Upload
guri
View
35
Download
0
Embed Size (px)
DESCRIPTION
Security Tools Workshop Part I. Ernest Staats, MSIA, CISSP, CEH, Security+ , MCSE, CWNA,CNA, I-Net+, Server+, Network+, A+ http://es-es.net. The Disclaimer!. - PowerPoint PPT Presentation
Citation preview
Ernest Staats, MSIA, CISSP, CEH, Security+ , MCSE, CWNA,CNA, I-Net+, Server+, Network+, A+ http://es-es.net
The Disclaimer!
In attending this session you agree that any software demonstrated comes absolutely with NO WARRANTY. Use entirely at your own risk. Ernest or Edison, & the other 3rd party vendors whose software is demonstrated as part of this session are not responsible for any subsequent loss or damage whatsoever!
Class Structure
Mile wide, 2.5 feet deep Feel free to ask questions at any timeThere will be many breaks to play with the tools mentionedUse the thumb drive provided by Linoma
The BT4 DVD will be used laterCain and rainbow tables may cause an AV alert as they are used to crack passwords
Problem: Unorganized Response
What should I do?Who should I call?Should I shut the system down?Should I run the virus cleaner?Should I trust my Anti-virus quarantine?Should I re-image the system?
People can be Your Greatest Asset
Or your Weakest !!
Office Security TipsEnsure Employees are Security AwareAdopt an “Acceptable Use” Policy in terms of IT, Email, Internet etcEnsure Employees are Security VettedWear ID Badges Question Visitors – “Offer Help”Secure all Entrances & ExitsKnow Emergency ProceduresSecure your Valuables
Laptops, Phones, Keys, IDs Etc
Keeping up Appearances!
Airport Security at its best.. Ok maybe notThe military teaches that the appearance of a hard target can deter attacks
Google Hacking
Various usernames and passwords (both encrypted and in plain text) Internal documents Internal site statistics Intranet access Database access Open WebcamsVNC ConnectionsMail server access And much more
Google Advance Operators
Operators Description
site: Restrict results to only one domain, or server
inurl:/allinurl: All terms must appear in URL
intitle:/allintitle: All terms must appear in title
cache: Display Google’s cache of a page
ext:/filetype: Return files with a given extension/file type
info: Convenient way to get to other information about a page
link: Find pages that link to the given page
inanchor: Page is linked to by someone using the term
Google Hacking Examples!Site:com filetype:xls "Accounts“"vnc desktop" inurl:5800inurl:indexFrame.shtml Axis inurl:hp/device/this.LCDispatchersite:gov.uk filetype:xls userssite:gov.uk filetype:doc staffsite:co.uk "index of /" +passwd"Index of /” +.htaccesssite:dk +hotel filetype:xlssite:com +password filetype:xlsInurl:admin users passwordsinurl:admin intitle:index.of"Microsoft-IIS/5.0 Server at" intitle:index.of
Don’t Get Google Hacked!
Keep sensitive information off the internet Be careful how you write your scripts and access your databasesUse robots.txt to let Google know what parts of your website it is ok to index. Specify which parts of the website are “off bounds” Ensure directory rights on your web server are in order Monitor your site for common errors“Google hack” your own website
DNS/Domain Tools http://serversniff.net/subdomains.php
http://serversniff.net/nsreport.php gcasda.orghttp://serversniff.net/content.php?do=httprobots
http://whois.domaintools.com/
Tools on Thumb DriveDNS Lookup good DIG tool(GUI) http://nscan.org/dig.htmlNirsoft’s http://www.nirsoft.net/utils/whois_this_domain.htmlhttp://www.nirsoft.net/utils/ipnetinfo.html
People/Image Info K12
http://www.pipl.comhttp://www.peekyou.comhttp://yoname.com
Image Info:http://tineye.com
Take sample image from http://www.governor.nebraska.gov/about/index.html
Maltego
Maltego offers to both network and resource based entities the aggregation of information posted all over the internet - whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits
Maltego Hands on
Software located on Thumb drive run against gcasda.org or a site you have permissions to urn it on
Website Testing made easy Netsparker delivers detection, confirmation and exploitation of vulnerabilities Exploitation of SQL Injection Vulnerabilities Getting a reverse shell from SQL Injection vulnerabilities Exploitation of LFI (Local File Inclusion) Vulnerabilities Downloading the source code of all the crawled pages via LFI (Local File Inclusion) Downloading known OS files via LFI (Local File Inclusion)
Netsparker Hands on
The software is located on thumb drive. You can run against 6.110.220.24 or a site you have permissions to run it against
Portable AppsProcess Kill
Things to hack with
So many tools, so little time to install them all:
Great list of security toolshttp://sectools.org/
Easy way with Live CDs and VMs
BackTrack (Security OS of Choice) http://www.remote-exploit.org/backtrack_download.html
Samurai WTF (web pen-testing )http://samurai.inguardians.com/
DEFT Linux (Computer Forensics)http://www.deftlinux.net/
Staying up to date on trends and exploits
Milw0rm http://www.milw0rm.com/SANS Internet Storm Centerhttp://isc.sans.org/PacketStormhttp://www.packetstormsecurity.org/ BugTraqhttp://www.securityfocus.com/archive/1 RootSecurehttp://www.rootsecure.net/
Podcasts: Learn about new tools as they come out
Pauldotcomhttp://www.pauldotcom.com/Exotic Liability http://www.exoticliability.com/Security Justicehttp://securityjustice.com/ Securabit http://www.securabit.com/
Specially built scenarios
De-ICE & pWnOS Live CDshttp://heorot.net/livecds/
Damn Vulnerable Linuxhttp://www.damnvulnerablelinux.org/
Deliberately vulnerably web apps
Hacme Series from Foundstone (Hacme Travel, Hacme Bank, Hacme Shipping, Hacme Books)http://www.foundstone.com/us/resources-free-tools.asp
WebGoathttp://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Mutillidaehttp://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10