SlideShare a Scribd company logo

Phases of penetration testing

Download as PPTX, PDF
A
Abdul Rahman

A penetration test involves four main phases: reconnaissance, scanning, exploitation, and maintaining access. In the reconnaissance phase, tools are used to gather information about the target system without authorization. Scanning identifies open ports and vulnerabilities. Exploitation attempts to gain unauthorized control of systems by exploiting vulnerabilities, such as using password crackers. Maintaining access involves creating backdoors for future unauthorized access, such as using network sniffing tools or installing rootkits. Popular tools used in penetration tests include Nmap for scanning, Metasploit for exploitation, and Netcat for creating backdoors. Defending against penetration tests requires monitoring information published online, properly configuring firewalls and access controls, patching systems, and using antivirus and intrusion detection software

Technology
1 of 40
Downloaded 54 times
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Phases of Penetration Test Abdul Rehman IOC Bahauddin Zakariya University Multan
What is Penetration Test? • A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. • A penetration test target may be a ”white box” or ”black box” . • A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses were defeated in the penetration test.
Phases of Penetration Test • Reconnaissance • Scanning • Exploitation • Maintaining Access
Reconnaissance • Reconnaissance refer as information gathering before attack. It is the work of gathering information before planning attack. • The more information we gather, our chances of success in later phases of penetration Testing are greater. • Abraham Lincoln Quote “if I had six hours to chop down a tree, I'd spend the first four of them sharpening my axe.” • Reconnaissance conducted by white hat and black hat as well as.
Main Goals and Types of Reconnaissance Two main Goals of Reconnaissance listed below • Gather information as much as possible • Create a list of attachable IP addresses Two main Types of Reconnaissance listed below • Active Reconnaissance • Passive Reconnaissance
Famous Tools use for Reconnaissance(I) • HTTrack • Google • Harvester • Whois • Netcraft
Famous Tools use for Reconnaissance(II) • Host • Extracting information from DNS  NS Lookup  Dig • Extracting information from Emails • Metagoofill • Social Engineering
Famous Tools use for Reconnaissance(III) • HTTrack(Win ,B.T)  Tool for make identical copy of the target site.  Copy consist of Pages, Pics, links etc. • Google  Properly use of Google=Vital skill for penetration tester.  Directives (Keywords, enable accurate information from Google)site, inurl, cache Use of directive 1)name 2)colon 3)term e.g. site:bzu.edu filetype ppt
Famous Tools use for Reconnaissance(IV) • Harvester(Win, B.T) Use for catalog emails and subdomains that are belong to our target. • Whois(Online, B.T) Whois service allow us to access specific information about our target including IP addresses ,host names ,contact info ,phone no. ,Address etc. • Netcraft(Win, B.T) It give us information about site report ,IP address ,OS of the web server.
Famous Tools use for Reconnaissance(V) • Host Use for Translate host name to IP address. • Social Engineering Is exploiting the “human” weakness that inherit in every organization.
Scanning • Scanning is the process of finding the system is alive, ports and vulnerability of the target. • Ethical hacker use scanning tools to determine open ports and services presence of known weaknesses on target systems.
Types of Scanning • Types of scanning are listed below 1. System Scanning 2. Port Scanning 3. Vulnerability Scanning
System Scanning • In system scanning we determine if the system alive and it can interact with other machine or not. • It is important to conduct this step and make note of any machines that respond as alive. • If the system is alive then the penetration test will more fruitful.
Port Scanning(I) • Port scanning is to finding the open port. It is a process of finding the channel from where the attack can be launched. • The basic idea is to analysis the network port and keep information about them so that it can be used In future. • In port scanning we find open port and services such as FTP, Printing or e- mail that are available. • There are total 65536 ports on every computer may be UDP or TCP.
Port Scanning(II) Port Number Description 1 TCP Port Service Multiplexer (TCPMUX) 20 FTP Data 21 FTP Control 53 Domain Name System (DNS) 69 Trivial File Transfer Protocol (TFTP) 115 Simple File Transfer Protocol (SFTP) 156 SQL Server 190 Gateway Access Control Protocol (GACP) 443 HTTPS
Vulnerability Scanning • Vulnerability scanning is performed in which the weakness of target are find out for attack. • Usually the vulnerability scanners find operating system and version number that is installed on target. • Then find weakness in O.S, get information and use this information for exploit it in future.
Tools Used for Scanning • For System Scanning 1. Ping and ping sweeps • For Port Scanning 1. NMap • For Vulnerability Scanning 1. Nessus
Ping and Ping Sweep • Special type of network packet called an ICMP packet. • Work by sending specific types of network traffic, called ICMP echo request packets, to the target. • Telling us that a host is alive and accepting traffic, pings provide other valuable information including the total time it took for the packet to travel to the target and return. • Ping Sweep is work with Fping, in this Ping sent to the series of IP addresses.
Ping and Ping Sweep(II) Results of ping
NMap • Using Nmap to perform a TCP Connect Scan
NMap • Using Nmap to perform UDP Scans
Nessus • Nessus is a GUI bases Vulnerability Scanning tool. • Available for free. • One of the key components of Nessus is the plug-ins. • A plug-in is a small block of code that is sent to the target machine to check for a known vulnerability. Nessus has literally thousands of plug-ins.
Nessus
Nessus
Exploitation • Exploitation is the process of gaining control over a system. • Exploitation is the attempt to turn the target machine into a puppet that will execute your commands and do your bidding.
Password Cracker • Using online password crackers, the potential for success can be greatly increased if you combine this attack with information gathered. • Remote access systems employ a password throttling technique that can limit the number of unsuccessful log-ins you are allowed. • Medusa and Hydra are famous password cracker for exploitation. • JOHN THE RIPPER: KING OF THE PASSWORD CRACKERS
Medusa • Medusa is described as a parallel log-in brute forcer that attempts to gain access to remote authentication services. • Medusa is capable of authenticating with a large number of remote services including AFP, FTP, HTTP, IMAP, MS-SQl , MYSQl , NetWare NCP, NNTP etc. • You need several pieces of information for medusa Target IP Address A username or username list A password or dictionary file containing multiple passwords
Medusa
METASPLOIT HACKING, HUGH JACKMAN STYLE! • Metasploit is a powerful, flexible and free tool. • Truly open source exploit framework. • Open Source meant that for the first time everyone could access, collaborate, develop and share exploits for free. • It allows you to select the target and choose from a wide variety of payloads. • A payload is the “additional functionality” or change in behavior that you want to accomplish on the target machine.
MSFCONSOLE • We focus on Menu-driven Non-GUI text-based system called msfconsole. • msfconsole is fast, friendly and easy to use.
MSFCONSOLE Result of Metaspoilt
SNIFFING NETWORK TRAFFIC • Sniffing is the process of capturing and viewing traffic as it is passed along the network. • Popular technique that can be used to gain access to systems is network sniffing. • Sniffing clear text network traffic is a trivial but effective means of gaining access to systems. • Macof Tool is used for Sniffing
Maintaining Access • In maintaining access, create backdoors in the Target system for future use. • Backdoor is a piece of software that resides on the target computer and allows the attacker to return to the machine at any time. • In some cases, the backdoor is a hidden process that runs on the target machine • There are many tools now-a-days for creating backdoor e.g. netcat ,netcat cryptic cousin ,Netbus , rootkits.
NETCAT THE SWISS ARMY KNIFE • A tool for communication and control network traffic flow. • Excellent choice for a backdoor. • Can be used to transfer files between machines. • Conduct port scans. • Serve as a simple instant messenger. • even function as a simple web server.
NETCAT THE SWISS ARMY KNIFE • Supports sending and receiving both TCP and UDP traffic. • Netcat can connect from any port on your local machine to any port on the target machine.
NETBUS: A CLASSIC • Backdoor and remote control software.
Hacker Defender It Is Not What You Think • Hacker defender is a Rootkit. • Easy to understand and configure. • There are three main files o hxdef100.exe o hxdef100.ini o bdcli100.exe
Hacker Defender
DETECTING AND DEFENDING AGAINST ROOTKITS • Closely monitor the information you put onto the internet. • Properly configure your firewall and other access control lists. • Patch your systems. • Install and use antivirus software. • Make use of an intrusion detection system. • Tools like rootkit revealer, Vice, and F-secure’s ,Backlight are some great free options for revealing the presence of hidden files and rootkits.
Questions?

More Related Content

PDF
Cyber attacks
Anuradha Moti T
 
PPTX
Footprinting and reconnaissance
NishaYadav177
 
PPTX
DDOS ATTACK - MIRAI BOTNET
Sukhdeep Singh Sandhu
 
PPTX
Pen Testing Explained
Rand W. Hirt
 
PDF
Analysing Ransomware
Napier University
 
PPTX
Metasploit
henelpj
 
PPT
Malware Analysis Made Simple
Paul Melson
 
PPTX
Wannacry
AravindVV
 
Cyber attacks
Anuradha Moti T
 
Footprinting and reconnaissance
NishaYadav177
 
DDOS ATTACK - MIRAI BOTNET
Sukhdeep Singh Sandhu
 
Pen Testing Explained
Rand W. Hirt
 
Analysing Ransomware
Napier University
 
Metasploit
henelpj
 
Malware Analysis Made Simple
Paul Melson
 
Wannacry
AravindVV
 

What's hot (20)

PDF
Bug Bounty Secrets
n|u - The Open Security Community
 
PDF
What is Ransomware?
Datto
 
PPTX
Packet sniffing
Shyama Bhuvanendran
 
PDF
Ch 5: Port Scanning
Sam Bowne
 
PDF
Stuxnet
Shishir Aryal
 
PPTX
Cyber espionage
harshitakhandelwal26
 
PPTX
Introduction to Metasploit
GTU
 
PPT
Course on Ehtical Hacking - Introduction
Bharat Thakkar
 
PPTX
Cryptographic Algorithms: DES and RSA
aritraranjan
 
PPTX
NETWORK PENETRATION TESTING
Er Vivek Rana
 
PPTX
Android malware analysis
Jason Ross
 
PDF
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
Varun Mithran
 
PPTX
Threat hunting - Every day is hunting season
Ben Boyd
 
PPTX
Ppt on cyber security
Avani Patel
 
PDF
Cybercrime In The Deep Web
Trend Micro
 
PPT
Wannacry-A Ransomware Attack
MahimaVerma28
 
PPT
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
PPTX
Bug bounty
n|u - The Open Security Community
 
PDF
Footprinting
Duah John
 
PPTX
Stuxnet worm
sommerville-videos
 
Bug Bounty Secrets
n|u - The Open Security Community
 
What is Ransomware?
Datto
 
Packet sniffing
Shyama Bhuvanendran
 
Ch 5: Port Scanning
Sam Bowne
 
Stuxnet
Shishir Aryal
 
Cyber espionage
harshitakhandelwal26
 
Introduction to Metasploit
GTU
 
Course on Ehtical Hacking - Introduction
Bharat Thakkar
 
Cryptographic Algorithms: DES and RSA
aritraranjan
 
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Android malware analysis
Jason Ross
 
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
Varun Mithran
 
Threat hunting - Every day is hunting season
Ben Boyd
 
Ppt on cyber security
Avani Patel
 
Cybercrime In The Deep Web
Trend Micro
 
Wannacry-A Ransomware Attack
MahimaVerma28
 
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Bug bounty
n|u - The Open Security Community
 
Footprinting
Duah John
 
Stuxnet worm
sommerville-videos
 
Ad

Viewers also liked (20)

PPT
Standard Penetration Test
Abdur Rahman Quadri
 
PDF
Penetration Testing Services Technical Description Cyber51
martinvoelk
 
PDF
App Penetration Test
Aung Khant
 
PDF
BAIT1103 Chapter 5
limsh
 
ODP
Introduction To NIDS
Michael Boman
 
PDF
Explain Kerberos like I'm 5
Lynn Root
 
PPT
Dns protocol design attacks and security
Michael Earls
 
PPT
intrusion detection system (IDS)
Aj Maurya
 
PPTX
Secure Software Development Life Cycle
Maurice Dawson
 
PDF
Secure Software Development Adoption Strategy
Narudom Roongsiriwong, CISSP
 
PPTX
Cone Penetration Test
Muftah Aljoat
 
PPT
Pgp
precy02
 
PPTX
Secure Socket Layer
Pina Parmar
 
PPT
Info Security - Vulnerability Assessment
Marcelo Silva
 
PPT
Lecture 8 mail security
rajakhurram
 
PPTX
Vulnerability Assessment Presentation
Lionel Medina
 
PDF
Btpsec Sample Penetration Test Report
btpsec
 
PPT
Secure Socket Layer (SSL)
amanchaurasia
 
PPTX
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
PDF
CNIT 40: 2: DNS Protocol and Architecture
Sam Bowne
 
Standard Penetration Test
Abdur Rahman Quadri
 
Penetration Testing Services Technical Description Cyber51
martinvoelk
 
App Penetration Test
Aung Khant
 
BAIT1103 Chapter 5
limsh
 
Introduction To NIDS
Michael Boman
 
Explain Kerberos like I'm 5
Lynn Root
 
Dns protocol design attacks and security
Michael Earls
 
intrusion detection system (IDS)
Aj Maurya
 
Secure Software Development Life Cycle
Maurice Dawson
 
Secure Software Development Adoption Strategy
Narudom Roongsiriwong, CISSP
 
Cone Penetration Test
Muftah Aljoat
 
Pgp
precy02
 
Secure Socket Layer
Pina Parmar
 
Info Security - Vulnerability Assessment
Marcelo Silva
 
Lecture 8 mail security
rajakhurram
 
Vulnerability Assessment Presentation
Lionel Medina
 
Btpsec Sample Penetration Test Report
btpsec
 
Secure Socket Layer (SSL)
amanchaurasia
 
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
CNIT 40: 2: DNS Protocol and Architecture
Sam Bowne
 
Ad

Similar to Phases of penetration testing (20)

DOCX
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri
 
PPTX
Introduction To Ethical Hacking
Raghav Bisht
 
PPTX
Web hacking 1.0
Q Fadlan
 
PPTX
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
Kenneth Kwon
 
PPTX
Session Slide
Muralidharan Radhakrishnan
 
PPTX
Hacking - penetration tools
JenishChauhan4
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
PDF
Computer security
Mohamed Abdo
 
PDF
Ethical hacking
Khairi Aiman
 
PPTX
Network Penetration Testing
Mohammed Adam
 
PPTX
DC612 Day - Hands on Penetration Testing 101
dc612
 
PDF
Hack Attack! An Introduction to Penetration Testing
Steve Phillips
 
PDF
Wm4
Umang Patel
 
PDF
Wm4
Umang Patel
 
PDF
ethical Hack
Viggi Unbeaten
 
PPTX
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
DOCX
Security tools
Swapnil Srivastav PMP®
 
PPTX
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
AlfredObia1
 
PPTX
Penetration Testing and Intrusion Detection System
Bikrant Gautam
 
PDF
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri
 
Introduction To Ethical Hacking
Raghav Bisht
 
Web hacking 1.0
Q Fadlan
 
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
Kenneth Kwon
 
Session Slide
Muralidharan Radhakrishnan
 
Hacking - penetration tools
JenishChauhan4
 
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Computer security
Mohamed Abdo
 
Ethical hacking
Khairi Aiman
 
Network Penetration Testing
Mohammed Adam
 
DC612 Day - Hands on Penetration Testing 101
dc612
 
Hack Attack! An Introduction to Penetration Testing
Steve Phillips
 
Wm4
Umang Patel
 
Wm4
Umang Patel
 
ethical Hack
Viggi Unbeaten
 
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Security tools
Swapnil Srivastav PMP®
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
AlfredObia1
 
Penetration Testing and Intrusion Detection System
Bikrant Gautam
 
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 

Recently uploaded (20)

PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
August Patch Tuesday
Ivanti
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
What is a Computer? Input Devices /output devices
GulJan8
 
Modernising the Digital Integration Hub
Daniel Toomey
 
August Patch Tuesday
Ivanti
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Five Habits of High-Impact Board Members
OnBoard
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 

Phases of penetration testing

  • 1. Phases of Penetration Test Abdul Rehman IOC Bahauddin Zakariya University Multan
  • 2. What is Penetration Test? • A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. • A penetration test target may be a ”white box” or ”black box” . • A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses were defeated in the penetration test.
  • 3. Phases of Penetration Test • Reconnaissance • Scanning • Exploitation • Maintaining Access
  • 4. Reconnaissance • Reconnaissance refer as information gathering before attack. It is the work of gathering information before planning attack. • The more information we gather, our chances of success in later phases of penetration Testing are greater. • Abraham Lincoln Quote “if I had six hours to chop down a tree, I'd spend the first four of them sharpening my axe.” • Reconnaissance conducted by white hat and black hat as well as.
  • 5. Main Goals and Types of Reconnaissance Two main Goals of Reconnaissance listed below • Gather information as much as possible • Create a list of attachable IP addresses Two main Types of Reconnaissance listed below • Active Reconnaissance • Passive Reconnaissance
  • 6. Famous Tools use for Reconnaissance(I) • HTTrack • Google • Harvester • Whois • Netcraft
  • 7. Famous Tools use for Reconnaissance(II) • Host • Extracting information from DNS  NS Lookup  Dig • Extracting information from Emails • Metagoofill • Social Engineering
  • 8. Famous Tools use for Reconnaissance(III) • HTTrack(Win ,B.T)  Tool for make identical copy of the target site.  Copy consist of Pages, Pics, links etc. • Google  Properly use of Google=Vital skill for penetration tester.  Directives (Keywords, enable accurate information from Google)site, inurl, cache Use of directive 1)name 2)colon 3)term e.g. site:bzu.edu filetype ppt
  • 9. Famous Tools use for Reconnaissance(IV) • Harvester(Win, B.T) Use for catalog emails and subdomains that are belong to our target. • Whois(Online, B.T) Whois service allow us to access specific information about our target including IP addresses ,host names ,contact info ,phone no. ,Address etc. • Netcraft(Win, B.T) It give us information about site report ,IP address ,OS of the web server.
  • 10. Famous Tools use for Reconnaissance(V) • Host Use for Translate host name to IP address. • Social Engineering Is exploiting the “human” weakness that inherit in every organization.
  • 11. Scanning • Scanning is the process of finding the system is alive, ports and vulnerability of the target. • Ethical hacker use scanning tools to determine open ports and services presence of known weaknesses on target systems.
  • 12. Types of Scanning • Types of scanning are listed below 1. System Scanning 2. Port Scanning 3. Vulnerability Scanning
  • 13. System Scanning • In system scanning we determine if the system alive and it can interact with other machine or not. • It is important to conduct this step and make note of any machines that respond as alive. • If the system is alive then the penetration test will more fruitful.
  • 14. Port Scanning(I) • Port scanning is to finding the open port. It is a process of finding the channel from where the attack can be launched. • The basic idea is to analysis the network port and keep information about them so that it can be used In future. • In port scanning we find open port and services such as FTP, Printing or e- mail that are available. • There are total 65536 ports on every computer may be UDP or TCP.
  • 15. Port Scanning(II) Port Number Description 1 TCP Port Service Multiplexer (TCPMUX) 20 FTP Data 21 FTP Control 53 Domain Name System (DNS) 69 Trivial File Transfer Protocol (TFTP) 115 Simple File Transfer Protocol (SFTP) 156 SQL Server 190 Gateway Access Control Protocol (GACP) 443 HTTPS
  • 16. Vulnerability Scanning • Vulnerability scanning is performed in which the weakness of target are find out for attack. • Usually the vulnerability scanners find operating system and version number that is installed on target. • Then find weakness in O.S, get information and use this information for exploit it in future.
  • 17. Tools Used for Scanning • For System Scanning 1. Ping and ping sweeps • For Port Scanning 1. NMap • For Vulnerability Scanning 1. Nessus
  • 18. Ping and Ping Sweep • Special type of network packet called an ICMP packet. • Work by sending specific types of network traffic, called ICMP echo request packets, to the target. • Telling us that a host is alive and accepting traffic, pings provide other valuable information including the total time it took for the packet to travel to the target and return. • Ping Sweep is work with Fping, in this Ping sent to the series of IP addresses.
  • 19. Ping and Ping Sweep(II) Results of ping
  • 20. NMap • Using Nmap to perform a TCP Connect Scan
  • 21. NMap • Using Nmap to perform UDP Scans
  • 22. Nessus • Nessus is a GUI bases Vulnerability Scanning tool. • Available for free. • One of the key components of Nessus is the plug-ins. • A plug-in is a small block of code that is sent to the target machine to check for a known vulnerability. Nessus has literally thousands of plug-ins.
  • 25. Exploitation • Exploitation is the process of gaining control over a system. • Exploitation is the attempt to turn the target machine into a puppet that will execute your commands and do your bidding.
  • 26. Password Cracker • Using online password crackers, the potential for success can be greatly increased if you combine this attack with information gathered. • Remote access systems employ a password throttling technique that can limit the number of unsuccessful log-ins you are allowed. • Medusa and Hydra are famous password cracker for exploitation. • JOHN THE RIPPER: KING OF THE PASSWORD CRACKERS
  • 27. Medusa • Medusa is described as a parallel log-in brute forcer that attempts to gain access to remote authentication services. • Medusa is capable of authenticating with a large number of remote services including AFP, FTP, HTTP, IMAP, MS-SQl , MYSQl , NetWare NCP, NNTP etc. • You need several pieces of information for medusa Target IP Address A username or username list A password or dictionary file containing multiple passwords
  • 29. METASPLOIT HACKING, HUGH JACKMAN STYLE! • Metasploit is a powerful, flexible and free tool. • Truly open source exploit framework. • Open Source meant that for the first time everyone could access, collaborate, develop and share exploits for free. • It allows you to select the target and choose from a wide variety of payloads. • A payload is the “additional functionality” or change in behavior that you want to accomplish on the target machine.
  • 30. MSFCONSOLE • We focus on Menu-driven Non-GUI text-based system called msfconsole. • msfconsole is fast, friendly and easy to use.
  • 32. SNIFFING NETWORK TRAFFIC • Sniffing is the process of capturing and viewing traffic as it is passed along the network. • Popular technique that can be used to gain access to systems is network sniffing. • Sniffing clear text network traffic is a trivial but effective means of gaining access to systems. • Macof Tool is used for Sniffing
  • 33. Maintaining Access • In maintaining access, create backdoors in the Target system for future use. • Backdoor is a piece of software that resides on the target computer and allows the attacker to return to the machine at any time. • In some cases, the backdoor is a hidden process that runs on the target machine • There are many tools now-a-days for creating backdoor e.g. netcat ,netcat cryptic cousin ,Netbus , rootkits.
  • 34. NETCAT THE SWISS ARMY KNIFE • A tool for communication and control network traffic flow. • Excellent choice for a backdoor. • Can be used to transfer files between machines. • Conduct port scans. • Serve as a simple instant messenger. • even function as a simple web server.
  • 35. NETCAT THE SWISS ARMY KNIFE • Supports sending and receiving both TCP and UDP traffic. • Netcat can connect from any port on your local machine to any port on the target machine.
  • 36. NETBUS: A CLASSIC • Backdoor and remote control software.
  • 37. Hacker Defender It Is Not What You Think • Hacker defender is a Rootkit. • Easy to understand and configure. • There are three main files o hxdef100.exe o hxdef100.ini o bdcli100.exe
  • 39. DETECTING AND DEFENDING AGAINST ROOTKITS • Closely monitor the information you put onto the internet. • Properly configure your firewall and other access control lists. • Patch your systems. • Install and use antivirus software. • Make use of an intrusion detection system. • Tools like rootkit revealer, Vice, and F-secure’s ,Backlight are some great free options for revealing the presence of hidden files and rootkits.