Download - Session 1
![Page 1: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/1.jpg)
04/10/23
Security Boot CampIntro
![Page 2: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/2.jpg)
04/10/23
Why this course
• A few years ago a few friends that used to be part of a very successful attack and pen team wrote a course very similar to this
• They now have remembered a course very similar to the original so that everyone can share the experience and gain a better understanding of the subject matter
![Page 3: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/3.jpg)
04/10/23
Who is that Fat Man?
What did Mark Do: •The most popular 802.11 IDS• Invent an IDS collation engine•Discover several zero day vulnerabilities•Coin the term WAP-GAP •The London Hacker survey•Contribute to the CEH Cert•Expert witness a famous dirty tricks legal action etc etc etc
Mark holds the following certifications: •CISSP and CISM•Checkpoint CCSA + CCSE •Cisco CCNA + CSSP •BA Computing + MBA
![Page 4: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/4.jpg)
04/10/23
Outline
• Overview of the types of hacking tools and platforms used
• Sites used by hackers
• Building your white-hat hacker toolkit
![Page 5: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/5.jpg)
04/10/23
Origination of tools
• Tools tend to be freely downloadable from the web
• Many tools shared via IRC• Pirated – commercial tools are also available • Many available through peer to peer programs• Tools tend to be developed for specific
vulnerabilities
![Page 6: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/6.jpg)
04/10/23
Types of tools
Network and system scanning/mapping
Vulnerability scanning and testing (Nessus, whisker)
Password crackers (Brutus, LC3)
Encryption tools
Network sniffers
War dialling
![Page 7: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/7.jpg)
04/10/23
The Unix hacker toolkit
• Nmap – Port Scanner• Nessus – Port scanner &
Vulnerability assessment• Traceroute – with the source
route patch or LFT• Hping2 – Scanning and
tracerouting tool• Whisker – Web vulnerability
scanner (Nikto is also based on Whisker)
• Stunnel/SSLPROXY– De-SSL HTTP/s
• Sniffit – command line sniffer• Netcat – raw socket access
• Tcpdump – command line sniffer
• Icmptime
• juggernaut
• Net::SSLeay – SSL module for PERL (for many tools)
• John the Ripper – Password cracker
• Hunt/Sniper – TCP/IP connection hijacking tool
• nimrod – website enumerator
• Spike archives
• Ethereal – sniffer
• dsniff
![Page 8: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/8.jpg)
04/10/23
The Windows hacker toolkit
• Brutus – Brute force utility
• Mingsweeper – TCP/IP scanning tool
• Superscan – TCP/IP scanning tool
• MPTraceroute/LFT
• SamSpade – Footprinting tool
• NessusWX – Nessus interface
• ISS Scanner / Cyber Cop
• Netstumbler – Wireless LAN Scanner
• WinDump – tcpdump for Windows
Toneloc – War dialling tool
Finger – Backdoor tool
NetBios Auditing Tool (NAT)
Netcat - Enumeration tool
Legion – Enumeration tool
LC3 (l0phtcrack)
![Page 9: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/9.jpg)
04/10/23
The Windows hacker toolkit cont.
• Cygwin – Unix like environment for Windows (provides many UNIX command line tools including shell & compiler)
• ToneLoc – Wardialling tool • NT resource kit – many tools applicable to NT
network enumeration and penetration• NMAP (Win32 port) -- available from
insecure.org
![Page 10: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/10.jpg)
04/10/23
Denial Of Service tools
From the spike package
Land and Latierra
Smurf & Fraggle
Synk4
Teardrop, newtear, bonk, syndrop
Zombies
![Page 11: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/11.jpg)
04/10/23
Network Sniffers
tcpdump
Sniffit
dsniff
Observer
Sniffer Pro
Ethereal
Snoop
![Page 12: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/12.jpg)
04/10/23
Underlying requirements
Certain tools, have pre-requisites before installation• Perl• SSLeay• Open SSL • Linux Variations• Example: Whisker requires Perl to be installed
![Page 13: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/13.jpg)
04/10/23
Websites
Websites where tools can be found :
• www.securityfocus.com
• www.packetstormsecurity.org
• www.astalavista.box.sk
• www.securiteam.com
![Page 14: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/14.jpg)
04/10/23
Lab
• Visit the sites used for the hacker toolkit and familiarise yourself with some of the tools available
• Good searches:– Denial of service– Backdoor / netbus / backoriface– http://www.securityfocus.com/ vulnerability
section
Time: 30 minutes
![Page 15: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/15.jpg)
04/10/23
-- Knoppix 3.7
• Bootable CD
• Boots in most Intel/AMD systems
• Linux 2.x with basic security tools
Also see Trustix, Trinux and Packetmaster on sourceforge
![Page 16: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/16.jpg)
04/10/23
Lab
• Boot Linux (trinux Knoppix or Packetmasters) and have a play
Time: 35 minutes
![Page 17: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/17.jpg)
04/10/23
A methodology
![Page 18: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/18.jpg)
04/10/23
A network penetration methodology
Test Objective
To identify insecure protocols or insecure settings of services related to available protocols or services
![Page 19: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/19.jpg)
04/10/23
Research PhaseObjective and Strategy
• Objective: Find out technical information about the target site– Using external information sources– Not touching the target servers
• Strategy: Review information available from– DNS– RIPE– Netcraft– News groups (particularly firewall newsgroups)
![Page 20: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/20.jpg)
04/10/23
Identifying router and firewall• Identify the Web or Mail server• Get the Next-Hop before this
– This will probably be the perimeter router or the firewall– PIX does not appear as a hop (Fw1 & NetScreen do)– 80% chance it will be NetScreen, PIX or Firewall 1
• To figure out which– ICMP ( i.e. Address Mask Request) – Use TCP Stack finger printing – Key ports (258, 259 + 263 could be firewall 1)– IPSEC
Exploit vulnerabilities with pre-written tools
![Page 21: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/21.jpg)
04/10/23
Hacking the servers– Scan TCP ports
– Scan UDP ports
!!! Only HTTP or HTTPS ports should be visible
If it is a webserver etc
– Run CGI scanner (I.e. Whisker, Crazymad or Nikto) to look for web server exploits
– Check Scanner
– Identify exploits
![Page 22: Session 1](https://reader033.vdocuments.net/reader033/viewer/2022061220/54bc30074a79594b7f8b456f/html5/thumbnails/22.jpg)
04/10/23
Security Boot CampIntro