1 / 15

OWASP German Chapter Advanced Penetration Testing in secured Enviroments - Part 1

OWASP German Chapter Advanced Penetration Testing in secured Enviroments - Part 1. Marko Winkler marko.wnklr@gmail.com. Content. Virtual Lab Planning Reconnaissance Exploitation Prospects. Virtual Lab. Kali Linux: http ://www.kali.org/downloads/

pavel
Download Presentation

OWASP German Chapter Advanced Penetration Testing in secured Enviroments - Part 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP German ChapterAdvanced Penetration Testing in secured Enviroments-Part 1 Marko Winkler marko.wnklr@gmail.com

  2. Content • Virtual Lab • Planning • Reconnaissance • Exploitation • Prospects

  3. Virtual Lab Kali Linux: http://www.kali.org/downloads/ Kioptrix: http://www.kioptrix.com/dlvm/Kioptrix_Level_1.rar

  4. Planning – Dradis Framework • Ruby on Rails (RoR) framework • web-based interface • simplifies data collection throughout the testing cycle • manage data overload that can occur when pentesting • combining disparate data sources, such as Nmap, Nessus, and even Metasploit • sharing data with team members

  5. Planning – Dradis Framework Source: http://dradisframework.org/

  6. Reconnaissance • Intelligence Gathering is performing reconnaissance against a target to gather as much information as  utilized when penetrating the target during the vulnerability assessment and exploitation phases Sources: http://www.pentest-standard.org/index.php/Intelligence_Gathering#Intelligence_Gathering Lee Allen - Advances Penetration TestingforHighly-SecuredEnviroments: The Ultimate Security Guide

  7. Reconnaissance – nmap • ActiveFootprinting : Port Scanning & Banner Grabbing • Nmap ("Network Mapper") writtenby Gordon Lyon • standard for network auditing/scanning • runs on both Linux and Windows (cmd line & GUI) • Nmapcommandsyntax: nmap -{type(s)} -{opt(s)} {target} • Nmapscripting engine allows you to create and use custom scripts that perform many different functions

  8. Reconnaissance – nmap • Further Information: DefCon18 - http://www.youtube.com/watch?v=wMammEJywyA

  9. Reconnaissance – Banner Grapping • enumeration technique used to glean information about computer systems on a network and the services running its open ports • used to identify network the version of applications and operating system • suallyperformed on Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP) • Tools commonly used to perform banner grabbing are Telnet, nmap, and Netcat Source: http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Banner_Grabbing_2

  10. Exploitation – Exploit-DB • Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software • aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database

  11. Exploitation – searchsploit • shell script to search a local repository of exploitdb • root@pentest ~# searchsploit [term1] [term2] [term3]

  12. Exploitation – The Hard Way • Getexploit: /usr/share/exploitdb/platforms/ • Path: /linux/remote/10.c • gcc10.c -o SambaRemoteExploit • Troubleshooting?

  13. Exploitation – Metasploit!! • single most useful auditing tools/framework freely available to security professionals (MSFconsole & Armitage) • Ruby based • easilybuildattackvectorstoaddexploits, playloads, encoders • createandexecuteadvancedattacks • uses PostgreSQL as its database Source: http://www.offensive-security.com/metasploit-unleashed/Msfconsole

  14. Prospects – Part 2

  15. Resources • Lee Allen - Advances Penetration TestingforHighly-SecuredEnviroments: The Ultimate Security Guide

More Related