HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 42 guests and 1 member online
 
Advertisement

You are here: Home arrow Columnsarrow Linnarrow [Article]-Video: The 15-Minute Network Pen Test Part 1
EH-Net
May 22, 2013, 05:15:21 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1] 2   Go Down
« previous next »
  Print  
Author Topic: [Article]-Video: The 15-Minute Network Pen Test Part 1  (Read 26035 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4167


Editor-In-Chief


View Profile WWW
« on: January 21, 2009, 03:09:25 AM »
Ryan Linn has been contributing to EH-Net for quite some time. With his willingness to help with many projects and writing assignments, the quality of his work, and the expanse of his knowledge, it only made sense for him to be our next columnist. This first contribution will give you a great indication of his talents.

We also came up with a new format for EH-Net vids that we hope will become the standard template. Please let us know what you think.

In the near future, look for additional book reviews from Ryan in addition to Part 2 of this video series, other vids and a review of SANS updated 6-day course, Web App Penetration Testing and Ethical Hacking, by InGuardians Kevin Johnson. Should be a great year with this fantastic addition to our family.

Welcome into the fray!!

Permanent link: [Article]-Video: The 15-Minute Network Pen Test Part1

Quote



There are numerous tools used in the Penetration Testing (pen testing) process, and there are plenty of books that go into how to use the individual tools. There are very few resources that discuss how the tools are used and how to approach the process.  When Henry Qin at the Duke University ACM Chapter approached EthicalHacker.net on doing a presentation for his organization on the tools and process of pen testing, I jumped at the opportunity.  The following videos encompass the basic outline of what was presented at Duke with some minor changes.

The first video takes the viewer through the initial network recon stage of pen testing and then follows up with actual exploitation using Metasploit.  Initially the network is scanned through Nmap, and after some basic discovery and information gathering, the scan continues to Nessus.  Nessus is a vulnerability scanning tool that allows the user to analyze a host for vulnerabilities, but also has the ability to export reports.  The video then walks the viewer through importing the Nessus vulnerabilities directly into Metasploit in order to determine which Metasploit modules correspond to the Nessus vulnerabilities for the specific host.  The module data is then used to compromise a remote Microsoft Windows XP box.


Stay tuned for Part 2 coming very soon.

Don
« Last Edit: January 21, 2009, 03:23:08 AM by don » Logged
CISSP, MCSE, CSTA, Security+ SME
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #1 on: January 21, 2009, 07:43:55 AM »
Nice video and walkthrough Ryan Cheesy

I'm looking forward to part 2
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
Manu Zacharia (-M-)
Sr. Member
****
Offline Offline

Posts: 393


c0c0n Hacking Conference - where hackers unite


View Profile WWW
« Reply #2 on: January 21, 2009, 08:23:48 AM »
Really Nice video. Thank you so much for this video and looking forward for the next release.

All the best.
Logged
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)˛, C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #3 on: January 21, 2009, 09:06:31 PM »
Great job! My only (very) minor suggestion would be to do a little editing and cut out that awkward silence while waiting for metasploit to load. I'm definitely looking forward to part two Cheesy
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
alan
Newbie
*
Offline Offline

Posts: 48


View Profile
« Reply #4 on: January 21, 2009, 10:51:10 PM »
enjoyed it! waiting for the i've got shell access, now what!? part 2 Smiley
Logged
stimmerman
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #5 on: January 22, 2009, 01:52:11 AM »
Thanks  for the video! The metasploit database/import thing was nice to learn Smiley
Can't wait for part two with ophtcrack?
Logged
MadmanTM
Newbie
*
Offline Offline

Posts: 27


nothing is impossible.


View Profile
« Reply #6 on: January 22, 2009, 01:28:12 PM »
yup, ophcrack with some little hash would be exquisite.

thanks for the first part and impatiently waiting for the second one.
Logged
Network+, Security+
CEH Soon.
punkrokk
Newbie
*
Offline Offline

Posts: 21


View Profile
« Reply #7 on: January 26, 2009, 01:16:26 PM »
nice video Ryan, I liked the demo of the metasploit db also!
Logged
-=punkrokk=-
nebu10uz
Sr. Member
****
Offline Offline

Posts: 368



View Profile WWW
« Reply #8 on: January 26, 2009, 04:57:02 PM »

Nice, especially the part of importing Nessus results to Metasploit. Can't wait for part 2.
Logged
Security+, OSCP, CEH
apollo
Moderator
Full Member
*****
Offline Offline

Posts: 146


View Profile WWW
« Reply #9 on: January 27, 2009, 11:08:09 AM »
Thanks for the positive feedback Smiley I'm hoping to do more of these in the future, so if you have some suggestions for things you would like to see, feel free to drop me a PM.  Hopefully everyone will find part 2 as interesting as part 1.
Logged
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
Humper
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #10 on: January 28, 2009, 08:18:29 AM »
Very nice work!!

Whens part two going to be up?  You got me hooked now.. I wanna know more
Logged
snortymcsnort
Newbie
*
Offline Offline

Posts: 17


View Profile
« Reply #11 on: January 28, 2009, 01:13:13 PM »
Great job on the video!

I am working on some tools for an upcoming penetration test of my network. I have been running nessus scans on some XP boxes and they are currently showing as vulnerable to the MS08-067 vulnerability. I am exporting the scans as .nbe files and importing them into Metasploit framework3 using a sqlite3 database. When I run db_autopwn -t -x, some older exploits will show up but not the MS08-067 one that is in Metaploit. I looked in the nbe file and the reference to MS08-067 does show up. I have also ran fasttrack and that exploit from Metasploit does work. How does Metasploit reference the vulnerabilities found in the nessus scan?
Logged
apollo
Moderator
Full Member
*****
Offline Offline

Posts: 146


View Profile WWW
« Reply #12 on: January 28, 2009, 02:54:45 PM »
If you want the latest and greatest, then you need to make sure you have both of your feeds updated.  You will want to make sure you have the latest plugins from nessus.  The latest metasploit modules may not be in the metasploit release that is on the backtrack3 cd or the likes, so you may need to make sure that you update metasploit via subversion in order to have the latest exploits. 

There are references in each metasploit module to CVE and other vulnerability tracking numbers, and metasploit walks through those to match up with the vulnerabilities that nessus provides.  If you don't have the latest from Metasploit, or don't have the latest from nessus, either one of those could lead to false negatives.

If you have updated both and still don't see it listed, let me know and I can try to help you figure out what is going on.
 

Let me know if you have any more questions Smiley
Logged
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
snortymcsnort
Newbie
*
Offline Offline

Posts: 17


View Profile
« Reply #13 on: January 29, 2009, 07:46:23 AM »
Thanks for the reply Apollo.  I believe I have updated Nessus and Metasploit to the latest feeds.  What I am seeing in my NBE file is a reference to ms08-067,  CVE-2008-4250, nBID 31874, and at the beginning of the line the number 34477.  Do you know the name of the file in Metasploit that reference these numbers?

Thanks
Logged
apollo
Moderator
Full Member
*****
Offline Offline

Posts: 146


View Profile WWW
« Reply #14 on: January 29, 2009, 10:38:54 AM »
modules/exploits/windows/smb/ms08_067_netapi.rb is the metasploit module.  To find out what external vulnerability references a module has, if you open the file in a text viewer and search for the word "References" it should be easy to find.  This one has two: A CVE of 2008-4250 and a MS reference of MS08-067. 

Hope this helps
Logged
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
Pages: [1] 2   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.297 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.