Download - Gunadarma workshop security
Ethical Hacking With Kali LinuxWorkshop
I'm so Happy to Learn Hacking
Who Am I ?Rungga Reksya Sabilillah
rungga_reksya
3
Teacher of TIK SDIT (2007)Assistant IT Lab (2008-2009)IT SupportIT Auditor at Conventional BankIT Auditor at Islamic BankSecurity and Infrastructure Auditor at MediaIT Consultant
Certified Risk Management 1st / BSMR (2010)Certified Ethical Hacking / CEH (2013)Lead Auditor ISO 27001 (2013)Lead Auditor ISO 20000 (2014)Security Analyst / ECSA (2015)Security Certified Professional / OSCP (2015)Certified Network Defender / CND (2016)Lead Auditor ISO 22301 (2017)
S1 – Teknik Informatika (2005 – 2009)S2 – Manajemen Sistem Informasi (2011-2013)
Wushu Athletes at The PORDA II Banten (2006)Leader of Wushu Gunadarma (2007-2008)
Favorite Operating Systems of Hackers(2017 Lists)
4
Kali Linux
https://techlog360.com/top-15-favourite-operating-systems-of-hackers/
It was developed by Mati Aharoni and
Devon Kearns of Offensive Security
through the rewrite of BackTrack, their
previous forensics Linux distribution
based on Ubuntu.
Backbox Linux Parrot Security OSBackBox is an Ubuntu-based Linux
distribution penetration test and security
assessment oriented providing a network
and informatic systems analysis toolkit.
BackBox desktop environment includes
a complete set of tools required for
ethical hacking and security testing.
Parrot Security OS (or ParrotSec) is a
GNU/LINUX distribution based on
Debian. It has been developed by
Frozenbox’s Team.
rungga_reksya
Favorite Operating Systems of Hackers(2017 Lists)
5
Live Hacking OSLive Hacking OS is a Linux distribution
packed with tools and utilities for ethical
hacking, penetration testing and
countermeasure verification. It includes
the graphical user interface GNOME
inbuilt.
Bugtraq Dracos LinuxBugtraq is an electronic mailing list
dedicated to issues about computer
security. Bugtraq team is experienced
freaks and developers, It is available in
Debian, Ubuntu and OpenSuSe in 32 and
64 bit architectures.
Dracos Linux is an open source
operating system provides to penetration
testing. Packed with a ton of pentest
tools including information gathering,
forensics, malware analysis, maintaining
access, and reverse engineering.
rungga_reksya
Introduction6
rungga_reksya
Incident Classification Patterns(2015 Data Breach Investigations Report)
7
Percentage (blue bar), and count of breaches per pattern. The gray line represents the percentage of breaches from the 2015 DBIR. (n=2,260)
40% Web App Attacks
23% POS Intrusions
831Hacking - Use of stolen credential
817Social - Phishing
817Hacking - Use of backdoor or C2
812Malware – Spyware / Key logger
Top 10 Threat action varieties within Web App Attack breaches, (n=879)
rungga_reksya
PERSON
Birth and Rebirth of a Data Breach. Having an understanding of how patterns complement each other can help direct your efforts as to what to prioritize your limited resources against.
8
Email Attachment
Alter Behavior à User Desktop à Malware InstallationPhishing Email Link
rungga_reksya
Birth and Rebirth of a Data Breach. 9
Payment
POS Terminal
rungga_reksya
Steal Credential
Use of Stolen Credential
Direct Install Malware à
Backdoor, Export Data
Having an understanding of how patterns complement each other can help direct your efforts as to what to prioritize your limited resources against.
10
Three Critical Components for an Information Security
Integrity I A
C
Availability
Confidentiality
rungga_reksya
Information Security Look Like Football 11
Formation = Framework- ISO/IEC 27001- NIST SP 800
(Computer Security)- PCI DSS- HIPAA- ISMF
GK-DEFENDER
MIDFIELDER
STRIKER
COACHSysadmin, Network, Firewall,
SIEM, etc.
InfoSec Officer, Risk Management Internal,
Compliance, etc.
InfoSec Consultant, Pentester, etc.
Top Management, CISO
rungga_reksya
Supporter Soccer
Stakeholder
CRITICAL COMPONENTS of ITSM12
PEOPLE
Four ITSM Components That Need to be Integrated with ISMS
Technical Vulnerability Management
(Annex 12.6), etc.
Supplier Relationships(Annex 15), etc.
Information Security Policies (Annex 5);
Segregation of Duties(Annex 6.1.2), etc.
Information Security Awareness
(Annex 7.2.2), etc.
PRODUCT SUPPLIER PROCESS
rungga_reksya
Intelligence Gathering
Threat Modeling and Vulnerability Analysis
Exploitation
Reporting
SUCCESSFUL RESULT
13
Penetration Testing Methodologies and Standards
http://resources.infosecinstitute.com/penetration-testing-methodologies-and-standards/
Pre-engagement Interactions
rungga_reksya
Penetration Testing Methodologies and Standards14
PENETRATIONTESTINGBLACKBOX WHITE BOX
GRAYBOX
rungga_reksya
FrameworkPenetration Testing
15
Web Application Security Consortium
Threat Classification
Open Source Security Testing
Methodology Manual
WASCOpen Web Application Security
Project Testing Guide
OSSTMM OWASP
rungga_reksya
The Open Web Application Security Project16
rungga_reksya
OWASP Top 10 – 2010 (old) OWASP Top 10 – 2013 (New)2010-A1 – Injection 2013-A1 – Injection
2010-A2 – Cross Site Scripting (XSS) 2013-A2 – Broken Authentication and Session Management
2010-A3 – Broken Authentication and Session Management 2013-A3 – Cross Site Scripting (XSS)
2010-A4 – Insecure Direct Object References 2013-A4 – Insecure Direct Object References
2010-A5 – Cross Site Request Forgery (CSRF) 2013-A5 – Security Misconfiguration
2010-A6 – Security Misconfiguration 2013-A6 – Sensitive Data Exposure
2010-A7 – Insecure Cryptographic Storage 2013-A7 – Missing Function Level Access Control
2010-A8 – Failure to Restrict URL Access 2013-A8 – Cross-Site Request Forgery (CSRF)
2010-A9 – Insufficient Transport Layer Protection 2013-A9 – Using Known Vulnerable Components (NEW)
2010-A10 – Unvalidated Redirects and Forwards (NEW) 2013-A10 – Unvalidated Redirects and Forwards
3 Primary Changes: § Merged: 2010-A7 and 2010-A9 -> 2013-A6
§ Added New 2013-A9: Using Known Vulnerable Components § 2010-A8 broadened to 2013-A7
Exploit Database36845 Exploit Archieved, 82454 CVE ID, 3000 Modules on Metasploit, etc.
https://www.exploit-db.com https://packetstormsecurity.com https://cve.mitre.org https://www.rapid7.com/db/modules
Exploit DB Packet Storm Common Vulnerabilities & Exposures
Rapid 7
rungga_reksya
17
41 2 3
Bug Bounty Programs18
https://bugcrowd.com
Bug Crowd
http://bugsheet.com
Bug Sheet
https://hackerone.com
Hacker One
https://firebounty.com
Fire Bounty
https://bountyfactory.io
Bounty Factory
https://www.openbugbounty.org
Open Bug Bounty
rungga_reksya
rungga_reksya
Information Gathering The Object of Penetration Testing
19
Information Gathering
Target Discovery
EnumeratingTarget
VulnerabilityMapping
rungga_reksya
Information Gathering The Object of Penetration Testing
20
Information Gathering
Target Discovery
EnumeratingTarget
VulnerabilityMapping
21
Concept of Takeover System
PWNSVR
SQL InjectionMake Form
Upload
Phishing
XSS
Login toMYSQL
SHELL
Login toAPP
UploadFile
rungga_reksya
22
PORTSTATES
1Open: This indicates that an application is listening for connections on this port.
3Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by somekind of filtering. 5
Open/Filtered:This indicates that the port was filtered or open but Nmap couldn't establish the state.
2Closed: This indicates that the probes were received but there is no application listening on this port.
4Unfiltered: This indicates that the probes were received but a state could not be established.
6Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn't establish the state. rungga_reksya
NMAP Features
NMAP Features23
ü Host Discovery
ü Service/Version Detection
ü Operating System Detection
ü Network Tracerouter
ü Nmap Script Engine
Fingerprinting services of a remote host T
P
Target (192.168.1.0/24)
IP Pentester(10.0.0.10)
rungga_reksya
How it Works24
Service detection is one of the most loved features of Nmap, as it's very useful in many situations such as identifying security vulnerabilities or making sure a service is running on a given port. # nmap -sV –-version-intensity 9
Service Detection
Aggressive Detection
Finding Live Hosts
NSE Scripts
Nmap has a special ag to activate aggressive detection, namely -A. Aggressive mode enables OS detection (-O), version detection (-sV), script scanning (-sC), and traceroute (--traceroute). # nmap -A <target> # nmap -sC -sV -O <target>
Finding live hosts in a network is often used by penetration testers to enumerate active targets, and by system administrators to count or monitor the number of active hosts. # nmap -sP 192.168.1.1/24
Ping scanning does not perform port scanning or service detection, but the Nmap Scripting Engine can be enabled for scripts depending on host rules, such as the cases of sniffer-detect and dns-brute. # nmap -sP --script discovery 192.168.1.1/24
rungga_reksya
Port States Service25
Common
1433mssql
23telnet
21ftp
3306mysql
3389remote
22ssh
80http 53
domain
25smtp
445smb
8080tomcat
5432postgresql
8009ajp13
rungga_reksya
HASH IDENTIFICATION
PASSWORD HASH HACKING
ONLINE
90%
HASH IDENTIFICATION
PASSWORD HASH HACKING
ONLINE
90%
Cheat Sheet28
# nikto – h [url]NIKTO NMAP SEARCH SPLOIT
# nmap – sV ip_target # searchsploit target_name
# log# privilege::debug# sekurlsa::logonpasswords
# net user hacker P@ssw0rd /add# net localgroups administrators hacker /add
# echo pastecodebase64 | base64 -dBASE 64 DECODE CREATE USER MIMIKATZ
rungga_reksya
Case StudyTurn on Your VM:- Target: 192.168.1.2 - Kali Linux: 192.168.1.3 (root::toor)
29
NIKTO
SEARCHPLOIT
PHPMYADMIN
SHELL
NETUSER
DUMP
rungga_reksya
So You Want to be a Penetration Tester
Feeling
Untiring
Out of The Box
Experience
Lucky
rungga_reksya
Any Questions for Us ?31
rungga_reksya
