Advanced Penetration Testing

1/25 reading

The reading for this week was a pretty comprehensive tutorial/manual for metasploit. I thought it was very good and organized rather well. I thought it was nice and simple, didn’t get too into the weeds. It was very good for people at our level of experience with the software. I’ve been pleasantly surprised so far by how straight forward metasploit is. A tool like this can seem intimidating but when it comes time to use it, it seems rather simple.

My question for the class: since some of us tried metasploit last semester for fun, were there any resources that you found beneficial?

Article: http://www.zdnet.com/article/teslacrypt-vulnerability-exposes-ransomed-files-to-free-cracking/

I thought this article was funny because it shows that sometimes the bad guys don’t execute very well and it leaves an embarrassing failure like this one behind. This ransomware can be decrypted without anyone needing to “pay up” for the stolen data.

Week 3 Takeaways

Assigned readings:

Metasploit Unleashed allows various functions, such as the abilities to conduct MSF Post Exploitation,
Meterpreter Scripting, and Maintaining Access. MSF Post Exploitation allows the user to run privilege escalation, event log management, packet sniffing, pivoting, screen capture, searching for content, etc. For instance, Metasploit uses a script that allows the usage of different techniques to gain access of the System level privileges on the remote system. Meyerpreter Scripting allows the user to look for existing scripts as well as write custom scripts. Lastly, Maintaining Access is composed of keylogging, meterpreter backdoor, and persistent backdoor. Being able to maintain access is key to further examine the target network. Once access is gained into the system, allows you to pivot from one system to another, gain information about the users’ activities by monitoring keystrokes, impersonating users with captured tokens, etc.

Question for the class:

Have you ran any scripts as described in the above techniques before and if so, how successful were you gaining useful information?

In the news:

“Ukraine Mounts Investigation of Kiev Airport Cyberattack”
The cyberattack was related to the BlackEnergy malware attacks that recently targeted Ukranian infrastructure facilities which impacted more than 80,000 customers. This new attack involved a spearphishing email, decoy document, or both, and it was conducted by the Sandworm Team (a team that has been targeting various worldwide entities, such as NATO, EU, etc). Attacking the Kiev Airport was determined by the C2 servers which originated in Russia and disrupting air traffic control system.
For additional information regarding this article, please click here.

Week 2: Reading: Metasploit-Unleashed, Question for Class, and In The News

Reading: Metasploit-Unleashed: The Ultimate guide to the Metasploit Framework, Offensive Security

The Metasploit Framework is a stable platform for executing information security exploits providing a base for developing and automating new discovery techniques and attack methods for compromising the confidentiality, integrity, and availability of IT infrastructure. Coded in Ruby, Metasploit’s capabilities can be further extended with new components written in Ruby, assembly language and C.  IT network security professionals and researchers use Metasploit to conduct a wide variety of penetration tests and exploits. System administrators use it to very patch installations, and product vendors use it to perform regression testing.  The Metasploit Framework is a modular system that will enable us to learn how to combine exploits with payloads within the following workflow:

  • Identify and understand the configuration and vulnerabilities of the target system including its operating system version and available network services
  • Choosing an exploit to use in taking advantage of the target system through a bug/vulnerability in one of its components
  • Choosing and configuring a delivery mechanism and payload code to execute on the target system
  • Choosing the encoding technique to get by the IDS/IPS without detection
  • Executing the exploit, accomplishing objectives and covering tracks

Question for Class:

While intended by founder H.D. Moore and corporate provider Rapid7 to be used by white hackers to support offensive information security workers, what are the ethical implications of making Metasploit’s capabilities equality available to criminals for nefarious purposes?

In The News: “Endpoint Exploitation Trends 2015, Bromium Labs Research Brief” January 14, 2016, Bromium.com.

In 2015: exploitation for hire came under public scrutiny with breach and exposure of techniques used by Hacking Team, malvertising – spread of malware through online advertising networks found in 27% of the top 1,000 internet advertising websites, and while overall vulnerabilities increased by 60% – those specifically targeting Adobe Flash increased by 333%. The number of exploit kits available with capabilities to bypass standard malware detection techniques also rose in 2015, as did the use of IPS evading malware containing Word documents in phishing emails, and the crypto-ransomware business.  http://www.bromium.com/sites/default/files/rpt-bromium-threat-report-2015-us-en.pdf

Week 2 Takeaways

Assigned readings:

The Metasploit Unleashed (MSFU) is an open source penetration tool. This ethical training course also has the objective to provide security awareness for the underprivileged children in East Africa. The Metasploit framework is a very useful auditing tool with an array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins. Examples of various tests that can be conducted once Metasploit has been properly installed include port scanning, hunting for MSSQL, service identification, password sniffing and SNMP sweeping. It also allows you to write your own scanner and windows patch enumeration.

Question for the class:

Have you used the Metasploit tool before? If so, what was experience and how successful were the outcomes each time you ran your scan?

In the news:
“Time Warner Cable says up to 320,000 customer’s data may have been stolen.”

The Federal Bureau of Investigation notified Time Warner Cable Inc. that up to 320,000 of its customers email password have been compromised. This was accomplished through a malware download during a phishing attack or through data breaches of other companies that stored Time Warner Cable’s customer information (i.e.: email addresses). The company encourages its customers to change the email password immediately to risk any similar future breaches.

For more information regarding this article, please click here.

Week 2 Reading Summary, Question, and recent Cyber Security News…

  1. Summarize one key point from each assigned reading…

The Metasploit Framework (MSF) included within the Kali Linux setup for security professionals features a wide array of commercial grade exploits & an extensive exploit development environment for following cyber security activities: recon, vulnerability scanning, exploit development, attacks, info gathering, etc. Initially here we looked at the following MSF items: fundamentals, setup within VM, msfconsole interface with available commands, MS db setup, different exploit & attack developments, etc.

  1. Question to classmates (facilitates discussion) from assigned reading…

Using everything within the MSF for ethical cyber exploits & attacks with detailed reports, what is the most stream-lined & quick way to perform these tasks? Also it appears to me that MSF within Kali Linux is a “work-in-progress”…, and does anyone else agree?

*Answer: Probably depends on the cyber victim attack goals; furthermore, most likely we will optimize our MSF-based cyber attacks during our research in the next upcoming weeks. If anyone has more helpful quick info, please respond back with your ideas & concepts…

  1. Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

Hello headaches: Barbie of the Internet age has even more security flaws (reported on 12/4/2015 by c/net)…

www.cnet.com/news/hello-headaches-barbie-of-the-internet-age-has-even-more-security-flaws/?ftag=CAD090e536&bhid=24556750370481986524809036644946

… “the $75 Internet-connected doll from Mattel & software maker ToyTalk… children talk with Barbie,… then she talks back. Behind the scenes, the doll wirelessly communicates with a companion app and ToyTalk’s service on the Internet (she records conversations and/or sends recordings to the cloud)… cyber-security researchers found the application and the cloud server that connect the doll to the Internet would allow attackers to cut through security protections and access recordings of children’s conversations with Barbie… also they discovered a flaw that would potentially allow hackers to pinpoint home addresses of doll owners… moreover hackers could ‘potentially take the voice recordings and … reconstruct it as the child recorded it’… Mattel & ToyTalk are racing to patch the security problems with the doll…. ToyTalk has fixed some of the flaws in the software it built for Hello Barbie and is working its way through the others. It also set up a “bug bounty” program weeks ago to streamline reporting from any other researchers looking into the doll’s software… despite the recent flurry of software patches for Hello Barbie, ToyTalk executive Martin Reddy said the company built in security features from the very beginning, and had a cyber security company audit the toy before taking it to market… according to security researchers, the good news is that the flaws are easy to fix, and so far there aren’t indications that hackers have actually used the bugs to intrude on real-life children at play.”