Penetration Testing Training Day Capture the Flag Training.
15
Penetration Testing Training Day Capture the Flag Training
-
Upload
lenard-price -
Category
Documents
-
view
218 -
download
0
Transcript of Penetration Testing Training Day Capture the Flag Training.
Penetration Testing Training Day
Capture the Flag Training
Presentation to insert name here 2
Boot Up!
•Insert your discs!•Press <enter> when Boot prompt appears•Start X with startx•Set static IP address•Team 1 192.168.1.1x•Team 2 192.168.1.2x•Netmask 255.255.0.0•No gateway•Use preferences->network•Ping the scorebot 192.168.0.10
Presentation to insert name here 3
Discovery
•What machines can you see?•nmap 192.168.0.0/24•nmap –oA results 192.168.0.0/24•nmap –sV –oA results2 192.168.0.0/24
Presentation to insert name here 4
Service Analysis - FTP
•ftp service is enabled•ftp 192.168.0.x
•Each team go to your server!•What’s there? Why is this bad?•Commands:
•dir, ls…•Special commands!
•ls –a•Log vulnerabilities on sheets
Presentation to insert name here 5
Service Analysis - SMB
•Samba is enabled!•smbclient –L 192.168.0.x
•Your team box again!•Which shares are available?•Log list of shares•Browse to shares•What did you do for FTP?•What other information is there?
Presentation to insert name here 6
Service Analysis - RPC
•Remote Procedure Calls•rpcclient 192.168.0.x•getusername•lsaenumsid•lookupsids xxx•enumdomusers•Log users!
Presentation to insert name here 7
Service Analysis - SSH
•Secure Shell•Users???•ssh –l username 192.168.0.x
Presentation to insert name here 8
Service Analysis - MySQL
•Database server, port 3306•mysql –h•mysql –u root –h 192.168.0.x•Log vulnerabilities•show databases;•Show your SQL skills!•What do databases normally store?
Presentation to insert name here 9
Service Analysis - netcat
•Netcat – swiss army knife of hackers•Simple: Sends and receives data to and from TCP ports•nc 192.168.0.x 25•SMTP•Netcat can be used to keep access
Presentation to insert name here 10
Service Analysis - SNMP
•Simple Network Management Protocol•snmpcheck.pl –t 192.168.0.x
Presentation to insert name here 11
Application Testing
•Start Browser and Burp•Configure Firefox proxy as localhost:8080•Browse to http://192.168.0.x•Intercept is on! Play!•Spider site – add to scope
Presentation to insert name here 12
Application Testing
•Find additional content•Administration pages•http://192.168.0.x/admin•Create an account•Password vulnerabilities
Presentation to insert name here 13
Application Testing
•SQL Injection•Find a product•Look at the parameter list•Try injection on parameter•1’ or a#
Presentation to insert name here 14
Application Testing
•XSS•Search field•Try typing things in – the view the response in burp•How can you get script in here?•Better – how can you get script in without it creating an error?
Presentation to insert name here 15
Application Testing
•Password and account guessing•Check security files•Mooch around•Download img.jpg
