I'm take picture from here and there by goggling not mentioning all source please let me know if anyone has any objection. This presentation was presented in IUT CTF G3t R00t
4. The OWASP Foundation
http://www.owasp.org
Nahidul Kibria
Co-Leader, OWASP Bangladesh Chapter,
Senior Software Engineer, KAZ Software
Ltd.
Writing code for fun and food.
And security enthusiastic
Twitter:@nahidupa
5. What is the event all
about?
Computer security? Information security?
Cyber Security?
Is it a game?
Are we going to learn hacking?
5
6. Capture The Flag(CTF)
In computer security, Capture the Flag
(CTF) is a computer security wargame.
Each team is given a machine (or small
network) to defend on an isolated
network.--wikipedia
6
7. Its not just a competition⌠more than itâŚ
HOW?
7
11. If you want to be a Penetration Tester
11
A penetration test, occasionally pentest, is a method of
evaluating the security of a computer system or network by
simulating an attack from malicious outsiders with authorize by
the owner of that system.
12. Prerequisites
1. Good understanding network
architecture.
2. How modern operating system work
and system administration.
3. Application/Database/Service how they
designed and work.
12
14. Tools and tactics
Do not reinvent the wheelâŚUse existing
tools
But do not just depends on
Tools/ScriptsâŚIn some case you have
to write your own
14
37. About OWASP
OWASPâs mission is âto make application security visible, so
that people and organizations can make informed decisions
about true applicationâ
Attacker not use black art to exploit your application
38. OWASP Bangladesh
⢠Bangladeshi community of Security professional
⢠Globally recognized
⢠Open for all
⢠Free for all
What do we have to offer?
⢠Monthly Meetings
⢠Mailing List
⢠Presentations & Groups
⢠Open Forums for Discussion
⢠Vendor Neutral Environments
40. Our Successes
OWASP Tools and
Documentation:
⢠~15,000 downloads (per
month)
⢠~30,000 unique visitors
(per month)
⢠~2 million website hits (per
month)
OWASP Chapters are
blossoming worldwide
⢠1500+ OWASP Members in
active chapters worldwide
⢠20,000+ participants
OWASP AppSec Conferences:
⢠Chicago, New York, London,
Washington D.C, Brazil, China,
Germany, moreâŚ
Distributed content portal
⢠100+ authors for tools,
projects, and chapters
OWASP and its materials are
used, recommended and
referenced by many
government, standards and
industry organizations.
40
45. Questions.
1. A question from cryptography. (300 points)
2. A question from malware analysis. (not that
much hardcore as it sound) (150 points)
3. A forensic analysis ( The easiest question of
the contest) (50 points)
45
46. Final Questions.
1. A server named GetRoot_v00t will be given. (500 points)
2. Another server named GetRoot_Drag0n will be given.
(1000 points)
Both server is take down from live because it suspected to
compromise by attacker and the attacker changed it root
password. So your job is recover the root password of this
server as well as create a report of what venerability this
server has to the judge.
46
47. Rules
1. You must run the given Virtual machine
only in NATed mode.
2. Take Screenshots in each success steps
include them to a document.
3. Cheating is allowed if you can manage
it silently.
47
48. We select the winner according the
following criteria (We will do partial
marking.)
1.How many points the participants has (scoring).
2.How complete the solutions are (quality).
3. Creativity, Geek Factor.
48
51. Netcat
Originally released in 1996, Netcat is a networking program
designed to read and write data across both Transmission
Control Protocol TCP and User Datagram Protocol (UDP)
connections using the TCP/Internet Protocol (IP) protocol
suite. Netcat is often referred to as a âSwiss Army knifeâ
utility, and for good reason.
52. Basic Operations
ď§Simple Chat Interface
ď§Port Scanning
ď§Transferring Files
ď§Banner Grabbing
ď§Redirecting Ports and Traffic
ď§Creating backdoor
and what else u need ..........
57. 1) Get info about remote host
ports and OS detection
nmap -sS -P0 -sV -O <target>
Where < target > may be a single IP, a hostname or a subnet
-sS TCP SYN scanning (also known as half-open, or stealth scanning)
-P0 option allows you to switch off ICMP pings.
-sV option enables version detection
-O flag attempt to identify the remote operating system
Other option:
-A option enables both OS fingerprinting and version detection
-v use -v twice for more verbosity.
nmap -sS -P0 -A -v < target >
58. 2) Get list of servers with a
specific port open
nmap -sT -p 80 -oG â 192.168.1.* |
grep open
Change the -p argument for the port
number. See âman nmapâ for different
ways to specify address ranges.
59. 3) Find all active IP addresses
in a network
nmap -sP 192.168.0.*
There are several other options. This one
is plain and simple.
Another option is:
nmap -sP 192.168.0.0/24
for specific subnets
60. 4) Ping a range of IP
addresses
nmap -sP 192.168.1.100-254
nmap accepts a wide variety of addressing
notation, multiple targets/ranges, etc.
61. 5) Find unused IPs on a given
subnet
nmap -T4 -sP 192.168.2.0/24 &&
egrep â00:00:00:00:00:00âł
/proc/net/arp
62. 6) Scan for the Conficker
virus on your LAN ect.
nmap -PN -T4 -p139,445 -n -v â
script=smb-check-vulns âscript-
args safe=1 192.168.0.1-254
replace 192.168.0.1-256 with the IPâs you
want to check.
63. 7) Scan Network for Rogue
APs.
nmap -A -p1-85,113,443,8080-8100 -
T4 âmin-hostgroup 50 âmax-rtt-
timeout 2000 âinitial-rtt-timeout
300 âmax-retries 3 âhost-timeout
20m âmax-scan-delay 1000 -oA
wapscan 10.0.0.0/8
Iâve used this scan to successfully find
many rogue APs on a very, very large
network.
64. 9) How Many Linux And
Windows Devices Are On
Your Network?
sudo nmap -F -O 192.168.0.1-255 | grep
âRunning: â > /tmp/os; echo â$(cat
/tmp/os | grep Linux | wc -l) Linux
device(s)â; echo â$(cat /tmp/os | grep
Windows | wc -l) Window(s) devicesâ
65. OS fingerprinting
1. XP with service pack 1
2. XP with service pack 2
3. Linux 64.0.33
4. MAC os
5. Open BSD
6. Etc etc