[Article]-Video: The 15-Minute Network Pen Test Part 2

[Don Donzal]

Hope the wait wasn’t too difficult.  😉

Permanent link: [Article]-Video: The 15-Minute Network Pen Test Part 2

[align=center:tgn2tr0q][/align:tgn2tr0q]

There are numerous tools used in the Penetration Testing (pen testing) process, and there are plenty of books that go into how to use the individual tools.  There are very few resources that discuss how the tools are used and how to approach the process.  Parts 1 and 2 encompass the basic outline of what was presented at a talk given to the Duke University ACM Chapter with some minor changes.

In Part 1, we took the viewer through the initial network recon stage through actual exploitation using Metasploit.  Initially the network is scanned through Nmap, and then continued with Nessus.  We importing the Nessus vulnerabilities directly into Metasploit, determined the corresponding modules for the specific host, then used the module to compromise a remote Microsoft Windows XP box.

Part 2 covers some of the post-exploitation tasks that a pen tester may use.  It begins with some basic Meterpreter tasks.  Meterpreter is a specialized pen testing shell that is included in Metasploit as a payload.  Using Meterpreter, password hashes are obtained from the exploited machine, and 0phcrack is used to crack the obtained passwords.  While the passwords are cracking offline, the viewer is taken back to Meterpreter in order to create a hidden cmd.exe shell on the remote host. Finally we create a new user and add that user to the Administrators group. Ready to see it in action?

Lots more from Ryan in the coming months. Thanks for all of your hard work,

Don

[KrisTeason]

Sweet…It’s Out Sooner Than I Thought! This Video Was Definitely Review For Me, What I Did Find Interesting Though Is What He Does When He Gains A Meterpreter Shell, I Typically Migrate Over To explorer.exe Or A More Stealthier Process He Just Creates The Process And Continues His Attack Through There. Good Video Though, Now That He’s Got Access To Some Administrative Accounts, I Can See Part 3 Now…Getting A GUI Maybe…Still Can’t Wait Though…Well Put Together!

[apollo]

The GUI is a good idea, I hadn’t thought about that, but that would be a good add-on.  The other two that I”d thought about doing were on using pass the hash through meterpreter sessions and using your meterpreter session to assist in pivoting.  Any other thoughts ?

[KrisTeason]

That sounds perfect actually. I’ve only seen the pass the hash attack once, pivoting and exploiting other machines with the ms08_067 would prove quite effective…then again you had the .128 and .129 post up in your first video (you being .129) & you’ve already gained entry into .128 so although pivoting is a beautiful idea, what other workstations would you attack in 3?

[slimjim100]

Ryan you excited me with this follow-up video. Thanks you for taking to time to help other learn!

Cheers,

Brian

BTW I like the account names you added to the XP box 😛

[DrWireMORE]

Enjoyed the article and audio.  Confused to why this post and the links are referred to as video.  Have not found a video, but a great audio. dr

[Anonymous]

maybe you are missing a codec or something, there is most certainly a video with a voice narration

[DrWireMORE]

Solved: nothing technical, just a screen size too small that I didn’t see the flash window.  Got it… thanks (user error..go figure) dr

[Don Donzal]

Digg it:

http://digg.com/security/Video_The_15_Minute_Network_Pen_Test_Part_2

Don

[Jhaddix]

@don wrote:

Digg it:

http://digg.com/security/Video_The_15_Minute_Network_Pen_Test_Part_2

Don

/dugg

=)

[UNIX]

Finally I had time too to view both of your videos – I really liked them and appreciate the work you put in. I think mainly for newcomers this is really helpful and shows on the technical side how a penetration could be done.

[Author]

Posts