Hack Fest
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Hack Fest as PDF for free.
More details
- Words: 717
- Pages: 15
PLUG Linux Security HackFest
● ● ●
[email protected] “OSI Layer Up” Security Phoenix Linux Users Group Security Lab
Overview ● ● ● ● ● ●
Review Linux OSI “Layer Up” Security Investigate Knoppix STD [A+] LiveCD Lab - Live Demos & Team Testing Questions & Interactive PLUG Lab Training Investigate Backtrack [WoW] LiveCD PLUG User Presented Forensic Challenges or Security Issues
Linux Security Goals ● ●
● ● ● ● ● ● ●
●
TroubleShooting vs. “Ethical Hacking” For Professionals – Where to Draw the Line? Post Installation Security/Hardening Wireless/SSH Security in Public Nets Review TCP/IP Security Review C Stack Security Use Layered Security in Context Circumvent/Test Recognize Circumvention Tests in IDS & Logs PenTesting via Knoppix STD and BackTrack
Linux Post Installation & Production Security ●
● ● ● ● ● ●
●
Loop Mounted ISO's MD Signatures and Source Sanitation Linux Post-Installation Security ← Use? SSH Wireless Encryption/Decrytion Ports/Services ← Less is More! SELinux/AppArmour/StackGuardImmunix/LibSafe Kernel Stack Locking Iptables/Stateful Packet Inspection/Layer 3 Switches & Layer 7 Firewalls
Lab Instructions ● ● ● ● ● ● ● ● ● ●
Boot LiveCD Verify Network Connection Join a Team or Grab a Partner Choose a LAB Review Material Complete it using LiveCD → Target Review Logs Adjust Exploit or Develop Lab Rinse and Repeat Attack “TARGET” & LiveCD Partners ONLY!
Knoppix STD Tools ● ● ● ●
● ●
STD 0.1 Knoppix security tools distribution MD5: de03204ea5777d0e5fd6eb97b43034cb http://www.knoppix.net/wiki/Knoppix_Remastering_Howto = Add Drivers for Wireless & Ethernet or Video Not developed for “script kiddy hacking” - this is a training aid for basic Computer Security Concepts that scales to advanced professional uses. THIS IS A TRAINING TOOL Until You Make it WORK (Many Security Tools are “broken by design” in Small Ways). Knoppix-STD does not have GUI's for everything. If there is a console based way to do it “better”; Knoppix uses the console. Refer to the video examples and references for each lab, as well as the help files included in each directory:
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
Tool OverView Available on Knoppix STD: Tools are grouped as follows: /usr/bin/auth/ /usr/bin/crypto/ /usr/bin/forensics/ /usr/bin/fw/ /usr/bin/honeypot/ /usr/bin/ids/ /usr/bin/net-utils/ /usr/bin/pwd-tools/ /usr/bin/servers /usr/bin/sniff/ /usr/bin/tcp-tools /usr/bin/tunnels /usr/bin/vuln-test /usr/bin/wireless/
Full list of tools available: http://www.knoppix-std.org/tools.html
Lab Demos 0 = BackTrack – Working LiveCD Tool! ● 1 = SSH Brute Force/Dictionary/Crypt ● 2 = Router Ownership Encyption/Decrypt ● 3 =TCP/IP, Arp, Scan, & DoS (use w/#4) ● 4 = Buffer OverFlow ● 5 = Sniffing, IDS and HoneyPots (use w/#2) ● 6 = Wireless/Crypt ● 7 = Advanced Challenges Optimally, we use a team approach for Each Team Demo (pair up) Exchange/Declare Results ●
Lab 0 = BackTrack
Explore BackTrack Live CD ● http://backtrack.offensivesecurity.com/index.php?title=Tools ● http://isisblogs.poly.edu/2008/04/08/backtrack-3-d ● http://wtcs.ca/wiki/index.php/DEMO_using_BackT ● http://www.ethicalhacker.net/content/view/167/2/
Other Resources ● http://www.owasp.org/index.php/Category:OWASP ● http://hackaday.com
Lab 1 SSH Brute Force: ● ● ● ● ●
● ● ● ●
LAB 1 SSH/FTP: Trust is Earned Create a User & Assign a Password Use Hydra to Attack http://www.youtube.com/watch?v=lLBVV67Nxks Hydra Windows cmd Example: http://www.youtube.com/watch? v=vDi3UPuV3RI&feature=related http://blog.hazrulnz.net/813/ssh-brute-forcereconn http://www.dtc.umn.edu/umssia/resources/day2d_ Use Tcpdump or Logs to Catch Attack Protect against SSH/FTP crackers how?
Lab 2 = Own the Router ● ● ● ●
Use Hydra to Own the Router Or Why Remote Management = OFF! http://freeworld.thc.org/thc-hydra/ http://blip.tv/scripts/flash/showplayer.swf? enablejs=true&feedurl=http://purehate138.bli p.tv/rss&file=http://blip.tv/rss/flash/527781&s howplayerpath=http://blip.tv/scripts/flash/sho wplayer.swf
Lab 3 = TCP/IP
TCP Explained: http://www.youtube.com/watch?v=z40w3G8szK0 Nmap Spoofing an IP Address http://www.networkuptime.com/nmap/page3-1 6.shtml Tool = Cain: Arp Poisening: http://www.youtube.com/watch?v=zG-_Y17lKpg&f Tool = ettercap: ● http://www.youtube.com/watch?v=agTBk5qGjCQ Stealth Scanning Script: (Advanced) ● http://crack0hack.wetpaint.com/page/TCP+Port+S
Lab 4 = Smashing the Stack Escalated Privileges/DoS via C Stack Buffer Explained: ● http://www.ibm.com/developerworks/linux/libr ary/l-sp4.html Web Based Packet Overflows: ● http://www.youtube.com/watch?v=vyKnk197bUM ● http://www.youtube.com/watch?v=AlgwqMH3Uss
Lab 5 = IDS SNORT and HoneyPots Recognize IDS Signatures using SNORT ● Backtrack Tool – Snort → KDE Menu ● Knoppix STD: Tools: ● /usr/bin/ids ● /usr/bin/honeypot Logs From HackFests Around the World ● http://gd.tuwien.ac.at/infosys/security/oldsnor t/packets.html Pair with Lab #2 Team
Lab 6 = Wireless Sniffing
Wired Traffic Through Wireless Device: ettercap ● http://www.youtube.com/watch?v=RllU5mE095g Wireshark: 1 of 3 http://www.youtube.com/watch?v=NHLTa29iovU& Cookies & Grabbing Passwd: 2 of 3 ● http://www.youtube.com/watch? v=7ezGTP99xSw DataMining:3 of 3 ● http://www.youtube.com/watch? v=WaIc5EfLPgc
Lab 7 = Advanced
Pcap TCP/IP DNS and SSH fun: ● http://www.hackinglinuxexposed.com/articles/2003 SSL DNS Spoof Attack: ● http://www.youtube.com/watch?v=IIHQHoOyAEA& Metasploit Windows: ● http://www.youtube.com/watch?v=4Fye4_VSE-A Nikto Website Pentesting & More: ● http://www.securitytutorials5.thetazzone.com/ Absinthe Setting up Postgresql Injection: http:// www.0x90.org/releases/absinthe/docs/basicu sage.php
● ● ●
[email protected] “OSI Layer Up” Security Phoenix Linux Users Group Security Lab
Overview ● ● ● ● ● ●
Review Linux OSI “Layer Up” Security Investigate Knoppix STD [A+] LiveCD Lab - Live Demos & Team Testing Questions & Interactive PLUG Lab Training Investigate Backtrack [WoW] LiveCD PLUG User Presented Forensic Challenges or Security Issues
Linux Security Goals ● ●
● ● ● ● ● ● ●
●
TroubleShooting vs. “Ethical Hacking” For Professionals – Where to Draw the Line? Post Installation Security/Hardening Wireless/SSH Security in Public Nets Review TCP/IP Security Review C Stack Security Use Layered Security in Context Circumvent/Test Recognize Circumvention Tests in IDS & Logs PenTesting via Knoppix STD and BackTrack
Linux Post Installation & Production Security ●
● ● ● ● ● ●
●
Loop Mounted ISO's MD Signatures and Source Sanitation Linux Post-Installation Security ← Use? SSH Wireless Encryption/Decrytion Ports/Services ← Less is More! SELinux/AppArmour/StackGuardImmunix/LibSafe Kernel Stack Locking Iptables/Stateful Packet Inspection/Layer 3 Switches & Layer 7 Firewalls
Lab Instructions ● ● ● ● ● ● ● ● ● ●
Boot LiveCD Verify Network Connection Join a Team or Grab a Partner Choose a LAB Review Material Complete it using LiveCD → Target Review Logs Adjust Exploit or Develop Lab Rinse and Repeat Attack “TARGET” & LiveCD Partners ONLY!
Knoppix STD Tools ● ● ● ●
● ●
STD 0.1 Knoppix security tools distribution MD5: de03204ea5777d0e5fd6eb97b43034cb http://www.knoppix.net/wiki/Knoppix_Remastering_Howto = Add Drivers for Wireless & Ethernet or Video Not developed for “script kiddy hacking” - this is a training aid for basic Computer Security Concepts that scales to advanced professional uses. THIS IS A TRAINING TOOL Until You Make it WORK (Many Security Tools are “broken by design” in Small Ways). Knoppix-STD does not have GUI's for everything. If there is a console based way to do it “better”; Knoppix uses the console. Refer to the video examples and references for each lab, as well as the help files included in each directory:
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
Tool OverView Available on Knoppix STD: Tools are grouped as follows: /usr/bin/auth/ /usr/bin/crypto/ /usr/bin/forensics/ /usr/bin/fw/ /usr/bin/honeypot/ /usr/bin/ids/ /usr/bin/net-utils/ /usr/bin/pwd-tools/ /usr/bin/servers /usr/bin/sniff/ /usr/bin/tcp-tools /usr/bin/tunnels /usr/bin/vuln-test /usr/bin/wireless/
Full list of tools available: http://www.knoppix-std.org/tools.html
Lab Demos 0 = BackTrack – Working LiveCD Tool! ● 1 = SSH Brute Force/Dictionary/Crypt ● 2 = Router Ownership Encyption/Decrypt ● 3 =TCP/IP, Arp, Scan, & DoS (use w/#4) ● 4 = Buffer OverFlow ● 5 = Sniffing, IDS and HoneyPots (use w/#2) ● 6 = Wireless/Crypt ● 7 = Advanced Challenges Optimally, we use a team approach for Each Team Demo (pair up) Exchange/Declare Results ●
Lab 0 = BackTrack
Explore BackTrack Live CD ● http://backtrack.offensivesecurity.com/index.php?title=Tools ● http://isisblogs.poly.edu/2008/04/08/backtrack-3-d ● http://wtcs.ca/wiki/index.php/DEMO_using_BackT ● http://www.ethicalhacker.net/content/view/167/2/
Other Resources ● http://www.owasp.org/index.php/Category:OWASP ● http://hackaday.com
Lab 1 SSH Brute Force: ● ● ● ● ●
● ● ● ●
LAB 1 SSH/FTP: Trust is Earned Create a User & Assign a Password Use Hydra to Attack http://www.youtube.com/watch?v=lLBVV67Nxks Hydra Windows cmd Example: http://www.youtube.com/watch? v=vDi3UPuV3RI&feature=related http://blog.hazrulnz.net/813/ssh-brute-forcereconn http://www.dtc.umn.edu/umssia/resources/day2d_ Use Tcpdump or Logs to Catch Attack Protect against SSH/FTP crackers how?
Lab 2 = Own the Router ● ● ● ●
Use Hydra to Own the Router Or Why Remote Management = OFF! http://freeworld.thc.org/thc-hydra/ http://blip.tv/scripts/flash/showplayer.swf? enablejs=true&feedurl=http://purehate138.bli p.tv/rss&file=http://blip.tv/rss/flash/527781&s howplayerpath=http://blip.tv/scripts/flash/sho wplayer.swf
Lab 3 = TCP/IP
TCP Explained: http://www.youtube.com/watch?v=z40w3G8szK0 Nmap Spoofing an IP Address http://www.networkuptime.com/nmap/page3-1 6.shtml Tool = Cain: Arp Poisening: http://www.youtube.com/watch?v=zG-_Y17lKpg&f Tool = ettercap: ● http://www.youtube.com/watch?v=agTBk5qGjCQ Stealth Scanning Script: (Advanced) ● http://crack0hack.wetpaint.com/page/TCP+Port+S
Lab 4 = Smashing the Stack Escalated Privileges/DoS via C Stack Buffer Explained: ● http://www.ibm.com/developerworks/linux/libr ary/l-sp4.html Web Based Packet Overflows: ● http://www.youtube.com/watch?v=vyKnk197bUM ● http://www.youtube.com/watch?v=AlgwqMH3Uss
Lab 5 = IDS SNORT and HoneyPots Recognize IDS Signatures using SNORT ● Backtrack Tool – Snort → KDE Menu ● Knoppix STD: Tools: ● /usr/bin/ids ● /usr/bin/honeypot Logs From HackFests Around the World ● http://gd.tuwien.ac.at/infosys/security/oldsnor t/packets.html Pair with Lab #2 Team
Lab 6 = Wireless Sniffing
Wired Traffic Through Wireless Device: ettercap ● http://www.youtube.com/watch?v=RllU5mE095g Wireshark: 1 of 3 http://www.youtube.com/watch?v=NHLTa29iovU& Cookies & Grabbing Passwd: 2 of 3 ● http://www.youtube.com/watch? v=7ezGTP99xSw DataMining:3 of 3 ● http://www.youtube.com/watch? v=WaIc5EfLPgc
Lab 7 = Advanced
Pcap TCP/IP DNS and SSH fun: ● http://www.hackinglinuxexposed.com/articles/2003 SSL DNS Spoof Attack: ● http://www.youtube.com/watch?v=IIHQHoOyAEA& Metasploit Windows: ● http://www.youtube.com/watch?v=4Fye4_VSE-A Nikto Website Pentesting & More: ● http://www.securitytutorials5.thetazzone.com/ Absinthe Setting up Postgresql Injection: http:// www.0x90.org/releases/absinthe/docs/basicu sage.php
