G3t R00t at IUT
-
Upload
nahidul-kibria -
Category
Technology
-
view
86 -
download
2
Transcript of G3t R00t at IUT
The OWASP Foundationhttp://www.owasp.org
Nahidul Kibria
Co-Leader, OWASP Bangladesh Chapter,Senior Software Engineer, KAZ Software
Ltd.
Writing code for fun and food.And security enthusiastic
Twitter:@nahidupa
What is the event all about?
Computer security? Information security? Cyber Security?
Is it a game?
Are we going to learn hacking?
5
Capture The Flag(CTF)
In computer security, Capture the Flag (CTF) is a computer security wargame. Each team is given a machine (or small network) to defend on an isolated network.--wikipedia
6
If you want to be a Penetration Tester
11
A penetration test, occasionally pentest, is a method of
evaluating the security of a computer system or network by
simulating an attack from malicious outsiders with authorize by
the owner of that system.
Prerequisites
1. Good understanding network architecture.
2. How modern operating system work and system administration.
3. Application/Database/Service how they designed and work.
12
Penetration testingPenetration testing methodology
• Information Gathering/Reconnaissance
• Scanning/Enumeration
• Vulnerability Identification
• Exploitation
13
Tools and tactics
Do not reinvent the wheel…Use existing tools
But do not just depends on Tools/Scripts…In some case you have to write your own
14
32
Coolest Jobs in Information Security
#1 Information Security Crime Investigator/Forensics Expert
#2 System, Network, and/or Web Penetration Tester
#3 Forensic Analyst#4 Incident Responder
#5 Security Architect
#6 Malware Analyst#7 Network Security Engineer
#8 Security Analyst
#9 Computer Crime Investigator
#10 CISO/ISO or Director of Security
#11 Application Penetration Tester#12 Security Operations Center Analyst
#13 Prosecutor Specializing in Information Security Crime
#14 Technical Director and Deputy CISO
#15 Intrusion Analyst
#16 Vulnerability Researcher/ Exploit Developer#17 Security Auditor
#18 Security-savvy Software Developer
#19 Security Maven in an Application Developer Organization
#20 Disaster Recovery/Business Continuity Analyst/Manager
About OWASPOWASP’s mission is “to make application security visible, so
that people and organizations can make informed decisions about true application”
Attacker not use black art to exploit your application
OWASP Bangladesh• Bangladeshi community of Security professional
• Globally recognized
• Open for all
• Free for all
What do we have to offer?
• Monthly Meetings
• Mailing List
• Presentations & Groups
• Open Forums for Discussion
• Vendor Neutral Environments
Our SuccessesOWASP Tools and
Documentation:
• ~15,000 downloads (per month)
• ~30,000 unique visitors (per month)
• ~2 million website hits (per month)
OWASP Chapters are blossoming worldwide
• 1500+ OWASP Members in active chapters worldwide
• 20,000+ participants
OWASP AppSec Conferences:
• Chicago, New York, London, Washington D.C, Brazil, China, Germany, more…
Distributed content portal
• 100+ authors for tools, projects, and chapters
OWASP and its materials are used, recommended and referenced by many government, standards and industry organizations.
40
Questions.
1. A question from cryptography. (300 points)
2. A question from malware analysis. (not that much hardcore as it sound) (150 points)
3. A forensic analysis ( The easiest question of the contest) (50 points)
45
Final Questions.
1. A server named GetRoot_v00t will be given. (500 points)
2. Another server named GetRoot_Drag0n will be given. (1000 points)
Both server is take down from live because it suspected to compromise by attacker and the attacker changed it root password. So your job is recover the root password of this server as well as create a report of what venerability this server has to the judge.
46
Rules
1. You must run the given Virtual machine only in NATed mode.
2. Take Screenshots in each success steps include them to a document.
3. Cheating is allowed if you can manage it silently.
47
We select the winner according the following criteria (We will do partial marking.)
1.How many points the participants has (scoring).
2.How complete the solutions are (quality).
3. Creativity, Geek Factor.
48
Netcat
Originally released in 1996, Netcat is a networking program designed to read and write data across both Transmission Control Protocol TCP and User Datagram Protocol (UDP) connections using the TCP/Internet Protocol (IP) protocol suite. Netcat is often referred to as a ”Swiss Army knife” utility, and for good reason.
Basic Operations
Simple Chat InterfacePort ScanningTransferring FilesBanner GrabbingRedirecting Ports and TrafficCreating backdoor
and what else u need ..........
1) Get info about remote host ports and OS detection
nmap -sS -P0 -sV -O <target>
Where < target > may be a single IP, a hostname or a subnet
-sS TCP SYN scanning (also known as half-open, or stealth scanning)
-P0 option allows you to switch off ICMP pings.
-sV option enables version detection
-O flag attempt to identify the remote operating system
Other option:
-A option enables both OS fingerprinting and version detection
-v use -v twice for more verbosity.
nmap -sS -P0 -A -v < target >
2) Get list of servers with a specific port open
nmap -sT -p 80 -oG – 192.168.1.* | grep open
Change the -p argument for the port number. See “man nmap” for different ways to specify address ranges.
3) Find all active IP addresses in a network
nmap -sP 192.168.0.*
There are several other options. This one is plain and simple.
Another option is:
nmap -sP 192.168.0.0/24
for specific subnets
4) Ping a range of IP addresses
nmap -sP 192.168.1.100-254
nmap accepts a wide variety of addressing notation, multiple targets/ranges, etc.
5) Find unused IPs on a given subnet
nmap -T4 -sP 192.168.2.0/24 && egrep “00:00:00:00:00:00″ /proc/net/arp
6) Scan for the Confickervirus on your LAN ect.
nmap -PN -T4 -p139,445 -n -v –script=smb-check-vulns –script-args safe=1 192.168.0.1-254
replace 192.168.0.1-256 with the IP’s you want to check.
7) Scan Network for Rogue APs.
nmap -A -p1-85,113,443,8080-8100 -T4 –min-hostgroup 50 –max-rtt-timeout 2000 –initial-rtt-timeout 300 –max-retries 3 –host-timeout 20m –max-scan-delay 1000 -oAwapscan 10.0.0.0/8
I’ve used this scan to successfully find many rogue APs on a very, very large network.
9) How Many Linux And Windows Devices Are On
Your Network?
sudo nmap -F -O 192.168.0.1-255 | grep“Running: ” > /tmp/os; echo “$(cat /tmp/os | grep Linux | wc -l) Linux device(s)”; echo “$(cat /tmp/os | grepWindows | wc -l) Window(s) devices”
OS fingerprinting1. XP with service pack 1
2. XP with service pack 2
3. Linux 64.0.33
4. MAC os
5. Open BSD
6. Etc etc
Web Application threat surface
67
XSS
CSRF
Click jacking
Parameter
tempering /sniffing
FORGED
TOKEN
Directory
Traversal
DIRECT
OBJECT
REFERENCE
SQL Injection
XML Injection
OWASP Top 10 Web Application Security Risks (2010 Edition)
http://www.owasp.org/index.php/Top_10
Learning tools
OWASP Web Goat.
Mutillidae
69