Ernest Staats, MSIA, CISSP, CEH, Security+ , MCSE, CWNA,CNA, I-Net+, Server+, Network+, A+ http://es-es.net

The Disclaimer!

In attending this session you agree that any software demonstrated comes absolutely with NO WARRANTY. Use entirely at your own risk. Ernest or Edison, & the other 3rd party vendors whose software is demonstrated as part of this session are not responsible for any subsequent loss or damage whatsoever!

Class Structure

Mile wide, 2.5 feet deep Feel free to ask questions at any timeThere will be many breaks to play with the tools mentionedUse the thumb drive provided by Linoma

The BT4 DVD will be used laterCain and rainbow tables may cause an AV alert as they are used to crack passwords

Problem: Unorganized Response

What should I do?Who should I call?Should I shut the system down?Should I run the virus cleaner?Should I trust my Anti-virus quarantine?Should I re-image the system?

People can be Your Greatest Asset

Or your Weakest !!

Office Security TipsEnsure Employees are Security AwareAdopt an “Acceptable Use” Policy in terms of IT, Email, Internet etcEnsure Employees are Security VettedWear ID Badges Question Visitors – “Offer Help”Secure all Entrances & ExitsKnow Emergency ProceduresSecure your Valuables

Laptops, Phones, Keys, IDs Etc

Keeping up Appearances!

Airport Security at its best.. Ok maybe notThe military teaches that the appearance of a hard target can deter attacks

Google Hacking

Various usernames and passwords (both encrypted and in plain text) Internal documents Internal site statistics Intranet access Database access Open WebcamsVNC ConnectionsMail server access And much more

Google Advance Operators

Operators Description

site: Restrict results to only one domain, or server

inurl:/allinurl: All terms must appear in URL

intitle:/allintitle: All terms must appear in title

cache: Display Google’s cache of a page

ext:/filetype: Return files with a given extension/file type

info: Convenient way to get to other information about a page

link: Find pages that link to the given page

inanchor: Page is linked to by someone using the term

Google Hacking Examples!Site:com filetype:xls "Accounts“"vnc desktop" inurl:5800inurl:indexFrame.shtml Axis inurl:hp/device/this.LCDispatchersite:gov.uk filetype:xls userssite:gov.uk filetype:doc staffsite:co.uk "index of /" +passwd"Index of /” +.htaccesssite:dk +hotel filetype:xlssite:com +password filetype:xlsInurl:admin users passwordsinurl:admin intitle:index.of"Microsoft-IIS/5.0 Server at" intitle:index.of

Don’t Get Google Hacked!

Keep sensitive information off the internet Be careful how you write your scripts and access your databasesUse robots.txt to let Google know what parts of your website it is ok to index. Specify which parts of the website are “off bounds” Ensure directory rights on your web server are in order Monitor your site for common errors“Google hack” your own website

DNS/Domain Tools http://serversniff.net/subdomains.php

http://serversniff.net/nsreport.php gcasda.orghttp://serversniff.net/content.php?do=httprobots

http://whois.domaintools.com/

Tools on Thumb DriveDNS Lookup good DIG tool(GUI) http://nscan.org/dig.htmlNirsoft’s http://www.nirsoft.net/utils/whois_this_domain.htmlhttp://www.nirsoft.net/utils/ipnetinfo.html

People/Image Info K12

http://www.pipl.comhttp://www.peekyou.comhttp://yoname.com

Image Info:http://tineye.com

Take sample image from http://www.governor.nebraska.gov/about/index.html

Maltego

Maltego offers to both network and resource based entities the aggregation of information posted all over the internet - whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits

Maltego Hands on

Software located on Thumb drive run against gcasda.org or a site you have permissions to urn it on

Website Testing made easy Netsparker delivers detection, confirmation and exploitation of vulnerabilities Exploitation of SQL Injection Vulnerabilities Getting a reverse shell from SQL Injection vulnerabilities Exploitation of LFI (Local File Inclusion) Vulnerabilities Downloading the source code of all the crawled pages via LFI (Local File Inclusion) Downloading known OS files via LFI (Local File Inclusion)

Netsparker Hands on

The software is located on thumb drive. You can run against 6.110.220.24 or a site you have permissions to run it against

Portable AppsProcess Kill

Things to hack with

So many tools, so little time to install them all:

Great list of security toolshttp://sectools.org/

Easy way with Live CDs and VMs

BackTrack (Security OS of Choice) http://www.remote-exploit.org/backtrack_download.html

Samurai WTF (web pen-testing )http://samurai.inguardians.com/

DEFT Linux (Computer Forensics)http://www.deftlinux.net/

Staying up to date on trends and exploits

Milw0rm http://www.milw0rm.com/SANS Internet Storm Centerhttp://isc.sans.org/PacketStormhttp://www.packetstormsecurity.org/ BugTraqhttp://www.securityfocus.com/archive/1 RootSecurehttp://www.rootsecure.net/

Podcasts: Learn about new tools as they come out

Pauldotcomhttp://www.pauldotcom.com/Exotic Liability http://www.exoticliability.com/Security Justicehttp://securityjustice.com/ Securabit http://www.securabit.com/

Specially built scenarios

De-ICE & pWnOS Live CDshttp://heorot.net/livecds/

Damn Vulnerable Linuxhttp://www.damnvulnerablelinux.org/

Deliberately vulnerably web apps

Hacme Series from Foundstone (Hacme Travel, Hacme Bank, Hacme Shipping, Hacme Books)http://www.foundstone.com/us/resources-free-tools.asp

WebGoathttp://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

Mutillidaehttp://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10