demystifying penetration testing by sambit priyambad rout
DESCRIPTION
Steps involved in scanning the vulnerabilities on a computer system.better known as pentestingTRANSCRIPT
KONARK INSTITUTE OF SCIENCE & TECHNOLOGY
Prepared By: Sambit Priyambad RoutBranch:Computer Science & Engineering
7th semesterRegistration No:0601214088Email:[email protected]
seminar onDEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
CYBERCON 2009
• It is a process of gaining access to systems,network and resources without prior knowledge of username password and other normal means.
• Penetration Testers are different from attackers as they perform on demand hacking of systems and have necessary legal permissions from the organizations.
• Used for internal and external security assessment of an organization .
What is Pen-Testing ?
Securing the networksProtecting business secretsSome cases of network intrusion: DRDO hack 1998,MILWORM LHC hack 2008,GST Nokia, Fujitsu, Motorola, and Sun
Microsystems,NYT 1980-95,Kevin Mitnick
Why Pen-Testing ?
Penetration Testing vs. Vulnerability Assessment
Types of Penetration Testing ?
Scope of Penetration Testing ?
Wireless NetworksDMZ environmentsInternet Data Centers (IDC)VPN Termination pointsRemote Access pointsDial -In
Possible Environments for Pen-Testing ?
1.Network Information Gathering2. Ports Scanning and Automated Vulnerability
Scanning3. Network Attack & Penetration4.Local Information Gathering5.Privilege Escalation , Maintaining Access and covering
Tracks6.Social Engineering7.Report and Documentation of facts with PoC’s
Pen-Testing Approach…
Domain Registration and Mail ID
Network Information Gathering
Whois.com
IP ranges
Network Information Gathering
OS Types
Network Information Gathering
Applications Running
Network Information Gathering
Scan for Open ,Closed and Filtered ports and
identify services
Scan for vulnerabilities for known applications
running on that port.
Port Scanning and AVS…
Vulnerabilities discovered during AVS are exploited either by use of automated tools or manually.
Gaining Access Metasploit ,CORE Impact and SAINTexploit SQL Injection Buffer Overflow attacks
Exploiting Known Vulnerabilities…
Password Cracking techniques: Brute Force Attack Hybrid Attack Dictionary Attack
Password Cracking
Post Attack Scenario…
Creates a new user account with administrator privilegeAfter the system has been compromised the attacker tries to maintain access to the systemInstalls trojans ,worms ,backdoorsAfter exploring the system ,the attacker deletes the user accountCleans up the tracks by use of timestamp tools
• How it is done?• Phone Phreaking in 1980’s• Founder of social engineering Kevin Mitinick – FBI’s
most wanted computer criminal• Motorola source code stolen• Inhouse training of staffs
Social Engineering
Reporting and Documentation…
A briefing of the penetration test,details of the techniques usedClassify the vulnerabilities as high,low or medium risk PoCRemedies for the vulnerabilitySuggest best practicesA summary of the overall testing process
Enumeration ,Fingerprinting and Scanning: Traceroute,Nmap,whois lookup,nslookup,
Ports Scanning and Automated Vulnerability Scanning:Nmap,GFI Languard,Nessus,Personal Security Inspector 1.5
Exploiting Services for Known Vulnerabilities:Metasploit 3.2,CORE Impact,SAINTexploit
Password Cracking:Brutus,MungaBunga,Elcomsoft,John The Ripper Post Attack:BackOrifice,LCP 5.0 Exploits Used:Open Source and freeware exploits Toolkits: BackTrack 4,Knoppix-STD
List of Tools…
www.sans.orgwww.insecure.orgWikipediawww.hackingspirits.comwww.remote-exploit.orgwww.milw0rm.comwww.governmentsecurity.orgwww.astalavista.net
Bibliography
QUERIES ?
Thank You !!SAMBIT PRIYAMBAD ROUTCSE,7th [email protected]