Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Public exploit held private – penetration testing the researcher’s way tamaghna basu
1. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
Public exploit held private :
Penetration Testing the
researcher’s way
Tamaghna Basu
GCIH, OSCP, RHCE, CEH, ECSA
tamaghna.basu@gmail.com
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
2. Setting the context
Why Pentesting?
How do you do it?
To VA or to PT… That’s the question.
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 2
3. Setting the context
Terminologies
Exploit
Payload
Reverse shell
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 3
4. Basics
Pentesting
Internal
External
Automated -> review the report -> get the
final report
Manual -> run few basic tools -> get the
report done
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 4
5. Basics…
Pentesting Steps
Recon and Scanning
Exploit
Maintain Access
Clean up
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 5
6. Scanning
Why?
Identify the live hosts
OS fingerprinting
Service fingerprinting
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 6
7. Scanning
Desi Jugaad
Ping sweep / shell scripts
Almighty netcat
Decent tools (But indecent usage)
NMAP (behold the power of NSE)
Others?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 7
8. Scanning
Problem!
It is taking too long to scan, need to go for
lunch…
Is it really a windows box but looks like a
Linux box? Or which version?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 8
9. Scanning
I have Nessus. Why to go through so much
pain?
I don’t have Nessus. What to do?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 9
10. Exploit
Motive
To gain access
Data
Command execution
Destroy everything!
Categories
Service level
OS
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 10
11. Exploit
What to exploit?
HTTP?
FTP?
SNMP?
What else?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 11
12. Exploit
HTTP
Server Exploit
Command Execution
Web Shells
SQLi
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 12
13. Exploit
FTP
Server Exploit – Buffer Overflow
Fuzzing???
SNMP
What to do?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 13
14. Exploit
Metasploit
Updates?
How to import an external exploit?
Any other options?
How about writing own exploit (at free time)
(out of scope)
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 14
15. Exploit
I am in, what to do?
Secure access?
Add user
Open a port
I like it the reverse way
meterpreter
Dude, did you get root/admin acces?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 15
16. Privilege Escalation
Categories
Service level
OS
Problem!
How can I transfer my exploit there?
Netcat
FTP
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 16
17. L33t love story
Exploit’s love letter to the machine
PAYLOAD…
Which courier?
MSF – set payload
Custom program – msfpayload
Bad characters
Executable - msfpayload
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 17
18. Pivoting…
Huh?
Why do I need it?
How do I do it?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 18
19. Fuzzing…
My favorite but last thing I prefer to do on
my own
Python rocks!
Basic
Advanced
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 19
20. Did I miss anything?
Questions
Perspectives
Comments
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 20
21. Thank you
tamaghna.basu@gmail.com
twitter.com/titanlambda
linkedin.com/in/tamaghnabasu
21
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)