An Easy-to-deploy Penetration
Testing Platform
Bing Duan, Yinqian Zhang, Dawu Gu
Department of Information Security
Engineering
Shanghai Jiao Tong University
Presenter:Bo-Chun Peng
Advisor: Yu-Lun Huang
20090401

Outline
Introduction

Principle of PT design

Architecture of PT design

Distributed testing client- SolarSword

A real test case study

Conclusion

Reference


Introduction
PT models have two categories

Flaw hypothesis model

Attack tree model


Introduction(cont.)
Flaw hypothesis model

Vulnerabilities are relatively more fixed and obvious.

Attack tree model

Lacking background info on security leaks.

Top-down tree structure to represent the attack behavior.


Introduction(cont.)
Setbacks of the former platforms

Manual processes

Time cousuming,error-prone

Testing platforms’ security

Testing systems are difficult to deploy


Principles of PT platform design
Automatic

Pt tools, attacking modes & strategies.

Minimize manual errors.

Quick deployment

Single point can’t cover all of network.

Immune

Probably be attached or injected by malicious codes


Architecture of design
Control center

Administrative interface.

Template and scripts for the testing clients.

Automatic analysis and decision making of the strategy.

Distributed testing clients

LiveDVD system: SolarSword

Equipped with various security tools

Download the testing scripts and upload the testing

results

Flow chart of design
The info gathering phase

The vulnerability

exploitation phase.
Report generation phase


Distributed testing client-SolarSword
Base on the Opensolaris operating system.

Read only- immune to virus and rootkit attack.

Not need any installation- flexible and easy to deploy

Equiped with a lot of PT weapons


Distributed testing client-SolarSword
1. Scanners & Analyzers

1) Vulnerability scanner

2) Application scanner & analyzer

3) Web vulnerability scanner

4) Port scanner

2. Packet Craft

3. Vulnerability Exploit

4. Traffic Monitoring Tools

5. Password Crack Tools

6. Bruteforce Tools

7. Spoof Tools

8. Footprinting Tools

9. Others


A real test case study
The Ethernet is in 192.168.0.0/24 network segment.

The selected host is an AMD Sempron 3400+

machine with 1G RAM.

A real test case study (cont.)
Insert the LiveDVD into the random machine.

Download the testing scripts with default template

from the control center.

A real test case study (cont.)
Information gathering phase Vulnerability exploitation phase

A real test case study (cont.)
Microsoft IIS web server 5.1

DOS attack

CUP usage of 192.168.0.105

when it is attacked.

Conclusion
Advantages

Distributed , easy to deploy

Automatic

Immune

Drawbacks

Control center is needed

Log in control center.


Reference
An Easy-to-Deploy Penetration Testing Platform

Bing Duan; Yinqian Zhang; Dawu Gu;
Young Computer Scientists, 2008. ICYCS 2008. The 9th
International Conference for
18-21 Nov. 2008 Page(s):2314 - 2318
Digital Object Identifier 10.1109/ICYCS.2008.335
SCHNEIER, B., Attack Trees, Dr. Dobbs Journal, December1999.

www.solarsword.org
