NETWORK PENETRATION TESTING

Transcription

1 NETWORK PENETRATION TESTING

2

3 LESS The Threat State Sponsored MORE Terrorism Espionage Criminal NOTE: Hackers increasingly showing more potential to cause greater damage MORE Hacker LESS Occurrence Damage

4 Current Scenario Millions of computers are infected with malware, while hundreds of thousands more are enslaved as botnets sending spam, launching DOS attacks and hosting dubious websites.

5 Penetration Testing A penetration test subjects a system to the real-world attacks selected and conducted by the testing personnel. The benefit of a penetration test is to identify the extent to which a system can be compromised before the attack is identified and assess the response mechanism s

6 Penetration Test A process of discovering weakness in computer infrastructure and network. It is a proactive testing Usually carried out By a team of Pen testers By organization to simulate a real attacks

7 Network Penetration Testing Pen Testing Blind Pen Testing Double Blind Pen Testing

8 Pentest Approach Penetration Test Approach Black Box Testing White Box Testing A test without prior knowledge of the infrastructure Simulate real life hacking activities Take longer time A test with complete knowledge of the infrastructure Can spot common errors very fast

9 Standard Operating Procedure 1. Get Management approval 2. Sign NDA (Non-Disclosure Agreement) 3. Establish POC (Point of Contact) 4. Defining Scope and Success Criteria 5. Schedule the activity (Normally during off working hours) 6. Attack and Reporting

10 Steps Involved Information Gathering Scanning and Enumeration Gaining Access Collecting Proof of Concept

11 Information Gathering First Step performed by any penetration tester.

12 Information Gathering Google Search Engine Old Site Archives Job portals Dumpster Diving Social Engineering DNS Names Mining Whois Expanding Arena of War

13 Google Search Engine Using Advanced Operators site filetype intitle inurl link

14 Google Search Engine 1 site:abc.com test 2 filetype:ppt test 3 intitle:login 4 inurl:admin 5 link:abc.com

15 Hunting archives

16 Dumpster Diving Dumpster diving is the practice of sifting through commercial or residential trash to find items that have been discarded by their owners, but which may be useful to the Dumpster diver

17 Social Engineering Social engineering is the art of manipulating people into performing actions or divulging confidential information.

18 Social Engineering A form of intrusion targeting the weakness in the non-technical aspects of system and people. Rely on in-built human vulnerabilities: Inexperience Unable to keep up with fast paced culture (IT) Not aware of value of information they possess Remain as greatest threat to any security system

19 DNS Mining Netcraft.com DNS Zone Transfer

20 DNS Mining Netcraft.com

21 DNS Mining DNS Zone Transfer Nslookup Set type=ns <Domain_Name> Server <Output_from_Above> ls d <Domain_Name> Demo

22 Whois Who is Gives information about a domain name and an Internet Protocol (IP) address.

23 Whois Web browser query for Who is database for a domain name

24 Whois Information from IP

25 Expanding Arena of War route-views3.routeviews.org

26 Scanning and Enumeration Port Scanning Service Detection OS Fingerprinting

27 What is Nmap Nmap is an open source network reconnaissance tool developed by Gordon fyodor Lyon (

28 Basic uses of Nmap Nmap is used for: Host discovery Port scanning Service and version detection Operating system detection

29 Host Discovery To discover if a host is up or down sp flag for activating the host discovery option Nmap discovery run: nmap sp *

30

31 Port Scanning What are ports? Ports are virtual access points of a host. For an attacker, these ports are the entry points into the host There are two types of ports: tcp and udp. Tcp ports: connection oriented protocol Udp ports: connectionless protocol

32 Port Scanning Nmap has 2 basic options for scanning tcp and udp ports: For TCP ports: -ss For UDP Ports: su Both the scans can be selected: Nmap ss su

33

34 Service and Version detection What is service and version detection? Nmap Service detection deals with detection of services running on ports Nmap sv flag: used for activating service detection Probing Command for Service detection: nmap ss sv

35

36 Operating system detection What is Operating system detection? Detection of operating system of remote host. Nmap O flag : activates OS detection option of Nmap. nmap ss O

37

38 Gaining Access Vulnerability Assessment Vulnerability Exploitation

39 Nessus (Vulnerability scanner)

40 Nessus Nessus is a free vulnerability scanner. Can be downloaded from Can be registered for free

41 Basic usage of Nessus Host discovery Port scanning Enumeration Vulnerability assessment

42 Features of Nessus Based on client-server model Nessus client is used to connect to Nessus server which performs the actual scan Has a GUI as well as CLI

43

44 Using Nessus Nessus server is installed on localhost by default. Connection must be established to Nessus server using Nessus client to initiate scan

45

46 Using Nessus Target can be chosen as single IP or a range

47

48 Using Nessus

49 Selecting scan policies Comes with two pre-configured scan policies Can be further configured

50

51 Nessus Output Shows scan time Shows open ports Information gathered about target host Number of vulnerabilities detected in the remote host

52

53 Vulnerability Exploitation

54 Owning a box in 5 commands Metasploit Load db_sqlite3 db_create test.db db_nmap ip db_autopwn t p e md Sachin

55 Penetration through Databases

56

57

58 Real Time Case Study

59 Whois Route-views3.routeviews.org Netconfigs.com Scan Demo

60 AKSIT- KEY SERVICES Gap Analysis Network Architecture Review Vulnerability Assessment External Pen Testing Application Security Audit Physical Security Risk Assessment Formulation of Security Policies Information Security Training

61 Catch Thank You Wg.Cdr Ashish Kumar Saxena (Retd.) ashish@aksitservices.co.in Ph: Sachin Kumar sachin.kumar@aksitservices.co.in

62 Thank you Thank you Head Office AKS Information Technology Services Pvt. Ltd. G-71, First Floor, Secor-63, Noida, UP Tel WebSite -