demystifying penetration testing by sambit priyambad rout

KONARK INSTITUTE OF SCIENCE & TECHNOLOGY

Prepared By: Sambit Priyambad RoutBranch:Computer Science & Engineering

7th semesterRegistration No:0601214088Email:sambit.on@gmail.com

seminar onDEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CYBERCON 2009

• It is a process of gaining access to systems,network and resources without prior knowledge of username password and other normal means.

• Penetration Testers are different from attackers as they perform on demand hacking of systems and have necessary legal permissions from the organizations.

• Used for internal and external security assessment of an organization .

What is Pen-Testing ?

Securing the networksProtecting business secretsSome cases of network intrusion: DRDO hack 1998,MILWORM LHC hack 2008,GST Nokia, Fujitsu, Motorola, and Sun

Microsystems,NYT 1980-95,Kevin Mitnick

Why Pen-Testing ?

Penetration Testing vs. Vulnerability Assessment

Types of Penetration Testing ?

Scope of Penetration Testing ?

Wireless NetworksDMZ environmentsInternet Data Centers (IDC)VPN Termination pointsRemote Access pointsDial -In

Possible Environments for Pen-Testing ?

1.Network Information Gathering2. Ports Scanning and Automated Vulnerability

Scanning3. Network Attack & Penetration4.Local Information Gathering5.Privilege Escalation , Maintaining Access and covering

Tracks6.Social Engineering7.Report and Documentation of facts with PoC’s

Pen-Testing Approach…

Domain Registration and Mail ID

Network Information Gathering

Whois.com

IP ranges

Network Information Gathering

OS Types

Network Information Gathering

Applications Running

Network Information Gathering

Scan for Open ,Closed and Filtered ports and

identify services

Scan for vulnerabilities for known applications

running on that port.

Port Scanning and AVS…

Vulnerabilities discovered during AVS are exploited either by use of automated tools or manually.

Gaining Access Metasploit ,CORE Impact and SAINTexploit SQL Injection Buffer Overflow attacks

Exploiting Known Vulnerabilities…

Password Cracking techniques: Brute Force Attack Hybrid Attack Dictionary Attack

Password Cracking

Post Attack Scenario…

Creates a new user account with administrator privilegeAfter the system has been compromised the attacker tries to maintain access to the systemInstalls trojans ,worms ,backdoorsAfter exploring the system ,the attacker deletes the user accountCleans up the tracks by use of timestamp tools

• How it is done?• Phone Phreaking in 1980’s• Founder of social engineering Kevin Mitinick – FBI’s

most wanted computer criminal• Motorola source code stolen• Inhouse training of staffs

Social Engineering

Reporting and Documentation…

A briefing of the penetration test,details of the techniques usedClassify the vulnerabilities as high,low or medium risk PoCRemedies for the vulnerabilitySuggest best practicesA summary of the overall testing process

Enumeration ,Fingerprinting and Scanning: Traceroute,Nmap,whois lookup,nslookup,

Ports Scanning and Automated Vulnerability Scanning:Nmap,GFI Languard,Nessus,Personal Security Inspector 1.5

Exploiting Services for Known Vulnerabilities:Metasploit 3.2,CORE Impact,SAINTexploit

Password Cracking:Brutus,MungaBunga,Elcomsoft,John The Ripper Post Attack:BackOrifice,LCP 5.0 Exploits Used:Open Source and freeware exploits Toolkits: BackTrack 4,Knoppix-STD

List of Tools…

www.sans.orgwww.insecure.orgWikipediawww.hackingspirits.comwww.remote-exploit.orgwww.milw0rm.comwww.governmentsecurity.orgwww.astalavista.net

Bibliography

QUERIES ?

Thank You !!SAMBIT PRIYAMBAD ROUTCSE,7th semester0601214088sambit.on@gmail.com