Introduction to Penetration Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015
What is Penetration Testing? • Attacking a system to find security vulnerabilities in order to fix them before a malicious party attacks the system • Legal if you get permission, but be careful to not break the law! • Tons of online penetration testing sandboxes, vulnerable distributions, and vulnerable sites available online: ‣ Hack This Site! ‣ Hack.me ‣ Metasploitable ‣ OverTheWire.org ‣ Captf.com Page
I don’t want to do IT… why is this important? • In order to be able to develop new security software or do new security research, you need to understand how systems are vulnerable to attacks • Attackers are using these attacks on your computer, your university’s servers, your bank’s servers, your cloud storage servers, your email service’s servers… everything. • Hacking is fun! Page
Kali Linux • Debian-derived Linux distribution designed for digital forensics and penetration testing • Pre-installed with >600 penetration-testing programs ‣ Nmap ‣ Wireshark ‣ Burp ‣ Jack the Ripper ‣ Metasploit Page
Metasploit • Framework designed for developing, exploiting, and assisting in attacks (over 900 exploits available) • Built with research in mind • Written in Ruby Page
SQL Injection • A type of web app security vulnerability in which an attacker is able ot submit a database SQL command that is executed by a web application, exposing the back-end database. • Tools to use: SQLMap, SQLNinja • Tutorial Page
Cross-Site Scripting (XSS) • Enables attackers to inject client-side script into web pages • Used to bypass access controls • Account for roughly 84% of all vulnerabilities • Tool: BeEF Exploitation Framework • Cheat Sheet: https://www.owasp.org/index.php/XSS_Filter_Evasion_C heat_Sheet • https://xss-game.appspot.com/ Page
Password Cracking • Configurations comprised of 3 parts: ‣ Wordlists: contain password lists in plaintext • Can be downloaded off the internet ‣ Rules: modifications to the wordlist ‣ Hash Algorithm: used to generate the password hash • Examples: MD5, SHA1 • Tools: Jack the Ripper, OCLHashCat Page
Lab • We will utilize the tools learned in this hands-on lecture to learn some hacking! We will play some Capture The Flag. • Hack.lu Page
Recommend
More recommend