Penetration Testing
By Blaze Sterling
Roadmap
• What is Penetration Testing
• How is it done?
• Penetration Testing Tools
• Kali Linux
• In depth included tools
• Conclusion
What is Penetration Testing?
• An attack on a computer system with the intention of finding
security weaknesses
• Used to determine the feasibility of a set of attacks
• Used to identity security vulnerabilities
• Testing the ability of network defenders to respond to attacks
• Can be used to help security
• Used by security professionals to harden systems
Steps to Penetration Testing
• Start with list of potential vulnerabilities
• Possible open ports, old software, or week passwords
• Rank the list in order of criticality.
• Most damaging possible attack to least
• Device a test for each possible vulnerability.
• Port scans, password crackers, find software versions.
• Run tests on possible vulnerabilities.
• Fix issues that were found.
Penetration Testing Tools
• Kali Linux
• Nmap, Fragrouter, Fern Wifi Cracker, HydraGTK
• Websites
• Port scanners, web vulnerability checkers, DNS checkers
• Metasploit
• Exploit tester, GUI interface, test web apps and networks
• Wireshark
• Monitor network traffic, packets
• W3af
• Web attack and audit framework
What is Kali Linux?
• Advanced penetration testing
and security auditing linux
distribution
• 300+ build in penetration testing
tools
• Free / Open source
• FHS (File Hierarchy Standard)
compliant
• Secure development environment
• Spin off of Backtrack
Using Kali Linux
• Install to hard disk
• 10 GB disk space
• USB / CD-DVD
• Live USB Install
• 2GB capacity
• Win32 Disk Imager
• Android 2.1 + devices
• 5 GB free space
• Network install
• Virtual Machine
• Run in side another OS
Included Kali Tools
• Information Gathering
• Dnsdict6
• Nmap
• Urlcrazy
• IDS/IPS (Intrusion
Detection/Protection System)
• Fragrouter
• Network Scanners
• Dnmap
• Netdiscover
• Traffic Analysis
• intrace
Included tools continued
• Vulnerability Analysis
• Cisco tools
• Yersinia
• Web Vulnerability Scanner
• ProxyStrike
• Cadaver
• Wireless Attacks
• Bluelog
• Spooftooph
• Wireless Tools
• Aircrack
Information Gathering Tools DNSDICT6
• Finds all sub-domains of a
website or web server
• Enumerates all IPv4 and IPv6
addresses to extract dumps
• Sub-domains
• IP information
• Powerful for extracting sub
domains that are restricted
• Tutorials Online
• Google
• Youtube
Information Gathering Tools NMap
• Security Scanner
• Gordon Lyon
• Discovers hosts and services on a
computer network and creates a
map of the network
• Special Packets
• Analyzes reponses
• Host discovery
• Service discovery
• Operating system detections
IDP / IPS Fragrouter
• Intercepts, Modifies, and
rewrites traffic destined for a
specified host
• Routes network traffic in a
way that eludes IDS
• Uses
•
•
•
•
Test IDS timeout and reassembly
Test TCP/IP scrubbing
Test firewalls
Evade Passive OS fingerprinting
Network Scanners DNMap
• Framework for distributing nmap
scans among many clients
• Client/Server architecture
• Server knows what to do
• Clients do it
• Clients work when server is
offline
• Real time statistics of the clients
and their targets
• Scans very large networks quickly
Traffic Analysis Intrace
• Works along the same lines as
Fragrouter
• Enumerates IP hops exploiting
TCP connections to display the
path of packets over the
network
• Network reconnaissance
• Who is connected to who
• Firewall bypassing
Vulnerability Analysis Cisco Auditing Tool
• Perl script that scans cisco
routers for common
vulnerabilities
• Default passwords, usernames
• Easy to guess names and
passwords
• IOS bug history
• Hijack a router
• Test router security
• Password
• username
Web Vulnerability Scanner ProxyStrike
• Active web application proxy
designed to find vulnerabilities
while browsing a web
application
• Mainly javascript
• Sql injection and XSS plugins
• Listens to port 8008 and
analyzes all the parameters of
applications running in the
port for vulnerabilities
Conclusion
• Security focused Linux
Distribution
• 300+ security tools
• Spin off of popular backtrack
• Multiple ways to run
• Hard drive
• USB / Live CD
• Virtual Machine
• Detailed Look at some tools
• To many to cover them all
References
• http://www.hackingloops.com/2013/03/dnsdict6-hack-tool-tutorialknow-your-backtrack.html
• http://www.kali.org/official-documentation/
• http://zer0byte.com/2013/03/19/kali-linux-complete-tools-listinstallation-screen-shots/
• http://en.wikipedia.org/wiki/Nmap
• http://www.monkey.org/~dugsong/fragroute/
• http://santoshdudhade.blogspot.com/2012/10/cisco-auditing-tool-v1perl-script.html
• http://en.wikipedia.org/wiki/Penetration_test
• http://www.softwaretestinghelp.com/penetration-testing-tools/