7. TAFE NSW
CYBER SECURITY
• White Box – full knowledge of the network
and infrastructure being tested (insider)
• Grey Box – partial knowledge (insider)
• Black Box – no knowledge of the target of
evaluation (outsider)
9. TAFE NSW
CYBER SECURITY
A vulnerability is:
Any weakness such as a software flaw or logic
design, that could be exploited by a threat to
cause damage to an asset
10. TAFE NSW
CYBER SECURITY
A penetration test is:
A full scale test of security controls of a
system or network in order to identify
security risks and vulnerabilities
11. TAFE NSW
CYBER SECURITY
1. Create a folder on C: drive named
Hackerstorm
2. Go to www.hackerstorm.com and click free
downloads from the choices menu at the top
3. Scroll down and click the Hackerstorm OSVDB
vulnerability database tool
4. Click download GUI v1.1 saving the file to the
Hackerstorm… unzip the files
5. Click download OSVDB folder current
database, unzip and over write as necessary
12. TAFE NSW
CYBER SECURITY
6. C:Hackerstorm – double click Start.html
7. Click the OSVDB search button at the bottom,
scroll through the vendors on the left - choose
Mozilla Organisation and then click the view
button
8. On the next screen click view all… scroll through
the Vulnerabilities listed and choose one by
clicking on it…
View all sort of information about a particular
vulnerability
13. TAFE NSW
FOOTPRINTING
Like everything else in Hacking, Footprinting
usually follows an organised path
Active Footprinting – one where the hacker
has to touch the device, network or
resource
Passive Footprinting – measures to collect
information from publically accessible
sources
15. TAFE NSW
CYBER SECURITY
Easter Eggs – filled with all sorts of fun
Google:
• Do a barrel roll
• Tilt
Do a Google image search
• Atari breakout
16. TAFE NSW
Examining Open Ports
• Download CurrPorts
(www.nirsoft.net/utils/cports.html)
• Unzip and launch program
• Select a port and go to File > Properties
• Close a suspicious port – Be Careful
• Download and install Fport (McAfee)
• Open Command Prompt go to Fport.exe
• The running ports and processes will be shown
21. TAFE NSW
SCANNING AND ENUMERATION
Enumeration is to specify individually,
to count off or name 1 by 1
• SuperScan (McAfee)
• Use Stealth - Proxy
22. TAFE NSW
KALI LINUX SUITE
Responder
This tool is first an LLMNR and NBT-NS
responder, it will answer to *specific*
NBT-NS (NetBIOS Name Service) queries
http://tools.kali.org/sniffingspoofing/responder
25. TAFE NSW
SNIFFING AND EVASION
The art of capturing packets on the wire or air
waves to review for interesting information
View ARP entries (address resolution protocol)
• Ping a local machine
• Arp –a
• Clear the ARP cache “netsh interface ip
delete arpcache”
• Arp -a
26. TAFE NSW
SNIFFING
Passive Sniffing
Like the name suggests, plug in a sniffer
and let it do it’s work
Active Sniffing
Requires input – injection or manipulation
stance, usually involves a switch
27. TAFE NSW
SNIFFER - WIRESHARK
• Download and open
• Choose which network interface (LAN)
and start capture (turn off promiscuous
mode)
• Open a browser (www.yahoo.com)
• Close the browser
• Stop capture
• Click the protocol header - explore
28. TAFE NSW
SNIFFER – WIRESHARK
• Scroll down to the first HTTP packet, right click and
choose follow TCP stream – what does it display?
• Clear the expression window, filter the command
to only show packets from your machine eg.
ip.src==192.186.0.8
• Pick out a packet you received and note the IP
address of the machine
• Clear the expression window and sort on packets
from that machine eg. ip.addr==192.168.0.34
29. TAFE NSW
EVASION
Snort- most widely deployed IDS in the
world https://www.snort.org/
IDS Evasion Tactics
Flooding (inundator, TCP packet
generator, PackETH)
30. TAFE NSW
FIREWALLS – ROAD BLOCKS
• Protect internal resources against
external access
• Placement of the firewall??
• HTTP tunnelling –firewall evasion
• HTTP Shell – port 80
• Firewall informer – find the firewall
31. TAFE NSW
CYBER SECURITY
Students are believed to have got into
their school’s IT network through staff
passwords, giving them access to
“personal and sensitive” information
about other students
Police are investigating that breach.
35. TAFE NSW
USING KALI
• In Kali – open a terminal window
• Create 2 users with the adduser command
Adduser test1 –d /home/users/test1
Adduser test2 –d /home/users/test2 (or
useradd …)
• Set their passwords
passwd test1 pass
passwd test1 P@ss
36. TAFE NSW
USING KALI
• Start John the Ripper – point it to the shadow file
(or copy the shadow file to the john folder for ease)
• cp /etc/shadow /etc/john/shadow
• cd /etc/john
• /etc/shadow
• “permission denied”
• https://www.blackmoreops.com/2015/11/10/crack
ing-password-in-kali-linux-using-john-the-ripper/
38. TAFE NSW
CYBER SECURITY
• Configure the menu item to the adaptor
you want to sniff
• Start sniffing
• Head to a site requiring authentication
andor start a telnet, FTP or MySQL
session
• Close browsing
41. TAFE NSW
CYBER SECURITY
• Examined potential targets
• Mapped out open ports
• Scanned for vulnerabilities
• Stolen a password
• Sitting on a machine
• Patience!
42. TAFE NSW
STEALTH – HIDING FILES & ACTIVITY
• Alternative data streams (ADS)
• Create Folder C:FStream
• Create normal.txt (in same folder –add txt)
• Create wanttohide.txt (add txt)
• Open command prompt
• Wanttohide.txt > original.txt:hidden.txt
• Delete wanttohide.txt
43. TAFE NSW
STEALTH – HIDING FILES & ACTIVITY
• Now you should see only
notepad.exe and normal.txt
• From command prompt
• Start c:testnormal.txt:hidden.txt
• Contents of the text files should be
displayed
44. TAFE NSW
STEALTH – HIDING FILES & ACTIVITY
• In C:Fstream create second.txt
• Create a hidden copy
• Notepad.exe > second.txt:notepad.exe
• Delete notepad.exe from C:test
• Type dir to confirm there are no more
executables in the folder
• Start C:testsecond.txt:notepad.exe
52. TAFE NSW
MAC SPOOFING
• Download and install SMAC (www.klcconsulting.net/smac/)
• Download and install TMAC (www.technitium.com/tmac/)
• Open SMAC (click proceed on trial ver.)
53. TAFE NSW
CYBER SECURITY
Click IPConfig button – find your MAC address
Could also do ipconfig /all
Select an adaptor from the list, click the
Random button – new MAC
Click the Update MAC button – note new
MAC
Click Remove Mac and close SMAC
54. TAFE NSW
CYBER SECURITY
Open TMAC
Click change MAC, type in your own MAC
or click random
Ensure Auto restart network connection
check box is marked
Click change now (verify ipconfig /all)
Click original MAC button and close TMAC
55. TAFE NSW
MALWARE ATTACKS
Software designed to harm or secretly
access a computer system without the
owners informed consent
Download EliteWrap
58. TAFE NSW
HASH ALGORITHMS
Provide a means to verify the integrity of a
piece of data
• Download and install DigitalVolcano MD5
hash – open it
• Open Notepad, create test.txt – type into
the file “Dan is good”, save and close
• In Digital Volcano open test.txt
59. TAFE NSW
CYBER SECURITY
• Open test.txt again and change “good”
to “great” – save and close
• Select the file again and note the
difference in the hash value