Public exploit held private – penetration testing the researcher’s way tamaghna basu

•

2 recomendaciones•740 vistas

owaspindia

Public Exploit Held Private – Penetration Testing The Researcher’s Way - Tamaghna Basu - OWASP India Conference 2012

Tecnología

OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in

Public exploit held private :
Penetration Testing the
researcher’s way
Tamaghna Basu
GCIH, OSCP, RHCE, CEH, ECSA
tamaghna.basu@gmail.com

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

Setting the context

Why Pentesting?
How do you do it?
 To VA or to PT… That’s the question.

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 2

Setting the context

 Terminologies
 Exploit
 Payload
 Reverse shell

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 3

Basics

Pentesting
 Internal
 External
 Automated -> review the report -> get the
final report
 Manual -> run few basic tools -> get the
report done

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 4

Basics…

Pentesting Steps
 Recon and Scanning
 Exploit
 Maintain Access
 Clean up

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 5

Scanning
Why?
 Identify the live hosts
 OS fingerprinting
 Service fingerprinting

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 6

Scanning
Desi Jugaad
 Ping sweep / shell scripts
 Almighty netcat
 Decent tools (But indecent usage)
 NMAP (behold the power of NSE)
 Others?

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 7

Scanning
Problem!
 It is taking too long to scan, need to go for
lunch…
 Is it really a windows box but looks like a
Linux box? Or which version?

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 8

Scanning
I have Nessus. Why to go through so much
pain?
I don’t have Nessus. What to do?

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 9

Exploit
 Motive
 To gain access
 Data
 Command execution
 Destroy everything!
 Categories
 Service level
 OS
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 10

Exploit

What to exploit?
 HTTP?
 FTP?
 SNMP?
 What else?

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 11

Exploit

 HTTP
 Server Exploit
 Command Execution
 Web Shells
 SQLi

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 12

Exploit

 FTP
 Server Exploit – Buffer Overflow
 Fuzzing???
SNMP
 What to do?

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 13

Exploit

 Metasploit
 Updates?
 How to import an external exploit?
 Any other options?
How about writing own exploit (at free time)
(out of scope)

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 14

Exploit

I am in, what to do?
 Secure access?
 Add user
 Open a port
 I like it the reverse way
 meterpreter
 Dude, did you get root/admin acces?

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 15

Privilege Escalation

 Categories
 Service level
 OS
Problem!
 How can I transfer my exploit there?
 Netcat
 FTP

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 16

L33t love story

 Exploit’s love letter to the machine
 PAYLOAD…
Which courier?
 MSF – set payload
 Custom program – msfpayload
 Bad characters
 Executable - msfpayload

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 17

Pivoting…

 Huh?
Why do I need it?
How do I do it?

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 18

Fuzzing…

 My favorite but last thing I prefer to do on
my own
 Python rocks!
 Basic
 Advanced

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 19

Did I miss anything?

 Questions
 Perspectives
 Comments

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 20

Thank you

tamaghna.basu@gmail.com
twitter.com/titanlambda
linkedin.com/in/tamaghnabasu

21

OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

Más contenido relacionado

Destacado

Problemas de lógica I

amendez1987

Spiritualism Materialism And Namasmaran Dr. Shriniwas J. Kashalikar

shivsr5

Hay que ponerle un poco de humor a la vida

liandola

WUD 2009 - Użyteczna magia Google Analytics

World Usability Day Tour 2009

Total Stress Management Guide For Nurses Dr Shriniwas Kashalikar

shivsr5

Fanzine no.6 taller 7 enpeg 2015 ana bell chino edición

manual comic

Ita a2 ms 07 10-15

SpaanIt

Inventos curiosos

liandola

Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...

Garage4hackers.com

Prevenir y manejar el Bullying

Jhon Becerra

Identity & Access Management by K. K. Mookhey

Network Intelligence India

Slides from Defcon IoT Village Workshop Ever wondered how people get shells via hooking up to chips or pins on a board? Or how to dump the firmware off a device you own at home? How chips that send those bits, bytes, and nibbles flying across traces on a board can be analyzed for profit? The Pwning IoT Devices via Hardware Attacks workshop is focused on a hands-on learning experience, of how people use hardware attacks to get initial access IoT Devices for security research. This workshop is designed for people new to hardware hacking, looking to have fun exploiting the Internet of (broken) Things. So come on out if you're looking to join the embedded system & IoT exploitation party!

Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23

Chase Schultz

Eca 12 logica

Ness Rendon

Chiste garganta

liandola

Destacado (14)

Problemas de lógica I

Spiritualism Materialism And Namasmaran Dr. Shriniwas J. Kashalikar

Hay que ponerle un poco de humor a la vida

WUD 2009 - Użyteczna magia Google Analytics

Total Stress Management Guide For Nurses Dr Shriniwas Kashalikar

Fanzine no.6 taller 7 enpeg 2015 ana bell chino edición

Ita a2 ms 07 10-15

Inventos curiosos

Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...

Prevenir y manejar el Bullying

Identity & Access Management by K. K. Mookhey

Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23

Eca 12 logica

Chiste garganta

Similar a Public exploit held private – penetration testing the researcher’s way tamaghna basu

Real time evaluation of national network exposure to emerging threats - fyodo...

owaspindia

The magic of passive web vulnerability analysis lava kumar

owaspindia

Getting the end point security right! - k. k. mookhey

owaspindia

Vinod penta_SeniorJavaDeveloper

Vinod Kumar

Breaking up a monolith or switching from client desktop to using the web in scale, require us to think of many factors, like the engineering team and the knowledge that the team already possess, technologies that exist, how to build the infrastructure right and much more. How can we use Kubernetes with Virtual Kubelet to cut costs and use the right service for the workload, whether it is a burst workload or a steady one

From desktop to the cloud, cutting costs with Virtual kubelet and ACI

Adi Polak

Kanika_Kapoor-CV

Kanika Kapoor

Resume_Manvendra_1

Manvendra Singh Lodhi

Devops for bank in indonesia

Christian Hermanus

DevOps Shangri-La: Mystical Claims of Paradise

XebiaLabs

to share the same infrastructure for all our customers. We therefore built a highly sophisticated model of physical and logical farms, partitioning the traffic and optimizing resources. We operate 700+ JEE nodes, split in 30+ logical clusters, deployed on less than 10 physical server pools. Today, this infrastructure is delivering a billion dynamic pages per month, for more than 5 million bookings, with a 10 times factor growth expected in the coming years. Even though thousands of parameters are available to tailor our products to any one particular needs, the recent evolution of the IT Industry towards PAAS ecosystems modified customer expectations: they are now looking for the capability to extend our applications, interact with their own IT, influence our business logic or even graphical interface. To support this vision, we started developing an extensibility framework, based on scripting technologies. Though being language agnostic, we quickly decided to invest on the Groovy language and rely on JSR 223 to embed it into our applications. However, transforming a multi-tenant & community SAAS ecosystem into a flexible PAAS environment implies to take up multiple challenges, especially around sandboxing ? access & resource control ? or productivity and production constraints, such as hot-reloading or instantaneous fallback mechanism. This presentation will therefore focus on how Groovy and its extensibility mechanisms allow us to progress on these topics, what are the limitations faced due to its dynamicity nature, and how we?re thrilled by the new features coming in next releases.

Spring one 2012 Groovy as a weapon of maas PaaSification

Nenad Bogojevic

Hari Krishna Nelluri_CV

hari nelluri

Resume

Anuj Soni

SeConf_Nov2016_London

Pooja Shah

Srumith - CV

Srumith Uplanchi

We can be brilliant developers, but we won’t succeed—and won’t lead our organizations to succeed—without a new perspective (if you will) and new assumptions about the components of the “technology ecosystem” that are fundamentally critical to our success. This includes the operators, QA team, DBAs, security folks, and even the pure business contingent—in most cases, each of these individuals and groups plays a critical role in the success of what we create and give birth to as developers. What we do in isolation might be genius, but if we insulate ourselves—especially with arrogance—from these colleagues, neither our code nor our organizations will realize their full potential, and most will fail. The bottom line is that our old ways are no longer viable, and as the elite within our industry, we will be the leaders and heroes who discard old assumptions and adopt a new perspective in this exciting journey to digital transformation—where the impossible can become reality.

Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...

Burr Sutter

Sayali Deshmukh_CV

sayali deshmukh

Introduction to web-application development with Vaadin

Risto Yrjänä

The largest organizations in the world rely on SAP platforms to run their critical processes and keep their business crown jewels: financial information, customers data, intellectual property, credit cards, human resources salaries, sensitive materials, suppliers and more. Everything is there – and attackers know it. This presentation will highlight three attack vectors targeting SAP. - SAP Portal Header Authentication - Verb Tampering - Abuse of JAVA Core Services You will learn techniques to mitigate these threats.

Exploiting Critical Attack Vectors to Gain Control of SAP Systems

Onapsis Inc.

206590 mobilizing your primavera workforce

p6academy

Can you do DevOps in SAP (DevOps -> SAP)

Chris Kernaghan

Similar a Public exploit held private – penetration testing the researcher’s way tamaghna basu (20)

Real time evaluation of national network exposure to emerging threats - fyodo...

The magic of passive web vulnerability analysis lava kumar

Getting the end point security right! - k. k. mookhey

Vinod penta_SeniorJavaDeveloper

From desktop to the cloud, cutting costs with Virtual kubelet and ACI

Kanika_Kapoor-CV

Resume_Manvendra_1

Devops for bank in indonesia

DevOps Shangri-La: Mystical Claims of Paradise

Spring one 2012 Groovy as a weapon of maas PaaSification

Hari Krishna Nelluri_CV

Resume

SeConf_Nov2016_London

Srumith - CV

Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...

Sayali Deshmukh_CV

Introduction to web-application development with Vaadin

Exploiting Critical Attack Vectors to Gain Control of SAP Systems

206590 mobilizing your primavera workforce

Can you do DevOps in SAP (DevOps -> SAP)

Último

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Architecting Cloud Native Applications

WSO2

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

DBX First Quarter 2024 Investor Presentation

Dropbox

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Exploring Multimodal Embeddings with Milvus

Zilliz

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Public exploit held private – penetration testing the researcher’s way tamaghna basu

1. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Public exploit held private : Penetration Testing the researcher’s way Tamaghna Basu GCIH, OSCP, RHCE, CEH, ECSA tamaghna.basu@gmail.com OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

2. Setting the context Why Pentesting? How do you do it?  To VA or to PT… That’s the question. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 2

3. Setting the context  Terminologies  Exploit  Payload  Reverse shell OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 3

4. Basics Pentesting  Internal  External  Automated -> review the report -> get the final report  Manual -> run few basic tools -> get the report done OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 4

5. Basics… Pentesting Steps  Recon and Scanning  Exploit  Maintain Access  Clean up OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 5

6. Scanning Why?  Identify the live hosts  OS fingerprinting  Service fingerprinting OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 6

7. Scanning Desi Jugaad  Ping sweep / shell scripts  Almighty netcat  Decent tools (But indecent usage)  NMAP (behold the power of NSE)  Others? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 7

8. Scanning Problem!  It is taking too long to scan, need to go for lunch…  Is it really a windows box but looks like a Linux box? Or which version? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 8

9. Scanning I have Nessus. Why to go through so much pain? I don’t have Nessus. What to do? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 9

10. Exploit  Motive  To gain access  Data  Command execution  Destroy everything!  Categories  Service level  OS OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 10

11. Exploit What to exploit?  HTTP?  FTP?  SNMP?  What else? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 11

12. Exploit  HTTP  Server Exploit  Command Execution  Web Shells  SQLi OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 12

13. Exploit  FTP  Server Exploit – Buffer Overflow  Fuzzing??? SNMP  What to do? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 13

14. Exploit  Metasploit  Updates?  How to import an external exploit?  Any other options? How about writing own exploit (at free time) (out of scope) OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 14

15. Exploit I am in, what to do?  Secure access?  Add user  Open a port  I like it the reverse way  meterpreter  Dude, did you get root/admin acces? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 15

16. Privilege Escalation  Categories  Service level  OS Problem!  How can I transfer my exploit there?  Netcat  FTP OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 16

17. L33t love story  Exploit’s love letter to the machine  PAYLOAD… Which courier?  MSF – set payload  Custom program – msfpayload  Bad characters  Executable - msfpayload OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 17

18. Pivoting…  Huh? Why do I need it? How do I do it? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 18

19. Fuzzing…  My favorite but last thing I prefer to do on my own  Python rocks!  Basic  Advanced OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 19

20. Did I miss anything?  Questions  Perspectives  Comments OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 20

21. Thank you tamaghna.basu@gmail.com twitter.com/titanlambda linkedin.com/in/tamaghnabasu 21 OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

Public exploit held private – penetration testing the researcher’s way tamaghna basu

Recomendados

Recomendados

Más contenido relacionado

Destacado

Destacado (14)

Similar a Public exploit held private – penetration testing the researcher’s way tamaghna basu

Similar a Public exploit held private – penetration testing the researcher’s way tamaghna basu (20)

Último

Último (20)

Public exploit held private – penetration testing the researcher’s way tamaghna basu