HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING |...

38
HOW TO LEARN A MAKE A PENTEST

Transcript of HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING |...

Page 1: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

HOW TO LEARN A MAKE A PENTEST

Page 2: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS

HOW TO BYPASS AV |

HOW TO HACK WINDOWS 7 | REMOTEHOW TO HACK – FACEBOOK HOW TO AVOID SOME ATACKS ?DEMO

Page 3: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

FELIPE ZUCKERMANENTHUSIAST IN IT FOCUSED ON SAFETY

Page 4: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

WHAT IS A PENTEST ?

Page 5: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

YOUR PHASES

Page 6: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

RECONNAISSANCE

use auxiliary/scanner/smb/smb_version 

This phase consist in obtain the maximum of information about the target such as:OS SystemTopology Network Email Address,Presence of Firewall, AV

Enumeration about the services and your version

nmap --script smb-os-discovery.nse <target>

ttl value windows= 128 Linux = 64

Page 7: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

LET’S SEE ?

Page 8: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.
Page 9: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

GAINING ACCESS

Page 10: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.
Page 11: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

NETSH ADVFIREWALL SET PUBLICPROFILE STATE OFF

Page 12: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.
Page 13: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

SCANNING • The scanning process can be divided into three steps:

• Determining if a system is active.

• Port scanning the system.

• Scanning the system for vulnerabilities

• Ex: USAGE 

#nmap [Scan Type(s)] [Options] {target specification}

Page 14: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

MAINTAINING ACCESS

Page 15: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.
Page 16: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

NETCAT

Page 17: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.
Page 18: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

BELOW IS SHOWN SOME WAYS TO DETECT INTRUDERS IN YOUR

SYSTEM

%AllUsersProfile%\Application Data\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Page 19: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

Page 20: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

DISABLE SOME SERVICES• TELNET • REMOTE DESKTOP• REMOTE REGISTRY

Page 21: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

Nessus é um dos melhores scanners de vulnerabilidades e pode ser encontrado tanto na versão comercial quanto na versão doméstica, que é grátis. Além do Nessus temos também o OpenVAS e Nexpose que também são ótimos scanners de vulnerabilidades que abordaremos em breve.

Page 22: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

PenETRATION TEST ?

Page 23: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

Configuração do Computador > Configurações do Windows > Configurações de Segurança > Políticas Locais > Política de Auditoria.

Page 24: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

PRIVILEGE ESCALATIONLocal privilege escalation happens when one user acquires the system rights of another user. Network intruders have many techniques for increasing privileges once they have gained a foothold on a system

Page 25: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

LINK: http://www.exploit-db.com/exploits/15609/

PRIVILEGE LOCAL

PRIVILEGE REMOTE

Page 26: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.
Page 27: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

HACKING WINDOWS 7 WITH POWERSHELL

Page 28: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.
Page 29: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

BYPASSING ANTIVIRUS

• Veil-Evasion is a tool to generate payload executables that bypass common antivirus solutions.

Page 30: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

1 2

33

O ANTIVIRUS DETECTOU MEU ARQUIVO

4

Page 31: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

5 6

8

NO COMENTS

Page 32: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

CLEARING TRACKS

Page 33: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

CLEARING TRACKS

Page 34: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

PENETRATION TEST DEMO

Page 35: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.
Page 36: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.
Page 37: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

1. Metasploithttp://www.metasploit.com

2. Pen Testerhttp://en.wikipedia.org/wiki/Penetration_test

3. NETWORK COMPUTERShttp://pt.wikipedia.org/wiki/Rede_de_computadores

4. INSTRODUTION TO TCP/IPhttp://www.vivaolinux.com.br/artigo/Introducao-ao-Protocolo-Internet-IP

5. VIRTUALIZATION http://www.vivaolinux.com.br/artigo/Virtualizacao-Montando-uma-rede-virtual-para-testes-e-estudos-de-servicos-e-servidores

6. Keylogginghttp://pt.wikipedia.org/wiki/Keylogger

7. Backdoorhttp://pt.wikipedia.org/wiki/Backdoor

REFERENCES

Page 38: HOW TO LEARN A MAKE A PENTEST. SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS.

CONTACT@FelipeZuckerman

Felipezuckerman

[email protected]


Pentest web

Pentest web

Web PenTest Sample Report

Web PenTest Sample Report

PenTest Regular 10/12

PenTest Regular 10/12

PenTest Mag - 2013 May

PenTest Mag - 2013 May

Pentest almak

Pentest almak

Relatorio Pentest

Relatorio Pentest

Pentest conisli07

Pentest conisli07

Pentest Art

Pentest Art

Zenk Pentest LampSec CTF6

Zenk Pentest LampSec CTF6

Checkpoint Hack Pentest

Checkpoint Hack Pentest

Pentest cool

Pentest cool

Provider Pentest a Payment - sdmay21-06 • Pentest a ...

Provider Pentest a Payment - sdmay21-06 • Pentest a ...

Pentest requirements

Pentest requirements

Pentest Linux

Pentest Linux

Сканирование PenTest · 2013. 10. 15. · Задачи сканирования PenTest Инвентаризация •Оборудование, операционные

Сканирование PenTest · 2013. 10. 15. · Задачи сканирования PenTest Инвентаризация •Оборудование, операционные

The Pentest is Dead, Long Live the Pentest. - Defcon

The Pentest is Dead, Long Live the Pentest. - Defcon

Mobile Pentest

Mobile Pentest

Web Uygulama Pentest Eğitimi

Web Uygulama Pentest Eğitimi

PenTest Mag 2013 07

PenTest Mag 2013 07

ejemplo reporte de pentest

ejemplo reporte de pentest