Public exploit held private – penetration testing the researcher’s way tamaghna basu

790 views
719 views

Published on

Public Exploit Held Private – Penetration Testing The Researcher’s Way - Tamaghna Basu - OWASP India Conference 2012

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
790
On SlideShare
0
From Embeds
0
Number of Embeds
52
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Public exploit held private – penetration testing the researcher’s way tamaghna basu

  1. 1. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in Public exploit held private : Penetration Testing the researcher’s way Tamaghna Basu GCIH, OSCP, RHCE, CEH, ECSA tamaghna.basu@gmail.com OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  2. 2. Setting the contextWhy Pentesting?How do you do it? To VA or to PT… That’s the question. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 2
  3. 3. Setting the context Terminologies  Exploit  Payload  Reverse shell OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 3
  4. 4. BasicsPentesting  Internal  External  Automated -> review the report -> get the final report  Manual -> run few basic tools -> get the report done OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 4
  5. 5. Basics…Pentesting Steps  Recon and Scanning  Exploit  Maintain Access  Clean up OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 5
  6. 6. ScanningWhy?  Identify the live hosts  OS fingerprinting  Service fingerprinting OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 6
  7. 7. ScanningDesi Jugaad  Ping sweep / shell scripts  Almighty netcat Decent tools (But indecent usage)  NMAP (behold the power of NSE)  Others? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 7
  8. 8. ScanningProblem!  It is taking too long to scan, need to go for lunch…  Is it really a windows box but looks like a Linux box? Or which version? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 8
  9. 9. ScanningI have Nessus. Why to go through so much pain?I don’t have Nessus. What to do? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 9
  10. 10. Exploit Motive  To gain access  Data  Command execution  Destroy everything! Categories  Service level  OS OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 10
  11. 11. ExploitWhat to exploit?  HTTP?  FTP?  SNMP?  What else? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 11
  12. 12. Exploit HTTP  Server Exploit  Command Execution  Web Shells  SQLi OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 12
  13. 13. Exploit FTP  Server Exploit – Buffer Overflow  Fuzzing???SNMP  What to do? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 13
  14. 14. Exploit Metasploit  Updates?  How to import an external exploit? Any other options?How about writing own exploit (at free time) (out of scope) OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 14
  15. 15. ExploitI am in, what to do?  Secure access?  Add user  Open a port  I like it the reverse way  meterpreter  Dude, did you get root/admin acces? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 15
  16. 16. Privilege Escalation Categories  Service level  OSProblem!  How can I transfer my exploit there?  Netcat  FTP OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 16
  17. 17. L33t love story Exploit’s love letter to the machine  PAYLOAD…Which courier?  MSF – set payload  Custom program – msfpayload  Bad characters  Executable - msfpayload OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 17
  18. 18. Pivoting… Huh?Why do I need it?How do I do it? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 18
  19. 19. Fuzzing… My favorite but last thing I prefer to do on my own  Python rocks!  Basic  Advanced OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 19
  20. 20. Did I miss anything? Questions Perspectives Comments OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 20
  21. 21. Thank you tamaghna.basu@gmail.com twitter.com/titanlambda linkedin.com/in/tamaghnabasu 21OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

×