3. Main Goal
Learn why and how to test computer
networks against the most common but
really serious security attacks using
METASPLOITMETASPLOIT
4. What are we going to talk about
Penetration Testing
Why Bother?
Testing Network with - METASPLOITTesting Network with - METASPLOIT
Proof of Concept (Demonstration)
(Mitigation Strategies)
Conclusion
5. Penetration Testing
A penetration test is a method of evaluating the security
of a computer system or network by simulating an attack
from a malicious source, known as a Black Hat Hacker,
or Cracker. Wikipedia
Environmental
Attacks
Input Attacks
Logic and Data
Attacks
6. Why Bother?
Active pen-testing teaches you things that security planning
will not
Are your users and system administrators actually following
their own policies?
host that claims one thing in security plan but it totally different
in reality
Raises security awarenessRaises security awareness
Helps identify weakness that may be leveraged by insider
threat or accidental exposure.
Provides Senior Management a realistic view of their security
posture
Great tool to advocate for more funding to mitigate flaws
discovered
If I can break into it, so could someone else!
7. How dangerous are Cyber attacks
October 12, 2011 Sony has suffered a data breach involving
the usernames and passwords of about 93,000 customers.
Attackers were able to reuse to logon to people's
PlayStation Network , or Sony Online Entertainment , or
Sony Entertainment Network accounts.
6 June 2012 over six million passwords were stolen in a
hack of the professional networking site linkedin.com.
10 June 2012 Anonymous attacked and brought down the
website run by Computer Emergency Response Team India
(CERT-In), the country's premier agency dealing with cyber
security contingencies
8. How dangerous are Cyber attacks
July 12, 2012 A Yahoo security breach exposed 450,000
usernames and passwords from a site on the huge web
portal indicates that the company failed to take even basic
precautions to protect the data.
2012: Latest SQL Injection Campaign Infects 1 Million Web
Pages with the lilupophilupop.comPages with the lilupophilupop.com
During the period December 2011 to February 2012, a total
number of 112 government websites were hacked,” Minister
of State for Communications and IT Sachin Pilot told the Lok
Sabha.
September 10, 2012 — Network World —Anonymous has
claimed responsibility for knocking domain provider
GoDaddy offline. Source : http://openspace.org.in
19. What is Metasploit
According to the Metasploit Team;
“The Metasploit Framework is a platform for writing, testing, and using
exploit code. The primary users of the Framework are professionals
performing penetration testing, shellcode development, and
vulnerability research.
It is becoming the de facto standard for vulnerability assessment
and PenTest.
largest ruby project in existence
Find vulnerability ->choose exploit -> check if exploit applies -> configure
payload -> configure encoding to evade IDS and AV-> execute the
exploit
Includes an extensive shell code and opcode database with full
source code.
20. What is Metasploit
To understand the use of Metasploit we have to
understand the some basic terminologies.
Vulnerability
“The word vulnerability, refers to a weakness in a system
allowing an attacker to violate the confidentiality, integrity,allowing an attacker to violate the confidentiality, integrity,
availability, access control, consistency or audit
mechanisms of the system or the data and applications it
hosts”.
Exploits
An exploit is a security attack on a vulnerability
Can exploits give access to a secured system?
Ans: NO
21. What is Metasploit
Exploits have more potential
They are commonly used to install system malware or
gain system access or recruit client machines into an
existing ‘botnet’
This is accomplished with the help of a Payload
The payload is a sequence of code that is executedThe payload is a sequence of code that is executed
when the vulnerability is triggered
Payloads are very useful because they provide an
interactive shell that can be used to completely control
the system remotely
To make things clear, an Exploit is really broken up into
two parts,
EXPLOIT = Vulnerability + Payload
22. Hot Spots
In a network, filtering and complex rules are
generally applied on the basis of these basic
factors
TCP or UDP
Source IP addressSource IP address
Source Port Number
Destination IP address
Destination Port Number
Now we have and Metasploit at our disposal and
now we also have the HOT SPOTS to target the
NETWORK.
I
23. SAMPLE PENETRATION TEST
*Note: Demonstration of the Penetration Test is only for the
Research Purposes
DON'T BE IRRESPONSIBLE...SERIOUSLYDON'T BE IRRESPONSIBLE...SERIOUSLY
USE OF THESE TOOLS ON MACHINES NOT LEGALLY
OWNED BY YOU COULD END UP PUTTING A NASTY
MARK ON YOUR CRIMINAL RECORD
This is not a live demo or real scenario of a Network Pentest.
Network is emulated which is really close to the “Real One”
24. The Attack
To conduct a Software Exploitation Attack using
Metasploit Framework against a Victim machine in
order to gain system access
To make things interesting, the Victim’s machine will
also have AV in order to see how it reacts to thealso have AV in order to see how it reacts to the
attack.
We use MS08-067 exploit – Critical - CVE-2008-4250
MS08-067 is Vulnerability in Server Service Could
Allow Remote Code Execution (958644)
On Microsoft Windows 2000, Windows XP, and
Windows Server 2003 systems, an attacker could
exploit this vulnerability without authentication to run
arbitrary code
25. Outline of Network
TopologyTo emulate the real time network we created network
of three virtual machines on WIN 7 Host Machine.
VICTIM -WinXP Machine with SP2 and SP3 Flavor
Ip.addr = 192.168.242.132Ip.addr = 192.168.242.132
VICTIM -WinXP Machine with SP3 and AV
Ip.addr = 192.168.242.133
Attacker –Back|Track 5 r3 with Metasploit
Ip.addr = 192.168.242.134
26. Tools: Used in the PenTest
Automatic tools are required to detect and exploit the
vulnerabilities quickly to save crucial amount of time.
You can use the following Tools:
Nmap 6.01
Hyperion for Exploit /Payload EncryptionHyperion for Exploit /Payload Encryption
Havij can be used to detect SQL injection on the
website hosted target using network
SQL Inject Me (FireFox AddOn)
Acunetix Web Vulnerability Scanner
28. Evaluate Impact on the Network
and Reporting
It reveals the information about all the existing
vulnerabilities in the network.
How deep a hacker can go inside the Network.
How much data can be lost or altered.
Report them accurately
30. Recommended Countermeasures(Contd.)
Best Practices
Use principle of least-privilege
Use names should be harder to guess
Use aliases to provide more layers of separation between the data
and the intruderand the intruder
Keep up-to-date on patches
Escaping all User Supplied Input
Use third-party code and applications evaluation services for greater
scrutiny