There are numerous tools used in the Penetration Testing (pen testing) process, and there are plenty of books that go into how to use the individual tools. There are very few resources that discuss how the tools are used and how to approach the process.  When Henry Qin at the Duke University ACM Chapter approached EthicalHacker.net on doing a presentation for his organization on the tools and process of pen testing, I jumped at the opportunity.  The following videos encompass the basic outline of what was presented at Duke with some minor changes.

The first video takes the viewer through the initial network recon stage of pen testing and then follows up with actual exploitation using Metasploit.  Initially the network is scanned through Nmap, and after some basic discovery and information gathering, the scan continues to Nessus.  Nessus is a vulnerability scanning tool that allows the user to analyze a host for vulnerabilities, but also has the ability to export reports.  The video then walks the viewer through importing the Nessus vulnerabilities directly into Metasploit in order to determine which Metasploit modules correspond to the Nessus vulnerabilities for the specific host.  The module data is then used to compromise a remote Microsoft Windows XP box.

del.icio.us

Discuss in Forums (21)

Register Now | Join the Convo HERE on EH-Net!

EH-Net is pleased to announce the complimentary webcast, “Anatomy of a Client-Side Mutiny,” Part II of the Pen Testing Perfect Storm webcast trilogy – featuring the return of SANS Pen Testing swashbucklers Ed Skoudis, Josh Wright and Kevin Johnson. Covering network, web app and wireless pen testing techniques, the second installment of Perfect Storm trilogy will focus on assessing the enterprise-wide fallout from a seemingly innocuous endpoint compromise – including how an exposed low-level Windows Vista box can quickly open the hatch to full-scale network subversion. During the webcast, you’ll learn how to proactively test your network’s vulnerability to sinking at the hands of a Client-Side Mutiny – and how to emulate what can happen after the initial compromise, including:

• discovering wireless devices from exploited hosts with Josh Wright’s newly released VistaRFMON
• scanning and exploiting web applications with the Burp suite
• exploiting systems with Metasploit’s integrated pass-the-hash functionality

The second webcast in this series, “Anatomy of a Client-Side Mutiny,” will take place Wed January 21, 2009 @ 1:00 PM EST. Following the webcast, attendees are invited to keep the conversation going with Kevin, Josh and Ed from InGuardians during discussions hosted by The Ethical Hacker Network (EH-Net), a free online magazine for security professionals. For at least one week after each webcast, the crew will make themselves available to answer your questions directly and candidly in EH-Net’s Community Forums. All discussions will remain freely available on EH-Net for your continued reference.

del.icio.us

Discuss in Forums (3)

Hello, challenge fans! This is Ed Skoudis, your genial challenge host, here to announce the answers and winners for our Santa Claus is Hacking to Town extravaganza.

As I’ve mentioned in the past, I try to make each of these challenges unique in some way, pushing the envelope a little bit with our challenge format, twiddling with the structure, theme, technical focus, and so forth, just to mix it up. This challenge was no exception. Pretty much every challenge we’ve done so far (28 of them in total) has focused on having readers analyze a hack and talk about what the bad guy did, devising strategies for defending against such wickedness. In this Santa challenge, we reversed roles, having you, the readers, devise an attack strategy to achieve a goal. I even made it a little more open ended than usual by creating a contrivance so you could select one additional tool to download and use in your attack. I flipped things around to make this challenge more offensive in nature, modeling the kinds of improvisation that penetration testers and ethical hackers often need to display.

So, the good news is that you guys got very creative, with different answers posing all kinds of interesting attack strategies, tactics, and tools. But, this flexibility and attack focus introduced a bit of downside for me. With so many different answers using so many different kinds of tools, it took a lot more time to judge this one to determine the winners. I had to test out each tactic you guys threw at me, just to see if it would work, in a lab designed to mimic the Burgermeister’s jail cell.

And that brings us to another aspect of this particular challenge. The quality of answers you guys submitted on this one was astoundingly good. I was seriously impressed with the technical ingenuity, creative flair, and solid writing exhibited in over ten different sets of answers. Quite honestly, this was, by far, the most difficult challenge I’ve ever had to judge because of the large number of really high-quality entries. But, I did carefully look through every single answer, and selected the best quality ones I could.

--Ed Skoudis
Co-Founder, InGuardians, SANS Fellow, EthicalHacker.net Challenge Master, Author of Counter Hack Reloaded, Santa Elf Trainee

del.icio.us

Discuss in Forums (12)

Winner Announcement and Full Tutorial 

Thanks to all who participated in Daemon: A Contest. Before we get to the winners as well as the tutorial on how to solve the challenge, EH-Net would like to once again thank Daemon author, Daniel Suarez, and all those involved in making this contest happen. It’s amazing how a few crazy ideas can all come together into something fun and educational while at the same time spreading the word of this truly unique work of fiction.

What started as a little game to hide a secret message turned into another classic teaching vehicle for EH-Net readers. The image is a twist on the usual steganographic content. Øyvind Østlund and Adam Wardon crafted some C# source code to hide data in an image of the author which is also invisible to the Daemon’s bots. What’s in the message still is up to you to find, but three talented people found the message and took the action it recommended. Because of that, EH-Net members jason, blackazarro and ozpj have won signed, pre-release copies of Daemon, Hard Cover Edition. And now, with the coding expertise of regular EH-Net contributor, Ryan Linn, we will show you how it can be done using a couple tutorial files and all free tools.

del.icio.us

Discuss in Forums (10)

And the Scooby Snacks go to...

Thanks again to all who participated in this multi-faceted challenge. Although we all love Ed Skoudis' creations, Kevin Bong has once again proven to be more than worthy of penning some of our fun and educational contests. Where else can you find a 70s classic cartoon intermixed with some crypto to reveal a little Zeppelin all in the name of expanding your forensics skillz? Well done, Kevin. We look forward to another one of his creations later in 2009.

Since it is the start of a new year and yet another perfect time to show appreciation, this one goes out to our gracious host, Ed Skoudis on InGuardians. I've mentioned this in the past, but it is worth pointing out once again. For the betterment of EH-Net and the Ethical Hacking / Pen Testing Community as a whole, Ed volunteers his vast talents and resources to bring you what I truly believe to be a unique, educational experience. It is an honor to have him, and I look forward to many more years of collaboration.

Donald C. Donzal
Editor-In-Chief

Heeeeerrreee's Kevin! 

del.icio.us

Discuss in Forums (4)

Review by Ryan Linn, CISSP, MCSE, GPEN

del.icio.us

Discuss in Forums (10)

Universal Plug-N-Play (UPnP) is a protocol that allows various network devices to auto-configure themselves. One of the most common uses of this protocol is to allow devices or programs to open up ports on your home router in order to communicate properly with the outside world (Xbox, for example, does this). The UPnP protocol is built on top of pre-existing protocols and specifications, most notably, UDP, SSDP, SOAP and XML.

This article will address some of the security issues related to UPNP, briefly describe the inner workings of the protocol, and show how to identify and analyze UPNP devices on a network using open source tools. While we will be specifically focusing on IGDs (Internet Gateway Devices, aka, routers), it is important to remember that there are many other devices and systems that support UPNP as well, and they may be vulnerable to similar attacks.

del.icio.us

Discuss in Forums (3)

Review by Ryan Linn, CISSP, MCSE, GPEN

del.icio.us

Discuss in Forums (6)