology

0 Comments
11 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
12,658
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
395
Comments
0
Likes
11
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. By Anant Shrivastavahttp://anantshri.info
  • 2. What is a Pen test Lab A Pen testing Lab just like any other lab is a controlled environment where behavioral or operational patterns of a object / application could be studied for enhancement of skill / knowledge of the practitioner. More specifically we try to create a replica of Wild Wild West and try to study it in a controlled manner Presentation by Anant Shrivastava for Null 2
  • 3. Why Give me six hours to chop down a tree and I will spend the first four sharpening the axe. -Abraham Lincoln Practice enhances perfection Do I need to say more….. Presentation by Anant Shrivastava for Null 3
  • 4. What we will be practicing A pentest lab could be a generalized lab or focused lab towards one single approach. Such as  network testing  web app testing  malware analysis  mobile analysis  More and more… Presentation by Anant Shrivastava for Null 4
  • 5. Standards good to know OWASP – Open Web Application Security Project OSSTMM - Open Source Security Testing Methodology Manual ISO 27001 – auditing standard : (protection mechanism postmortem details). Presentation by Anant Shrivastava for Null 5
  • 6. Lets Get Started What are the basic requirements of a Pentest Lab. Network 2-3 PC Some vulnerable stuff. Some toolset. And of course a Twisted mind  Presentation by Anant Shrivastava for Null 6
  • 7. Approach 1 Purchase a Switch/Router Keep two powerful computers make one as target another as attacker. PC target : could be loaded with prebuilt vulnerable software stacks. (examples ahead) PC attack : load it with self build tool chain or prebuilt tool chain. Presentation by Anant Shrivastava for Null 7
  • 8. Approach 2 Virtualization 1 Powerful Laptop / Desktop (>=4GB RAM, 64bit, 2.4+ preferable Quad Core) Virtualization Solution  VMWare  Oracle Sun Innotek Virtual BOX   Microsoft virtual PC  Minimum 2 VM  Target  Attacker Presentation by Anant Shrivastava for Null 8
  • 9. Attack Machine Again Self Created or  Backtrack  Matriux  Moth/Lambert  Helix(Forensic Distro)  SIFT  Lots more google is your friend I prefer Keeping a windows VM also and load tools specific to windows inside the VM Presentation by Anant Shrivastava for Null 9
  • 10. Target Machine Target Machine, either we can prepare ourself or use existing prebuilt images like  MetaSploitable  Unpatched Windows 2000, Xp  Damn Vulnerable Linux  de-ice  Hackerdemia  pWnOS  Ubuntu 7.04 Presentation by Anant Shrivastava for Null 10
  • 11. Web Application testing For Web applications You need some vulnerable Web application code  WebGoat  Hacme Tools(bank, Casion,Books,Travel…)  Damm vulnerable app  http://demo.testfire.net/  http://testasp.acunetix.com/ Or Download old version of joomla, wordpress, drupal set it up and you are good to go.. Presentation by Anant Shrivastava for Null 11
  • 12. Do’s and Don’t Avoid using main machine for any analysis. Avoid Giving Read write access to VM over any folder of parent. (specially if VM and main OS are same) Once your VM is prepared keep a screnshot. And you can use it as restore point after every session to get back to clean state. Presentation by Anant Shrivastava for Null 12
  • 13. Network Testing For Network Testing you could look at GNS3 for setting up the environment. (ciso/juniper routers / switches) Would recommend : http://www.gns3.net/content/gns3-virtualbox-edition Excellent guides are already available online http://www.gns3.net/documentation Presentation by Anant Shrivastava for Null 13
  • 14. Part 1 Over However Does it satisfies your hunger? Do you feel like conquering something even if you get inside one of the machine. Initially yes but later NO. It fails to satisfy the fun of manhandling the live target. So lets see If we have any option of doing it within legal limits. Presentation by Anant Shrivastava for Null 14
  • 15. Beyond just Lab1. We can practice of online playgrounds.  Live websites providing new challenges every now and then. 1. Honeynet.org 2. Hackthissite.org 3. Smashthestack.org 4. Intruded.net 5. intern0t 6. http://projectshellcode.com/ 7. For casual brain teasing Check hacker.org Are just a few examples Presentation by Anant Shrivastava for Null 15
  • 16. Beyond just lab Practice on Live target’s willing to pay  Facebook.com  Mozilla for its products  Google.comNote : Do read the SOW and then only start. Presentation by Anant Shrivastava for Null 16
  • 17. Capture The Flag You can also participate in various CTF competition. (result fame and / or money besides increase in knowledge and confidence) Capture the flag or CTF are competitions organized world wide in both online and offline mode. People either team up and play against computer / organizer or are pitted against each other. Presentation by Anant Shrivastava for Null 17
  • 18. Online CTF When players play against organizer, they are given set of challenges which they need to complete within stipulated time limit and max scorer wins. Some common characteristics  The challenges will try to touch all bases of ethical hacking (web app, RE, forensics, crypto and more)  You can keep your Zero days with you.  Generally challenges will be checking your approach and not how quickly you can skim through osvdb or exploit- db  Nearly 100% require documented approach to be a winner. Presentation by Anant Shrivastava for Null 18
  • 19. Must have tools These are tools and command that have made by must know how to use and must be ready to be used list  Ping, ssh, telnet, scp, mount, fsck, file  Nmap, gdb  Strace, ltrace, ptrace  Strings, Hexedit  Wireshark, aircrack suite  Firefox plugin set : tamper data, live header, firebug etc.  Windows tools : Network Miner (this tool alone is my reason as of now to keep a windows VM)  Metasploit, burp/ZAP.NOTE : YMMV : your mileage may vary Presentation by Anant Shrivastava for Null 19
  • 20. One on One This type of CTF is generally played in offline mode. Each team is given a machine to play. Machine contains a flag. Task is to save your flag and also capture opponents flag. This is Wild Wild West keep aside all books and start shooting as much arsenal as you have. Good approach is to have few members focusing on hardening and others focusing on attack. These events do see lots and lots of DDoS and DoS attacks Presentation by Anant Shrivastava for Null 20
  • 21. Resources to follow BackTrack Mailing list Full Disclosure (select mailing list of interest)  Main full disclosure  Web application security Security focus (select mailing list of interest)  Security basics SANS Internet Storm Center Darknet To name a few Presentation by Anant Shrivastava for Null 21
  • 22. Anant Shrivastavahttp://anantshri.info