Session 1
-
Upload
sandra4211 -
Category
Documents
-
view
1.086 -
download
0
description
Transcript of Session 1
04/10/23
Security Boot CampIntro
04/10/23
Why this course
• A few years ago a few friends that used to be part of a very successful attack and pen team wrote a course very similar to this
• They now have remembered a course very similar to the original so that everyone can share the experience and gain a better understanding of the subject matter
04/10/23
Who is that Fat Man?
What did Mark Do: •The most popular 802.11 IDS• Invent an IDS collation engine•Discover several zero day vulnerabilities•Coin the term WAP-GAP •The London Hacker survey•Contribute to the CEH Cert•Expert witness a famous dirty tricks legal action etc etc etc
Mark holds the following certifications: •CISSP and CISM•Checkpoint CCSA + CCSE •Cisco CCNA + CSSP •BA Computing + MBA
04/10/23
Outline
• Overview of the types of hacking tools and platforms used
• Sites used by hackers
• Building your white-hat hacker toolkit
04/10/23
Origination of tools
• Tools tend to be freely downloadable from the web
• Many tools shared via IRC• Pirated – commercial tools are also available • Many available through peer to peer programs• Tools tend to be developed for specific
vulnerabilities
04/10/23
Types of tools
Network and system scanning/mapping
Vulnerability scanning and testing (Nessus, whisker)
Password crackers (Brutus, LC3)
Encryption tools
Network sniffers
War dialling
04/10/23
The Unix hacker toolkit
• Nmap – Port Scanner• Nessus – Port scanner &
Vulnerability assessment• Traceroute – with the source
route patch or LFT• Hping2 – Scanning and
tracerouting tool• Whisker – Web vulnerability
scanner (Nikto is also based on Whisker)
• Stunnel/SSLPROXY– De-SSL HTTP/s
• Sniffit – command line sniffer• Netcat – raw socket access
• Tcpdump – command line sniffer
• Icmptime
• juggernaut
• Net::SSLeay – SSL module for PERL (for many tools)
• John the Ripper – Password cracker
• Hunt/Sniper – TCP/IP connection hijacking tool
• nimrod – website enumerator
• Spike archives
• Ethereal – sniffer
• dsniff
04/10/23
The Windows hacker toolkit
• Brutus – Brute force utility
• Mingsweeper – TCP/IP scanning tool
• Superscan – TCP/IP scanning tool
• MPTraceroute/LFT
• SamSpade – Footprinting tool
• NessusWX – Nessus interface
• ISS Scanner / Cyber Cop
• Netstumbler – Wireless LAN Scanner
• WinDump – tcpdump for Windows
Toneloc – War dialling tool
Finger – Backdoor tool
NetBios Auditing Tool (NAT)
Netcat - Enumeration tool
Legion – Enumeration tool
LC3 (l0phtcrack)
04/10/23
The Windows hacker toolkit cont.
• Cygwin – Unix like environment for Windows (provides many UNIX command line tools including shell & compiler)
• ToneLoc – Wardialling tool • NT resource kit – many tools applicable to NT
network enumeration and penetration• NMAP (Win32 port) -- available from
insecure.org
04/10/23
Denial Of Service tools
From the spike package
Land and Latierra
Smurf & Fraggle
Synk4
Teardrop, newtear, bonk, syndrop
Zombies
04/10/23
Network Sniffers
tcpdump
Sniffit
dsniff
Observer
Sniffer Pro
Ethereal
Snoop
04/10/23
Underlying requirements
Certain tools, have pre-requisites before installation• Perl• SSLeay• Open SSL • Linux Variations• Example: Whisker requires Perl to be installed
04/10/23
Websites
Websites where tools can be found :
• www.securityfocus.com
• www.packetstormsecurity.org
• www.astalavista.box.sk
• www.securiteam.com
04/10/23
Lab
• Visit the sites used for the hacker toolkit and familiarise yourself with some of the tools available
• Good searches:– Denial of service– Backdoor / netbus / backoriface– http://www.securityfocus.com/ vulnerability
section
Time: 30 minutes
04/10/23
-- Knoppix 3.7
• Bootable CD
• Boots in most Intel/AMD systems
• Linux 2.x with basic security tools
Also see Trustix, Trinux and Packetmaster on sourceforge
04/10/23
Lab
• Boot Linux (trinux Knoppix or Packetmasters) and have a play
Time: 35 minutes
04/10/23
A methodology
04/10/23
A network penetration methodology
Test Objective
To identify insecure protocols or insecure settings of services related to available protocols or services
04/10/23
Research PhaseObjective and Strategy
• Objective: Find out technical information about the target site– Using external information sources– Not touching the target servers
• Strategy: Review information available from– DNS– RIPE– Netcraft– News groups (particularly firewall newsgroups)
04/10/23
Identifying router and firewall• Identify the Web or Mail server• Get the Next-Hop before this
– This will probably be the perimeter router or the firewall– PIX does not appear as a hop (Fw1 & NetScreen do)– 80% chance it will be NetScreen, PIX or Firewall 1
• To figure out which– ICMP ( i.e. Address Mask Request) – Use TCP Stack finger printing – Key ports (258, 259 + 263 could be firewall 1)– IPSEC
Exploit vulnerabilities with pre-written tools
04/10/23
Hacking the servers– Scan TCP ports
– Scan UDP ports
!!! Only HTTP or HTTPS ports should be visible
If it is a webserver etc
– Run CGI scanner (I.e. Whisker, Crazymad or Nikto) to look for web server exploits
– Check Scanner
– Identify exploits
04/10/23
Security Boot CampIntro