ethical hacking and penetration testing
DESCRIPTION
Ethical Hacking and Penetration Testing **PenTesting AU Network ** By : Rishabh Upadhyay University of AllahbadTRANSCRIPT
![Page 1: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/1.jpg)
Ethical Hacking&
Penetration Testing
Center of Computer Center of Computer Education and TrainingInstitute of Professional Studies
December 23,2014
By: Rishabh Upadhyay Batch: BCA[2012-15]
Under the Guidence ofProf. R.R.Tewari
![Page 2: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/2.jpg)
Pen Test University of Allahabad Local Area Network.
Network Mapping: Locate Important Host and Services, Firewall and Switches and Hubs.
Develop a Simple Network Scanner.
Demonstrate Some Attacks.
![Page 3: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/3.jpg)
What is a Penetration Testing?
![Page 4: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/4.jpg)
Penetration Testing
“The process of evaluating systems, applications, and protocols with the intent of identifying vulnerabilities usually from the perspective of an unprivileged or anonymous user to determine potential real world impacts…”
![Page 5: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/5.jpg)
In short ...
![Page 6: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/6.jpg)
Penetration Testing
…trying to break into stuffbefore the bad guys do
![Page 7: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/7.jpg)
PenTest Methodologies
![Page 8: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/8.jpg)
PenTest Methodologies
![Page 9: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/9.jpg)
Reconnaissance
Purpose:Narrow down to Specific Target
and Technique
Visiting Organisation Website Consulting Public Internet Registry Google Hacking Using Tools: Nikto ,Nessus,dig, nslookup and lot more ..
![Page 10: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/10.jpg)
Scanning
Purpose:Look for Live Host , Firewall
Service Running ,Version running
Types of Scan: TCP connect Scan SYN Scan UDP Scan
Tools: Nmap,Nessus ,tracert and lot more
![Page 11: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/11.jpg)
Exploitation
Purpose:To exploit the vulnerability and to deploy payload on the remote
system
Tools: Metasploit,Wireshark,Cain,Aircrack-ng, Etherape,
![Page 12: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/12.jpg)
Maintaining Access
Ways to Maintain Access Netcat,Crypt RootKits Remote Access Trojan(RAT)
![Page 13: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/13.jpg)
Vulnerability Assessment &
Penetration Testingfor
University Of Allahabad
![Page 14: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/14.jpg)
Network Mapping
Why to Map network??• Mapping Networks gives a better
understanding of underlying Internet and network infrastructure.
• Network mapping makes testing ,evaluating security of network easy and efficient.
![Page 15: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/15.jpg)
Network Mapping
Network Mapped from SRK Hostel (172.16.233.7)
www.mail1.allduniv.ac.inJK Web Server
www.allduniv.ac.in
www.proxy5.allduniv.ac.in
Cisco Managed Switched
SRK Hostel’s GateWayZonal Switch
CCE Gateway
![Page 16: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/16.jpg)
Network Mapping
Network Mapped from EL Lab 1 (172.16.38.11)
www.mail1.allduniv.ac.in
www.proxy5.allduniv.ac.in www.allduniv.ac.in
www.ns2.allduniv.ac.in www.proxy2.allduniv.ac.in
JK Web Server
CCE Gateway
JK Institute Gateway
Fees Deposit Server (backups)
Gateway
Gateway
Gateway
![Page 17: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/17.jpg)
Discoveries and Findings …
Unprotected Switches and Routers
• UoA network has ample number unprotected Switches and Gateways
• Login Credentials :
login:rwapassword:rwa
login:l2 password: l2
login: cisco password:cisco
Refer Page 23 & 24 of the Documentation for detailedreport
![Page 18: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/18.jpg)
Discoveries and Findings …
Unprotected
Switches and
Routers
Refer Page 23 & 24 of the Documentation for detailedreport
![Page 19: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/19.jpg)
Discoveries and Findings …
Unprotected
Switches and
Routers
Refer Page 23 & 24 of the Documentation for detailedreport
![Page 20: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/20.jpg)
Discoveries and Findings …
Unprotected
Switches and
Routers
Refer Page 23 & 24 of the Documentation for detailedreport
![Page 21: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/21.jpg)
Discoveries and Findings …
Unprotected
Switches and
Routers
Refer Page 23 & 24 of the Documentation for detailedreport
![Page 22: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/22.jpg)
Discoveries and Findings …
Unprotected Switches and Routers
Refer Page 23 & 24 of the Documentation for detailedreport
![Page 23: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/23.jpg)
Discoveries and Findings …
Unprotected
Switches and
Routers
Refer Page 23 & 24 of the Documentation for detailedreport
![Page 24: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/24.jpg)
Discoveries and Findings …
CCTV Cameras - Central Library
Refer Page 25 & 26 of the Documentation for detailedreport
• UoA ‘s CCTV camera sends unencrypted over the network
• Weak Login Credentials :
login:admin password: 1234
![Page 25: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/25.jpg)
Footage of CCTV Cameras at Central Library
![Page 26: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/26.jpg)
Discoveries and Findings …
Refer Page 25 & 26 of the Documentation for detailedreport
Footage of CCTV Cameras at Central Library
![Page 27: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/27.jpg)
Discoveries and Findings …
FTP Server running on 172.16.8.3
Refer Page 21 & 22 of the Documentation for detailedreport
• Weak Login Credentials :
login:admin password: auauau
![Page 28: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/28.jpg)
![Page 29: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/29.jpg)
UoA Hacking Incident Cause of Phishing Site and Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
• File Size : 2.94 GB
• Blue print of entire site
• Has credentials of phpMyAdmin,Joomla CMS
• It is the server end code of the site
![Page 30: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/30.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
![Page 31: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/31.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
Right Now !! The Site is hosted on my machine
![Page 32: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/32.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
Login into The Admin Pannel
![Page 33: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/33.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
Log in Successful!! – Can create and delete post
![Page 34: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/34.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
Total No of Admin the Site has
![Page 35: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/35.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
Logging Into phpMyAdmin: SQL Server
![Page 36: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/36.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
Logged in successfully
![Page 37: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/37.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
Can view and manipulate the Professors Records
![Page 38: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/38.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
Records of All student studing at UoA
![Page 39: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/39.jpg)
UoA Hacking Incident
Refer Page 21 & 22 of the Documentation for detailedreport
Login Credentials with Salted MD5 Hash
![Page 40: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/40.jpg)
Live Demonstration
Man in the Middle Attack:Such type of attack are very easy to launch.
In this type of attack the ,the attacker poisons the ARP Table(Address Resolution Protocol)
Hence, can divert all the traffic through its System and can also alter the packets ,if he wishes..
Tools:Etherape,Driftnet
![Page 41: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/41.jpg)
Live Demonstration Man in the Middle Attack
***Caution****
1.The attack may or may not be successful
2.It may show some objectionable content
![Page 42: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/42.jpg)
Simple Network Scanner in C#
This simple network scanner scans the given work group/domain for computers in Directory Services
The Developed Network Scanner take the limit of I P addresses as Input and scans the entire domain and outputs the Computer Name.
It uses the following Namespaces:
using System.Net;using System.Net.Dns;
Methods: Dns.GetHostByAddress();
![Page 43: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/43.jpg)
Simple Network Scanner in C#
Algorithm:
private void button1_Click(object sender, EventArgs e) { String ipAdress = textBox1.Text; string machineName = string.Empty; try { IPHostEntry hostEntry=Dns.GetHostEntry(ipAdress);
machineName=hostEntry.HostName; } catch (Exception ex) { textBox2.Text = "Machine Not Found"; } textBox2.Text= machineName;
![Page 44: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/44.jpg)
Simple Network Scanner in C#
Screenshot
![Page 45: Ethical Hacking and Penetration Testing](https://reader033.vdocument.in/reader033/viewer/2022061609/5575e121d8b42af74e8b45e9/html5/thumbnails/45.jpg)
Thank You !!
Center of Computer Center of Computer Education and TrainingInstitute of Professional Studies
December 23,2014
By: Rishabh Upadhyay Batch: BCA[2012-15]