Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Automated Penetration Testing With Core Impact

5,778 views

Published on

Presentation I did for the NEO InfoSec Forum on Core Impact in 2008.

Published in: Technology

Automated Penetration Testing With Core Impact

  1. 1. Automated Penetration Testing with CORE IMPACT Tom Eston NEO Information Security Forum February 20, 2008
  2. 2. Topics <ul><li>What makes a good penetration testing framework? </li></ul><ul><li>What is CORE IMPACT? </li></ul><ul><li>How does it work? </li></ul><ul><li>Cool features </li></ul><ul><li>Limitations </li></ul><ul><li>Live demonstration </li></ul><ul><ul><ul><li>Network Side RPT (Rapid Penetration Test) </li></ul></ul></ul><ul><ul><ul><li>Client Side RPT </li></ul></ul></ul>
  3. 3. Disclaimer <ul><li>I am not a paid spokesman for Core Security Technologies </li></ul><ul><li>Opinions are from a customer perspective </li></ul><ul><li>“ Automated penetration testing does not replace the need for manual, detailed penetration testing!” </li></ul>
  4. 4. What makes a good penetration testing framework? <ul><li>Platform independent </li></ul><ul><ul><ul><li>Install on Windows, Mac, Linux </li></ul></ul></ul><ul><li>Good exploit collection w/regular updates </li></ul><ul><li>A intuitive, robust GUI </li></ul><ul><li>Ability to add new exploits </li></ul><ul><li>Open source or ability to customize </li></ul><ul><li>Good reporting tools </li></ul>
  5. 5. What frameworks are available? <ul><li>Metasploit Framework </li></ul><ul><li>Inguma </li></ul><ul><li>SecurityForest </li></ul><ul><li>Attack Tool Kit </li></ul><ul><li>Immunity Canvas ($) </li></ul><ul><li>CORE IMPACT ($) </li></ul><ul><li>Some are application or web specific… </li></ul><ul><ul><ul><li>Orasploit (Oracle) </li></ul></ul></ul><ul><ul><ul><li>PIRANA (email content filtering framework) </li></ul></ul></ul><ul><ul><ul><li>BeEF (Browser Exploitation Framework) </li></ul></ul></ul><ul><ul><ul><li>W3af (Web Application Exploit Framework) </li></ul></ul></ul>
  6. 6. What is CORE IMPACT? <ul><li>Commercial penetration testing framework ($$) </li></ul><ul><li>Uses a common pen test methodology </li></ul><ul><ul><ul><li>Information Gathering </li></ul></ul></ul><ul><ul><ul><li>Attack and Penetration </li></ul></ul></ul><ul><ul><ul><li>Privilege Escalation </li></ul></ul></ul><ul><ul><ul><li>Clean Up and Reporting </li></ul></ul></ul><ul><li>Network, client-side and web (SQL Injection and PHP remote file inclusion) RPT functions </li></ul><ul><li>Detailed logging </li></ul><ul><li>Easy to use </li></ul><ul><li>Safe </li></ul><ul><ul><ul><li>Exploits are extensively tested by the CORE IMPACT team </li></ul></ul></ul><ul><li>Develop custom modules and exploits (Python) </li></ul><ul><li>Pretty reports… </li></ul>
  7. 7. How does it work? <ul><li>Launch agents and modules against target systems from the console </li></ul><ul><ul><ul><li>Agents - Small programs you install on compromised systems and use to advance an attack. </li></ul></ul></ul><ul><ul><ul><ul><ul><li>Memory resident! (think Metasploit’s meterpreter) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Level of agents give you additional functionality (pivoting) </li></ul></ul></ul></ul></ul><ul><ul><ul><li>Modules - Operations that can be launched against target systems </li></ul></ul></ul><ul><ul><ul><ul><ul><li>OS fingerprinting, port scanning, and targeted exploits </li></ul></ul></ul></ul></ul><ul><li>View detailed information about target systems </li></ul><ul><li>Keeps a record of all activity, module output, and the results of attacks </li></ul>
  8. 8. Cool Features <ul><li>Pivoting </li></ul><ul><ul><ul><li>Use compromised host to attack hosts on internal network </li></ul></ul></ul><ul><li>Collect Windows password hashes in-memory </li></ul><ul><li>Log keystrokes, sniff passwords and hashes </li></ul><ul><li>Collect saved login credentials from popular applications such as Internet Explorer, Firefox and MSN </li></ul><ul><li>Install agents with valid username, password, hash combinations </li></ul><ul><li>MSRPC fragmentation and traffic encryption </li></ul><ul><ul><ul><li>Test IDS/IPS defenses </li></ul></ul></ul>
  9. 9. Limitations <ul><li>Importing external vulnerability data </li></ul><ul><ul><ul><li>Nessus, Qualys, etc… </li></ul></ul></ul><ul><ul><ul><li>Slow and buggy at times </li></ul></ul></ul><ul><li>Console sometimes unstable </li></ul><ul><ul><ul><li>Crash will cause agents to disconnect </li></ul></ul></ul><ul><li>Know Python? </li></ul><ul><li>Expensive! </li></ul>
  10. 10. Live Demonstration <ul><li>Lab Setup </li></ul><ul><ul><ul><li>VMware Server, CORE IMPACT Console </li></ul></ul></ul><ul><ul><ul><li>4 Windows Systems, 1 Linux </li></ul></ul></ul><ul><li>Network Side Rapid Penetration Test </li></ul><ul><ul><ul><li>Information Gathering </li></ul></ul></ul><ul><ul><ul><li>Attack and Penetration w/multiple exploits </li></ul></ul></ul><ul><ul><ul><li>Clean Up </li></ul></ul></ul><ul><li>Client Side Rapid Penetration Test </li></ul><ul><ul><ul><li>Phishing simulation </li></ul></ul></ul><ul><ul><ul><li>Windows XP target running Outlook Express </li></ul></ul></ul><ul><ul><ul><li>Microsoft WMF Exploit </li></ul></ul></ul>
  11. 11. Questions <ul><li>[email_address] </li></ul><ul><li>CORE IMPACT from Core Security Technologies http://www.coresecurity.com/ </li></ul>

×