Cyber Security Fundamentals (M) & (H): Ethical Hacking\Penetration Testing III – V
Glasgow, 7th March 2022.
, School of Computing Science, University of Glasgow, Scotland.
Copyright By PowCoder代写 加微信 powcoder
Structure of Lectures
Sections that will be covered:
Cyber Security Basic background, Look into networking,
Cyber Attacks and defence,
Web applications’ vulnerabilities, Trending in Cyber,
Penetration testing & Digital Forensics. Guest lectures to be confirmed.
CSF 2022 Ethical Hacking I & II
Lecturer’s instructions
When you see the red sign in a slide it means that you must not use anything described in the specific slide without the necessary authorisation. The lecturer of this course will not be responsible for any misuse.
When you see the green sign in a slide it means that you can use anything described in the specific slide on your own.
CSF 2022 Ethical Hacking I & II
➢Some tools need special permissions in order to run them in a secure manner without violating any laws!!! Because of this we have created these signs to indicate to you which tools are ok to be used and which are not!
➢ One of the most important slides as if you don’t follow this rule it can have serious impact on you, so please don’t use anything under the banner of the red (first) sign.
The steps of Ethical Hacking
CSF 2022 Ethical Hacking I & II
➢ These are the five main steps of Pen Testing\Ethical Hacking. We will explain every single one in more detail and we will see demos of relevant tools for all the steps.
➢ Note that some tools can be used in more than one steps and some steps can be repeated; it all depends on the complexity of the task ahead.
Step 3 – Gain Access
How do we get in?
Social Engineering + Phishing + Remote exploit etc.!!!
CSF 2022 Ethical Hacking III – V
@wikipedia.com
➢ Gaining access is really important! This is the first practical part that will be a decisive step regarding the success or failure of an attack. It can be a hard step or an easy one, it always depends on the target.
➢You can reach this stage by a malicious email or social engineering; but in this stage we will demonstrate how someone can achieve this by successfully acquiring remote access to a server by using a known exploit.
➢In the picture you can see ; one of our Rectors and the guy responsible for the biggest leak of information in US.
Metasploit
CSF 2022 Ethical Hacking III – V
@metasploit.com
➢ Do not use without authorisation.
➢ In the video you will see that we will use an exploit called Apache Struts. The Metasploit Framework is going to be used; a penetration testing platform used to find, exploit and validate vulnerabilities. Apache Struts is a framework for creating JAVA web applications. We will first turn on the server VM and will demonstrate that it is up and running; we have already details on the IP gathered from previous steps. We will also see that there are no strange files on the C:\. Going back to the Linux VM which will act as an attacker we will open Metasploit; a command line interface. When it is loaded we will use the module for Apache Struts by copy and pasting it (available online) and then we will see the information of this exploit. It is noticeable that in order for the exploit to work you will need to set an RHOST (remote host) and RPORT (remote port) of the target; details already known from previous steps. When we do this, we simple run the exploit and we have a successful connection. We are now using the meterpreter for the payload.
➢ Do not use without authorisation.
➢ In order to demonstrate exactly what someone can achieve we create a text file and then upload it through the meterpreter in the C:\ location of the target server. If you now go to the server, you will notice that there is a file called malware1.txt and you can see that this was remotely uploaded. For students using the VM notice that you always need to give a reason before shutting down a server, but it doesn’t matter what you press.
CSF 2022 Ethical Hacking III – V
Metasploit
@wired.com
Step 4 – Maintaining Access
Try to maintain access!
Installation of hidden infrastructure:
Malware→Remote Connections→Command and Control framework
CSF 2022 Ethical Hacking III – V
@wired.com
➢ Now → Step 4: Maintaining Access
Is this step necessary to be completed for all the types of cyber-attacks? What can someone do after gaining access? Use system as a launch pad and exploit other systems, break & destroy or continue exploitation. Move on to admin privileges?
➢ Malware is a malicious piece of code that can be used in order to exploit vulnerabilities; worms, Trojan horses, rootkits, viruses, keyloggers or bots are different types of malware. However, in an incident the general term malware should be avoided, and more details should be given regarding the type of malware.
➢ Trojan horses (application level) are standalone programs that are executed in an incognito state (hidden) and can set up a backdoor, run scripts to unveil and gather data etc. They can be even trained for specific types of data like credit card information. The main difference with a virus is that a virus infuses itself into another program. A virus can infect a process or a file. Remote Access Trojans (RATs) exist too.
➢ Rootkits (operating system level) can be used on kernel level for super user access. Worms have a really damaging power as they recreate on their own and don’t need any kind of interaction; their nature is veracious.
➢ Bots or zombies are systems controlled by a single entity (bot master à attacker); infected systems can be part of a bot network.
➢ Keylogger; program that captures every keystroke of a client.
➢ Command and control frameworks for overseeing remote sessions.
➢ Backdoors (built in upload/ download functionality) are malicious pieces of software that can run on the compromised system, don’t give any usefulness to the user but create an access route with no need of repetition of exploitation. Trojan horses are quite similar in the way of running but the end goal is different; Trojan horses can help in holding a backdoor. Colocation; when instead of paying for hosting services an attacker uses a compromised system to facilitate his/hers needs.
➢Remote Communication; incognito channels, encryption and password protection helps. Someone can exfiltrate data through secure channels and add noise to the network. This is exactly how viruses like ransomware work.
SF 2022 Ethical Hacking III – V @metasploit.com
➢ Armitage is a NO FOR USE tool; is mainly a GUI version for Metasploit; it gives you ready exploits that you can search for, a visualisation of the current identified hosts and also can run nmap if chosen.
➢ In the Demo we are going to present another type of exploitation for gaining unauthorised remote access (ManageEngine), we will create a backdoor with the persistence command, we will dump all the user authentication data (usernames & hashes of passwords); note that almost all usernames are Star Wars characters and we will try to crack the passwords with different methods. Not everything will be successfully completed but we can demonstrate how someone can use different embedded functions of Armitage to complete these tasks. This will also enable us to escalate privileges and gain admin rights.
CSF 2022 Ethical Hacking III – V
@wired.com
Step 5 – Cover your tracks
How can you become untraceable?
Manipulation of logs + VPN + WIFI etc.!!!
CSF 2022 Ethical Hacking III – V
@wired.com
@wired.com
➢ → biggest credit card fraud reselling more than 170 million credit card and ATM numbers. Shadowcrew.org leader 20 years federal prison
➢ What do you think you can do to cover your tracks? Different ways of covering tracks: Change the settings of the bash history so that any commands cannot be saved in the history file. Change configurations on the monitoring side of the compromised system. Change logs which show that someone, “the attacker”, entered the system and any other malicious actions took place (Linux syslog & Windows Event viewer). Installed files made undetectable.
➢ Attackers use services like Tor Network, Tor VPN to remain anonymous and Wi- Fi spots; DNS information leaking test. It is important to note that using these tools/services does not guarantee that someone is hidden, or these tools are not dangerous. There might be hidden scripts running for example. So, it is a “use at your own risk” kind of tools.However, there are always traps; example when targeted systems turn out to be a Honeypot/Honeynet; when they appear to be a legitimate part of the system but are used to monitor the behaviour of the user and block possible attackers. In this part of the lecture we also talked about the Darknet and what are the dangers of someone being overconfident that they know what they are doing because they discovered these techniques/tools.
Cover your tracks
CSF 2022 Ethical Hacking III – V
@wired.com
➢In this demo we demonstrated, how an attacker can delete crucial log files for the step of “covering your tracks”.
➢ Importance of all the Pen Testing steps.
➢How can we use Metasploit? How can we gain
unauthorised access?
➢How to set up a backdoor and regain access when needed.
➢ How to escalate authorisation.
➢ How to cover your tracks and regain control.
CSF 2022 Ethical Hacking III – V
@wired.com
Cyber SA game
CSF 2022 Ethical Hacking III – V
➢Three Questions→ Three Images + Visualisation Technique.
➢No results recorded!!!
1st Question
A) SQL Injection
B) Phishing
C) Man In the Middle
CSF 2022 Ethical Hacking III – V
2nd Question
A) SQL Injection
B) Cross Site Scripting
C) Buffer Overflow
CSF 2022 Ethical Hacking III – V
3rd Question
A) Reverse Engineering
B) Cross Site Scripting
C) SQL Injection
CSF 2022 Ethical Hacking III – V
CSF 2022 Ethical Hacking III – V
Logstalgia
➢You are have been hired by a company to perform a security assessment on their network. You have been given their network range 192.168.0.1/16.
➢ You scanned initially the network to identify which hosts are up. (which tool will you use?)
➢ Once you identified that 5 IP’s are up you scan them for open ports and you identify that 1 is running port 80, 22, 25, 8080. (What that machine implies?)
➢ Then you scanned further to identify what services it runs and you identified “apache version 2.4.33” on “windows server 2016“.
➢ What are your next steps? CSF 2022 Ethical Hacking III – V
Please take a note of any questions for the live session!
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com