Security Boot Camp Intro - PowerPoint PPT Presentation

Loading...

PPT – Security Boot Camp Intro PowerPoint presentation | free to download - id: c94cf-ZmIyY



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Security Boot Camp Intro

Description:

Boot Linux (trinux Knoppix or Packetmasters) and have a play. Time: 35 minutes. 9/8/09 ... Check Scanner. Identify exploits. 9/8/09. Security Boot Camp. Intro ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 23
Provided by: me690
Learn more at: http://www.loud-fat-bloke.co.uk
Category:
Tags: boot | camp | intro | security

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security Boot Camp Intro


1
Security Boot CampIntro

2
Why this course
  • A few years ago a few friends that used to be
    part of a very successful attack and pen team
    wrote a course very similar to this
  • They now have remembered a course very similar to
    the original so that everyone can share the
    experience and gain a better understanding of the
    subject matter

3
Who is that Fat Man?
  • Mark holds the following certifications
  • CISSP and CISM
  • Checkpoint CCSA CCSE
  • Cisco CCNA CSSP
  • BA Computing MBA
  • What did Mark Do
  • The most popular 802.11 IDS
  • Invent an IDS collation engine
  • Discover several zero day vulnerabilities
  • Coin the term WAP-GAP
  • The London Hacker survey
  • Contribute to the CEH Cert
  • Expert witness a famous dirty tricks legal action
  • etc etc etc


4
Outline
  • Overview of the types of hacking tools and
    platforms used
  • Sites used by hackers
  • Building your white-hat hacker toolkit

5
Origination of tools
  • Tools tend to be freely downloadable from the web
  • Many tools shared via IRC
  • Pirated commercial tools are also available
  • Many available through peer to peer programs
  • Tools tend to be developed for specific
    vulnerabilities

6
Types of tools
  • Network and system scanning/mapping
  • Vulnerability scanning and testing (Nessus,
    whisker)
  • Password crackers (Brutus, LC3)
  • Encryption tools
  • Network sniffers
  • War dialling

7
The Unix hacker toolkit
  • Nmap Port Scanner
  • Nessus Port scanner Vulnerability assessment
  • Traceroute with the source route patch or LFT
  • Hping2 Scanning and tracerouting tool
  • Whisker Web vulnerability scanner (Nikto is
    also based on Whisker)
  • Stunnel/SSLPROXY De-SSL HTTP/s
  • Sniffit command line sniffer
  • Netcat raw socket access
  • Tcpdump command line sniffer
  • Icmptime
  • juggernaut
  • NetSSLeay SSL module for PERL (for many
    tools)
  • John the Ripper Password cracker
  • Hunt/Sniper TCP/IP connection hijacking tool
  • nimrod website enumerator
  • Spike archives
  • Ethereal sniffer
  • dsniff

8
The Windows hacker toolkit
  • Brutus Brute force utility
  • Mingsweeper TCP/IP scanning tool
  • Superscan TCP/IP scanning tool
  • MPTraceroute/LFT
  • SamSpade Footprinting tool
  • NessusWX Nessus interface
  • ISS Scanner / Cyber Cop
  • Netstumbler Wireless LAN Scanner
  • WinDump tcpdump for Windows
  • Toneloc War dialling tool
  • Finger Backdoor tool
  • NetBios Auditing Tool (NAT)
  • Netcat - Enumeration tool
  • Legion Enumeration tool
  • LC3 (l0phtcrack)

9
The Windows hacker toolkit cont.
  • Cygwin Unix like environment for Windows
    (provides many UNIX command line tools including
    shell compiler)
  • ToneLoc Wardialling tool
  • NT resource kit many tools applicable to NT
    network enumeration and penetration
  • NMAP (Win32 port) -- available from insecure.org

10
Denial Of Service tools
  • From the spike package
  • Land and Latierra
  • Smurf Fraggle
  • Synk4
  • Teardrop, newtear, bonk, syndrop
  • Zombies

11
Network Sniffers
  • tcpdump
  • Sniffit
  • dsniff
  • Observer
  • Sniffer Pro
  • Ethereal
  • Snoop

12
Underlying requirements
  • Certain tools, have pre-requisites before
    installation
  • Perl
  • SSLeay
  • Open SSL
  • Linux Variations
  • Example Whisker requires Perl to be installed

13
Websites
  • Websites where tools can be found
  • www.securityfocus.com
  • www.packetstormsecurity.org
  • www.astalavista.box.sk
  • www.securiteam.com

14
Lab
  • Visit the sites used for the hacker toolkit and
    familiarise yourself with some of the tools
    available
  • Good searches
  • Denial of service
  • Backdoor / netbus / backoriface
  • http//www.securityfocus.com/ vulnerability
    section
  • Time 30 minutes

15
-- Knoppix 3.7
  • Bootable CD
  • Boots in most Intel/AMD systems
  • Linux 2.x with basic security tools
  • Also see Trustix, Trinux and Packetmaster on
    sourceforge

16
Lab
  • Boot Linux (trinux Knoppix or Packetmasters) and
    have a play
  • Time 35 minutes

17
A methodology
18
A network penetration methodology
Test Objective To identify insecure protocols or
insecure settings of services related to
available protocols or services
19
Research PhaseObjective and Strategy
  • Objective Find out technical information about
    the target site
  • Using external information sources
  • Not touching the target servers
  • Strategy Review information available from
  • DNS
  • RIPE
  • Netcraft
  • News groups (particularly firewall newsgroups)

20
Identifying router and firewall
  • Identify the Web or Mail server
  • Get the Next-Hop before this
  • This will probably be the perimeter router or the
    firewall
  • PIX does not appear as a hop (Fw1 NetScreen do)
  • 80 chance it will be NetScreen, PIX or Firewall
    1
  • To figure out which
  • ICMP ( i.e. Address Mask Request)
  • Use TCP Stack finger printing
  • Key ports (258, 259 263 could be firewall 1)
  • IPSEC
  • Exploit vulnerabilities with pre-written tools

21
Hacking the servers
  • Scan TCP ports
  • Scan UDP ports
  • !!! Only HTTP or HTTPS ports should be visible
  • If it is a webserver etc
  • Run CGI scanner (I.e. Whisker, Crazymad or Nikto)
    to look for web server exploits
  • Check Scanner
  • Identify exploits

22
Security Boot CampIntro
About PowerShow.com