Your SlideShare is downloading. ×
0
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Public exploit held private – penetration testing the researcher’s way   tamaghna basu
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Public exploit held private – penetration testing the researcher’s way tamaghna basu

577

Published on

Public Exploit Held Private – Penetration Testing The Researcher’s Way - Tamaghna Basu - OWASP India Conference 2012

Public Exploit Held Private – Penetration Testing The Researcher’s Way - Tamaghna Basu - OWASP India Conference 2012

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
577
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in Public exploit held private : Penetration Testing the researcher’s way Tamaghna Basu GCIH, OSCP, RHCE, CEH, ECSA tamaghna.basu@gmail.com OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 2. Setting the contextWhy Pentesting?How do you do it? To VA or to PT… That’s the question. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 2
  • 3. Setting the context Terminologies  Exploit  Payload  Reverse shell OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 3
  • 4. BasicsPentesting  Internal  External  Automated -> review the report -> get the final report  Manual -> run few basic tools -> get the report done OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 4
  • 5. Basics…Pentesting Steps  Recon and Scanning  Exploit  Maintain Access  Clean up OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 5
  • 6. ScanningWhy?  Identify the live hosts  OS fingerprinting  Service fingerprinting OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 6
  • 7. ScanningDesi Jugaad  Ping sweep / shell scripts  Almighty netcat Decent tools (But indecent usage)  NMAP (behold the power of NSE)  Others? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 7
  • 8. ScanningProblem!  It is taking too long to scan, need to go for lunch…  Is it really a windows box but looks like a Linux box? Or which version? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 8
  • 9. ScanningI have Nessus. Why to go through so much pain?I don’t have Nessus. What to do? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 9
  • 10. Exploit Motive  To gain access  Data  Command execution  Destroy everything! Categories  Service level  OS OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 10
  • 11. ExploitWhat to exploit?  HTTP?  FTP?  SNMP?  What else? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 11
  • 12. Exploit HTTP  Server Exploit  Command Execution  Web Shells  SQLi OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 12
  • 13. Exploit FTP  Server Exploit – Buffer Overflow  Fuzzing???SNMP  What to do? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 13
  • 14. Exploit Metasploit  Updates?  How to import an external exploit? Any other options?How about writing own exploit (at free time) (out of scope) OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 14
  • 15. ExploitI am in, what to do?  Secure access?  Add user  Open a port  I like it the reverse way  meterpreter  Dude, did you get root/admin acces? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 15
  • 16. Privilege Escalation Categories  Service level  OSProblem!  How can I transfer my exploit there?  Netcat  FTP OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 16
  • 17. L33t love story Exploit’s love letter to the machine  PAYLOAD…Which courier?  MSF – set payload  Custom program – msfpayload  Bad characters  Executable - msfpayload OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 17
  • 18. Pivoting… Huh?Why do I need it?How do I do it? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 18
  • 19. Fuzzing… My favorite but last thing I prefer to do on my own  Python rocks!  Basic  Advanced OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 19
  • 20. Did I miss anything? Questions Perspectives Comments OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 20
  • 21. Thank you tamaghna.basu@gmail.com twitter.com/titanlambda linkedin.com/in/tamaghnabasu 21OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

×