PLUG Linux Security HackFest
● ● ●
[email protected] “OSI Layer Up” Security Phoenix Linux Users Group Security Lab
Overview ● ● ● ● ● ●
Review Linux OSI “Layer Up” Security Investigate Knoppix STD [A+] LiveCD Lab - Live Demos & Team Testing Questions & Interactive PLUG Lab Training Investigate Backtrack [WoW] LiveCD PLUG User Presented Forensic Challenges or Security Issues
Linux Security Goals ● ●
● ● ● ● ● ● ●
●
TroubleShooting vs. “Ethical Hacking” For Professionals – Where to Draw the Line? Post Installation Security/Hardening Wireless/SSH Security in Public Nets Review TCP/IP Security Review C Stack Security Use Layered Security in Context Circumvent/Test Recognize Circumvention Tests in IDS & Logs PenTesting via Knoppix STD and BackTrack
Linux Post Installation & Production Security ●
● ● ● ● ● ●
●
Loop Mounted ISO's MD Signatures and Source Sanitation Linux Post-Installation Security ← Use? SSH Wireless Encryption/Decrytion Ports/Services ← Less is More! SELinux/AppArmour/StackGuardImmunix/LibSafe Kernel Stack Locking Iptables/Stateful Packet Inspection/Layer 3 Switches & Layer 7 Firewalls
Lab Instructions ● ● ● ● ● ● ● ● ● ●
Boot LiveCD Verify Network Connection Join a Team or Grab a Partner Choose a LAB Review Material Complete it using LiveCD → Target Review Logs Adjust Exploit or Develop Lab Rinse and Repeat Attack “TARGET” & LiveCD Partners ONLY!
Knoppix STD Tools ● ● ● ●
● ●
STD 0.1 Knoppix security tools distribution MD5: de03204ea5777d0e5fd6eb97b43034cb http://www.knoppix.net/wiki/Knoppix_Remastering_Howto = Add Drivers for Wireless & Ethernet or Video Not developed for “script kiddy hacking” - this is a training aid for basic Computer Security Concepts that scales to advanced professional uses. THIS IS A TRAINING TOOL Until You Make it WORK (Many Security Tools are “broken by design” in Small Ways). Knoppix-STD does not have GUI's for everything. If there is a console based way to do it “better”; Knoppix uses the console. Refer to the video examples and references for each lab, as well as the help files included in each directory:
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
Tool OverView Available on Knoppix STD: Tools are grouped as follows: /usr/bin/auth/ /usr/bin/crypto/ /usr/bin/forensics/ /usr/bin/fw/ /usr/bin/honeypot/ /usr/bin/ids/ /usr/bin/net-utils/ /usr/bin/pwd-tools/ /usr/bin/servers /usr/bin/sniff/ /usr/bin/tcp-tools /usr/bin/tunnels /usr/bin/vuln-test /usr/bin/wireless/
Full list of tools available: http://www.knoppix-std.org/tools.html
Lab Demos 0 = BackTrack – Working LiveCD Tool! ● 1 = SSH Brute Force/Dictionary/Crypt ● 2 = Router Ownership Encyption/Decrypt ● 3 =TCP/IP, Arp, Scan, & DoS (use w/#4) ● 4 = Buffer OverFlow ● 5 = Sniffing, IDS and HoneyPots (use w/#2) ● 6 = Wireless/Crypt ● 7 = Advanced Challenges Optimally, we use a team approach for Each Team Demo (pair up) Exchange/Declare Results ●
Lab 0 = BackTrack
Explore BackTrack Live CD ● http://backtrack.offensivesecurity.com/index.php?title=Tools ● http://isisblogs.poly.edu/2008/04/08/backtrack-3-d ● http://wtcs.ca/wiki/index.php/DEMO_using_BackT ● http://www.ethicalhacker.net/content/view/167/2/
Other Resources ● http://www.owasp.org/index.php/Category:OWASP ● http://hackaday.com
Lab 1 SSH Brute Force: ● ● ● ● ●
● ● ● ●
LAB 1 SSH/FTP: Trust is Earned Create a User & Assign a Password Use Hydra to Attack http://www.youtube.com/watch?v=lLBVV67Nxks Hydra Windows cmd Example: http://www.youtube.com/watch? v=vDi3UPuV3RI&feature=related http://blog.hazrulnz.net/813/ssh-brute-forcereconn http://www.dtc.umn.edu/umssia/resources/day2d_ Use Tcpdump or Logs to Catch Attack Protect against SSH/FTP crackers how?
Lab 2 = Own the Router ● ● ● ●
Use Hydra to Own the Router Or Why Remote Management = OFF! http://freeworld.thc.org/thc-hydra/ http://blip.tv/scripts/flash/showplayer.swf? enablejs=true&feedurl=http://purehate138.bli p.tv/rss&file=http://blip.tv/rss/flash/527781&s howplayerpath=http://blip.tv/scripts/flash/sho wplayer.swf
Lab 3 = TCP/IP
TCP Explained: http://www.youtube.com/watch?v=z40w3G8szK0 Nmap Spoofing an IP Address http://www.networkuptime.com/nmap/page3-1 6.shtml Tool = Cain: Arp Poisening: http://www.youtube.com/watch?v=zG-_Y17lKpg&f Tool = ettercap: ● http://www.youtube.com/watch?v=agTBk5qGjCQ Stealth Scanning Script: (Advanced) ● http://crack0hack.wetpaint.com/page/TCP+Port+S
Lab 4 = Smashing the Stack Escalated Privileges/DoS via C Stack Buffer Explained: ● http://www.ibm.com/developerworks/linux/libr ary/l-sp4.html Web Based Packet Overflows: ● http://www.youtube.com/watch?v=vyKnk197bUM ● http://www.youtube.com/watch?v=AlgwqMH3Uss
Lab 5 = IDS SNORT and HoneyPots Recognize IDS Signatures using SNORT ● Backtrack Tool – Snort → KDE Menu ● Knoppix STD: Tools: ● /usr/bin/ids ● /usr/bin/honeypot Logs From HackFests Around the World ● http://gd.tuwien.ac.at/infosys/security/oldsnor t/packets.html Pair with Lab #2 Team
Lab 6 = Wireless Sniffing
Wired Traffic Through Wireless Device: ettercap ● http://www.youtube.com/watch?v=RllU5mE095g Wireshark: 1 of 3 http://www.youtube.com/watch?v=NHLTa29iovU& Cookies & Grabbing Passwd: 2 of 3 ● http://www.youtube.com/watch? v=7ezGTP99xSw DataMining:3 of 3 ● http://www.youtube.com/watch? v=WaIc5EfLPgc
Lab 7 = Advanced
Pcap TCP/IP DNS and SSH fun: ● http://www.hackinglinuxexposed.com/articles/2003 SSL DNS Spoof Attack: ● http://www.youtube.com/watch?v=IIHQHoOyAEA& Metasploit Windows: ● http://www.youtube.com/watch?v=4Fye4_VSE-A Nikto Website Pentesting & More: ● http://www.securitytutorials5.thetazzone.com/ Absinthe Setting up Postgresql Injection: http:// www.0x90.org/releases/absinthe/docs/basicu sage.php