NETWORK PENETRATION TESTING
LESS The Threat State Sponsored MORE Terrorism Espionage Criminal NOTE: Hackers increasingly showing more potential to cause greater damage MORE Hacker LESS Occurrence Damage
Current Scenario Millions of computers are infected with malware, while hundreds of thousands more are enslaved as botnets sending spam, launching DOS attacks and hosting dubious websites.
Penetration Testing A penetration test subjects a system to the real-world attacks selected and conducted by the testing personnel. The benefit of a penetration test is to identify the extent to which a system can be compromised before the attack is identified and assess the response mechanism s
Penetration Test A process of discovering weakness in computer infrastructure and network. It is a proactive testing Usually carried out By a team of Pen testers By organization to simulate a real attacks
Network Penetration Testing Pen Testing Blind Pen Testing Double Blind Pen Testing
Pentest Approach Penetration Test Approach Black Box Testing White Box Testing A test without prior knowledge of the infrastructure Simulate real life hacking activities Take longer time A test with complete knowledge of the infrastructure Can spot common errors very fast
Standard Operating Procedure 1. Get Management approval 2. Sign NDA (Non-Disclosure Agreement) 3. Establish POC (Point of Contact) 4. Defining Scope and Success Criteria 5. Schedule the activity (Normally during off working hours) 6. Attack and Reporting
Steps Involved Information Gathering Scanning and Enumeration Gaining Access Collecting Proof of Concept
Information Gathering First Step performed by any penetration tester.
Information Gathering Google Search Engine Old Site Archives Job portals Dumpster Diving Social Engineering DNS Names Mining Whois Expanding Arena of War
Google Search Engine Using Advanced Operators site filetype intitle inurl link
Google Search Engine 1 site:abc.com test 2 filetype:ppt test 3 intitle:login 4 inurl:admin 5 link:abc.com
Hunting archives www.archive.org/index.php
Dumpster Diving Dumpster diving is the practice of sifting through commercial or residential trash to find items that have been discarded by their owners, but which may be useful to the Dumpster diver
Social Engineering Social engineering is the art of manipulating people into performing actions or divulging confidential information.
Social Engineering A form of intrusion targeting the weakness in the non-technical aspects of system and people. Rely on in-built human vulnerabilities: Inexperience Unable to keep up with fast paced culture (IT) Not aware of value of information they possess Remain as greatest threat to any security system
DNS Mining Netcraft.com DNS Zone Transfer
DNS Mining Netcraft.com
DNS Mining DNS Zone Transfer Nslookup Set type=ns <Domain_Name> Server <Output_from_Above> ls d <Domain_Name> Demo
Whois Who is Gives information about a domain name and an Internet Protocol (IP) address.
Whois Web browser query for Who is database www.whois.net for a domain name
Whois Information from IP www.dnsstuff.com www.geektools.com/whois.php
Expanding Arena of War route-views3.routeviews.org www.netconfigs.com
Scanning and Enumeration Port Scanning Service Detection OS Fingerprinting
What is Nmap Nmap is an open source network reconnaissance tool developed by Gordon fyodor Lyon (http://www.insecure.org)
Basic uses of Nmap Nmap is used for: Host discovery Port scanning Service and version detection Operating system detection
Host Discovery To discover if a host is up or down sp flag for activating the host discovery option Nmap discovery run: nmap sp 192.168.1.*
Port Scanning What are ports? Ports are virtual access points of a host. For an attacker, these ports are the entry points into the host There are two types of ports: tcp and udp. Tcp ports: connection oriented protocol Udp ports: connectionless protocol
Port Scanning Nmap has 2 basic options for scanning tcp and udp ports: For TCP ports: -ss For UDP Ports: su Both the scans can be selected: Nmap ss su 192.168.1.7
Service and Version detection What is service and version detection? Nmap Service detection deals with detection of services running on ports Nmap sv flag: used for activating service detection Probing Command for Service detection: nmap ss sv 192.168.1.8
Operating system detection What is Operating system detection? Detection of operating system of remote host. Nmap O flag : activates OS detection option of Nmap. nmap ss O 192.168.1.8
Gaining Access Vulnerability Assessment Vulnerability Exploitation
Nessus (Vulnerability scanner)
Nessus Nessus is a free vulnerability scanner. Can be downloaded from http://www.nessus.org Can be registered for free
Basic usage of Nessus Host discovery Port scanning Enumeration Vulnerability assessment
Features of Nessus Based on client-server model Nessus client is used to connect to Nessus server which performs the actual scan Has a GUI as well as CLI
Using Nessus Nessus server is installed on localhost by default. Connection must be established to Nessus server using Nessus client to initiate scan
Using Nessus Target can be chosen as single IP or a range
Using Nessus
Selecting scan policies Comes with two pre-configured scan policies Can be further configured
Nessus Output Shows scan time Shows open ports Information gathered about target host Number of vulnerabilities detected in the remote host
Vulnerability Exploitation
Owning a box in 5 commands Metasploit Load db_sqlite3 db_create test.db db_nmap ip db_autopwn t p e md Sachin
Penetration through Databases
Real Time Case Study
Whois Route-views3.routeviews.org Netconfigs.com Scan Demo
AKSIT- KEY SERVICES Gap Analysis Network Architecture Review Vulnerability Assessment External Pen Testing Application Security Audit Physical Security Risk Assessment Formulation of Security Policies Information Security Training
Catch us @ Thank You Wg.Cdr Ashish Kumar Saxena (Retd.) ashish@aksitservices.co.in Ph: +91-9811943669 Sachin Kumar sachin.kumar@aksitservices.co.in
Thank you Thank you Head Office AKS Information Technology Services Pvt. Ltd. G-71, First Floor, Secor-63, Noida, UP 201301 Tel 91-120-4243669 WebSite - http://