SlideShare ist ein Scribd-Unternehmen logo

Penetration Testing

•Als PPTX, PDF herunterladen•
•
M
Md Samsul Kabir
1 von 26
How to Fix A Broken Window
Outline • Hacking • Penetration Testing. • Methodology • Foot printing. • Scanning. • Enumeration. • Gaining Access. • Escalating Privilege. • Covering track. • Creating Back door. • Denial of service. • Backtrack.
Hacking
Type of Hacking • Black Hat • Grey Hat • White Hat
Black Hat vs White Hat
Black Hat vs White Hat Pen Tester’s have prior approval from Senior Management while Hackers are approved by themselves.
Black Hat vs White Hat Pen Tester’s social engineering attacks are there to raise awareness. Hackers social engineering attacks are there to trick the DMV into divulging sensitive information about the whereabouts of their estranged ex-spouse.
Penetration Testing White Hat hacking is known as Penetration Testing or Pen Testing. “A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker.” - Wikipedia
Hacking methodology An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al. Scanning Footprinting Enumeration Gaining Access Escalating Privilege Pilferting Covering Tracks Creating Back Doors Denial of Service
Footprinting • Find out as much information as possible about the target host. • Find out target IP address. • Find domain name, admin, name servers • DNS transfer zone. Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
Footprinting Google - itself is very good hacking device Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
Footprinting Spyfu.com and Keywordspy.com Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
Footprinting www.sec.gov -> edgar database Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
Footprinting Steganography Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
Reconnaissance A way of collecting information physically.
Scanning Three type scan- – Port – Network (live pc, pc name, OS). – Vulnerability scan. Techniques Ping sweep TCP/UDP port scan OS detection Tools Fping, icmpenum WS_Ping ProPack nmap Nmap Superscan fscan Nmap queso siphon
Scanning Scanning step – Check live system – Open port – Service identification – OS finger printing(what os in server) – Vulnerability scan – draw network diagrams of vulnerable host – prepare proxy (ip spoofing) Techniques Ping sweep TCP/UDP port scan OS detection Tools Fping, icmpenum WS_Ping ProPack nmap Nmap Superscan fscan Nmap queso siphon
Enumeration • Identify valid user accounts or poorly protected resource shares. • Most intrusive probing than scanning step. Techniques list user accounts list file shares identify applications Tools Null sessions DumpACL Sid2usre onSiteAdmin Showmount NAT legion Banner grabing with telnet or netcat, rpcinfo
Gaining Access Based on the information gathered so far, make an informed attempted to access the target. Techniq ues Password eavesdropping File share brute forcing Password File grab Buffer overflow Tools Tcpdump/ssldu mp L0phtcrack readsmb NAT legion Tftp Pwddump2(NT) Ttdb, bind IIS .HTR/ISM.D LL
Escalating Privilege If only user-level access was obtained in the last step, seek to gain complete control of the system. Techniques Password cracking Known Exploits Tools John the ripper L0phtcrack Lc_messages, Getadmin, sechole
Covering Tracks Once total ownership of the target is secured, hiding this fact from system administrators become paramount, less they quickly end the romp. Techniques Clear Logs Hide tools Tools Zap, Event Log GUI Rootkits file streaming
Creating Back Doors • Trap doors will be laid in various parts of the system to ensure that privilege access is easily regained whenever the intruder decides. Techniques Create rogue user accounts Schedule batch jobs Infect startup files Tools Members of wheel, admin Cron, AT rc, startup folder, registry keys Techniques Plant remote control services Install monitoring mechanisms Replace appls with Trojans Tools Netcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to secadmin mail aliases Login, fpnwcint.dll
Denial of Services • If atacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort. Techniques Syn flood ICMP techniques Identical src/dst SYN requests Tools synk4 Ping to death smurf Land Latierra Techniques Overlapping fragment/offset bugs Out of bounds TCP options (OOB) DDoS Tools Netcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to sec admin mail aliases Trinoo TFN stacheldraht
Backtrack BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
Question and Answer

Empfohlen

WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2đź‘€ Joe Gray
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 

Empfohlen

WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2đź‘€ Joe Gray
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application SecurityChristian Martorella
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingWon Ju Jub
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless networkHadi Fadlallah
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Frameworkđź‘€ Joe Gray
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseAshwini Almad
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known IncidentEndgameInc
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedAshwini Almad
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber SecuritySatria Ady Pradana
 
Web application Testing
Web application TestingWeb application Testing
Web application TestingOWASP Foundation
 
Billions & Billions of Logs
Billions & Billions of LogsBillions & Billions of Logs
Billions & Billions of LogsJack Crook
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesDragos, Inc.
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017FRSecure
 
Hacking step (Methodology)
Hacking step (Methodology)Hacking step (Methodology)
Hacking step (Methodology)Greater Noida Institute Of Technology
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 

Weitere ähnliche Inhalte

Was ist angesagt?

A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application SecurityChristian Martorella
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingWon Ju Jub
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless networkHadi Fadlallah
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseAshwini Almad
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known IncidentEndgameInc
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedAshwini Almad
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Web application Testing
Web application TestingWeb application Testing
Web application TestingOWASP Foundation
 
Billions & Billions of Logs
Billions & Billions of LogsBillions & Billions of Logs
Billions & Billions of LogsJack Crook
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesDragos, Inc.
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017FRSecure
 

Was ist angesagt? (20)

A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application Security
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet Noise
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known Incident
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are Detected
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber Security
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
 
Billions & Billions of Logs
Billions & Billions of LogsBillions & Billions of Logs
Billions & Billions of Logs
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil Refineries
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
 

Ă„hnlich wie Penetration Testing

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingshahhardik27
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingshahhardik27
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guidePankaj Dubey
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
cyber sequirety Terms.pptx
cyber sequirety Terms.pptxcyber sequirety Terms.pptx
cyber sequirety Terms.pptxAritMistri1
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBharat Sabne
 
Computer security
Computer securityComputer security
Computer securityMohamed Abdo
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRishabha Garg
 

Ă„hnlich wie Penetration Testing (20)

Hacking step (Methodology)
Hacking step (Methodology)Hacking step (Methodology)
Hacking step (Methodology)
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
 
cyber sequirety Terms.pptx
cyber sequirety Terms.pptxcyber sequirety Terms.pptx
cyber sequirety Terms.pptx
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Computer security
Computer securityComputer security
Computer security
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Penetration Testing

  • 1. How to Fix A Broken Window
  • 2.
  • 3. Outline • Hacking • Penetration Testing. • Methodology • Foot printing. • Scanning. • Enumeration. • Gaining Access. • Escalating Privilege. • Covering track. • Creating Back door. • Denial of service. • Backtrack.
  • 5. Type of Hacking • Black Hat • Grey Hat • White Hat
  • 6. Black Hat vs White Hat
  • 7. Black Hat vs White Hat Pen Tester’s have prior approval from Senior Management while Hackers are approved by themselves.
  • 8. Black Hat vs White Hat Pen Tester’s social engineering attacks are there to raise awareness. Hackers social engineering attacks are there to trick the DMV into divulging sensitive information about the whereabouts of their estranged ex-spouse.
  • 9. Penetration Testing White Hat hacking is known as Penetration Testing or Pen Testing. “A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker.” - Wikipedia
  • 10. Hacking methodology An excellent description inside of the back cover page of “Hacking Exposed” text by McClure et al. Scanning Footprinting Enumeration Gaining Access Escalating Privilege Pilferting Covering Tracks Creating Back Doors Denial of Service
  • 11. Footprinting • Find out as much information as possible about the target host. • Find out target IP address. • Find domain name, admin, name servers • DNS transfer zone. Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
  • 12. Footprinting Google - itself is very good hacking device Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
  • 13. Footprinting Spyfu.com and Keywordspy.com Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
  • 14. Footprinting www.sec.gov -> edgar database Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
  • 15. Footprinting Steganography Technique s Open Source search Find domain name, admin, IP addresses, name servers DNS zone transfer Tools Google,search engine, Edgar Whois Nslookup Sam Spade
  • 16. Reconnaissance A way of collecting information physically.
  • 17. Scanning Three type scan- – Port – Network (live pc, pc name, OS). – Vulnerability scan. Techniques Ping sweep TCP/UDP port scan OS detection Tools Fping, icmpenum WS_Ping ProPack nmap Nmap Superscan fscan Nmap queso siphon
  • 18. Scanning Scanning step – Check live system – Open port – Service identification – OS finger printing(what os in server) – Vulnerability scan – draw network diagrams of vulnerable host – prepare proxy (ip spoofing) Techniques Ping sweep TCP/UDP port scan OS detection Tools Fping, icmpenum WS_Ping ProPack nmap Nmap Superscan fscan Nmap queso siphon
  • 19. Enumeration • Identify valid user accounts or poorly protected resource shares. • Most intrusive probing than scanning step. Techniques list user accounts list file shares identify applications Tools Null sessions DumpACL Sid2usre onSiteAdmin Showmount NAT legion Banner grabing with telnet or netcat, rpcinfo
  • 20. Gaining Access Based on the information gathered so far, make an informed attempted to access the target. Techniq ues Password eavesdropping File share brute forcing Password File grab Buffer overflow Tools Tcpdump/ssldu mp L0phtcrack readsmb NAT legion Tftp Pwddump2(NT) Ttdb, bind IIS .HTR/ISM.D LL
  • 21. Escalating Privilege If only user-level access was obtained in the last step, seek to gain complete control of the system. Techniques Password cracking Known Exploits Tools John the ripper L0phtcrack Lc_messages, Getadmin, sechole
  • 22. Covering Tracks Once total ownership of the target is secured, hiding this fact from system administrators become paramount, less they quickly end the romp. Techniques Clear Logs Hide tools Tools Zap, Event Log GUI Rootkits file streaming
  • 23. Creating Back Doors • Trap doors will be laid in various parts of the system to ensure that privilege access is easily regained whenever the intruder decides. Techniques Create rogue user accounts Schedule batch jobs Infect startup files Tools Members of wheel, admin Cron, AT rc, startup folder, registry keys Techniques Plant remote control services Install monitoring mechanisms Replace appls with Trojans Tools Netcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to secadmin mail aliases Login, fpnwcint.dll
  • 24. Denial of Services • If atacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort. Techniques Syn flood ICMP techniques Identical src/dst SYN requests Tools synk4 Ping to death smurf Land Latierra Techniques Overlapping fragment/offset bugs Out of bounds TCP options (OOB) DDoS Tools Netcat, remote.exe VNC, B02K remote desktop Keystroke loggers, add acct. to sec admin mail aliases Trinoo TFN stacheldraht
  • 25. Backtrack BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.