1. 2010 Spring Morten Bo Nielsen Mon@eal.dk Servers and network Penetration testing

2. 2Networks and servers - Mon@eal.dk Are you secure? Bad question More correct: Are you secure enough? Use penetration testing 3. 3Networks and servers - Mon@eal.dk Penetration test Periodic tests External consultants Test reports Example Don't google for images related to penetration testing 4. 4Networks and servers - Mon@eal.dk Movie time Go here . Questions Is this realistic? Implied stuff? What is no told? Easy/difficult? Software used? Attack traces? 5. 5Networks and servers - Mon@eal.dk Quick summary, part I FTP server Enumerating Proftpd sql injection vuln. Reverse shell Locating user Database credentials Database server Bypassing non- routing network Firewall hole on port 3306 Reverse shell 6. 6Networks and servers - Mon@eal.dk Quick summary, part II Mail server Encrypted tunnel from target Port 445 SMB over TCP Circumvent NX Add privileged user and login user remote desktop 7. 7Networks and servers - Mon@eal.dk SQL injection Sidetrack: This is your son's school.. Social engineering attempt?