Upload
praveenrecker
View
109
Download
1
Embed Size (px)
Citation preview
Security Testing Tools- Networking
Praveen Darshanam
http://darshanams.blogspot.com
for absolute beginners ….
http://disects.com/ Praveen Darshanam
Tools• Operating Systems
– Kali/Backtrack, Fedora Security Spin, Knoppix
• Packet Crafting
– hping, ngrep, sendip, scapy
• Packet Replay
– tcpreplay, tcpreplay-edit, tcpdump
• Scanning
– nmap, nc, metasploit, nessus
• Fuzzing
– metasploit, nikto, nessus, spike, radamsa, webfuzz
• Stats
– dstat, ifstat, iftop, ntop
• Web
– wget, curl, ab
• Debugging
– ping, netstat, tracert, ngrep
• Benchmarking
– ab, iperf, netperf
http://disects.com/ Praveen Darshanam
Command Help
• man command_name• man ps
• man hping
• command_name –help or
• command_name –h• dig –h
• nc --help
• info command_name• info nmap
http://disects.com/ Praveen Darshanam
Backtrack
• Operating System for Security Researchers, Penetration Testers etc
• Plethora of Tools
• Fuzzers, DoS Tools, Scanners, Exploits etc.
http://www.backtrack-linux.org/
http://disects.com/ Praveen Darshanam
nmap
• Port Scanning
• OS fingerprinting
• Version guessing
• nmap [Scan Type(s)] options target_ip/domain
• Useful options -sN/sF/sX: TCP Null, FIN, and Xmas scans--scanflags <flags>: Customize TCP scan flags-sV:Probe open ports to determine service/version info-O: Enable OS detection
http://disects.com/ Praveen Darshanam
nmap snapshot
http://disects.com/ Praveen Darshanam
ngrepgrep patterns from pcap or live stream
• ngrep is to pcap what grep is to normal files
• Sniffer mode ngrep –d any ‘HTTP/1.1 200 OK’ port 80
ngrep –d eth0 –i ‘user|pass’ port 21
• Pcap pattern match – regex pattern + BPF filter ngrep -t ‘pattern’ –I pcap
ngrep –tx –X ‘0xhex pattern’ –I pcap
• Grep’ing, one packet at a time
http://disects.com/ Praveen Darshanam
ngrep snapshot
http://disects.com/ Praveen Darshanam
hping
• Packet crafting
• Port Scanning
• Tcl scripting engine
• Ars Packet Description(APD), string representation of TCP/IP packets
• hping –S 192.168.1.102 –p 80,21 –flood
• hping3>hping send {ip(ihl=0x5,ver=0x4,tos=0x00,totlen=348,id=29974,fragoff=0,mf=0,df=1,rf=0,ttl=64,proto=6,cksum=0x6a40,saddr=192.168.1.102,daddr=192.168.1.101)+tcp(sport=5555,dport=6666,seq=3879420856,ack=3264306705,x2=0x0,off=5,flags=pa,win=18760,cksum=0xc4a2,urp=0)+data(str=You are Hacked!!!)}
http://disects.com/ Praveen Darshanam
hping3 snapshot
http://disects.com/ Praveen Darshanam
nikto
• Web Server Scanner for known Vulnerabilities
• Options -dbcheck Check database and other key filesfor syntax errors
-evasion Encoding technique (premature URL’s,long strings, tabs, fake parameters)
-o output format (html, xml, csv)
#nikto -o htm -host 192.168.0.127
http://disects.com/ Praveen Darshanam
nikto snapshot
http://disects.com/ Praveen Darshanam
ethtoolview and change NIC settings
• View settings – ethtool eth0 – ethtool –i eth0 – ethtool –k eth0 – ethtool –p eth0
• Change settings – Speed;
ethtool –s eth0 speed 100
– Duplexethtool –s eth0 duplex full
– TSO,GSO,checksumethtool -K eth0 tso off gso off tx off
http://disects.com/ Praveen Darshanam
ping
• Ping• Used for trouble shooting connectivity
• Uses ICMP protocol
• Based on raw sockets
• Uses different types, codes based on error
• Ping of death, pretty famous
• Options-f fast ping -s data size
-c number of packets to send
#ping –f –s 65000 192.168.1.102
http://disects.com/ Praveen Darshanam
netstat
• netstat-p display the PID and program name of the process owning a socket -l displays the listening sockets-t display TCP socket -u display UDP socket -c continuous display--unix unix domain socket
Linux netstat –ant |grep 22
Windows netstat -an -p tcp | find "135"
http://disects.com/ Praveen Darshanam
ab
• Apache HTTP server benchmarking tool
• Part of apache2-utils
• Options -n Number of requests to perform
-c Number of multiple requests to make
-k Use HTTP KeepAlive feature
#ab –n 1000 –c 50 -k
http://disects.com/ Praveen Darshanam
netcat
• Open and Connect to TCP/UDP Ports • File Transfer • Port Scanning
• Server nc –l 4444
• Client nc 192.168.1.102 80
• Port Scanning nc -z 192.168.1.102 1-1023
http://disects.com/ Praveen Darshanam
metasploit
• Penetration testing tool
• Exploit Framework
use use an exploitset set a variable value
infoinfomation of PAYLOAD/Exploit
PAYLOAD Shellcode to selectRHOST target/victim hostLPORT attackers TCP/UDP portexploit/run launch exploit
http://disects.com/ Praveen Darshanam
metasploit banner snapshot
http://disects.com/ Praveen Darshanam
metasploit launching exploit snapshot
http://disects.com/ Praveen Darshanam
stats (dstat, ifstat,iftop)
http://disects.com/ Praveen Darshanam
tcpdump, tcpreplay, tcpreplay-edit, tomahawk
• Tcpdump• Captures/Sniffs Packets on an Interface tcpdump –i eth0 –xX –s0 –w capture.pcap
• Tomahawk• replayed using single machine with two interfaces
• Tcpreplay• Replays packet captures tcpreplay -K –C –i eth1 –M 400.00 capture.pcap
• tcpreplay-edit• Similar to ‘tcpreplay’ with an option to edit the capture
http://disects.com/ Praveen Darshanam
tcpreplay-edit (setup)
http://disects.com/ Praveen Darshanam
tcpreplay-edit (commands)
• Command1 (refer above image)tcpreplay-edit –C –M 400.00 –l 100000 –enet-
dmac=00:13:D3:A7:00:42,14:D6:4D:14:BB:BB –s
0.0.0.0/0:10.0.0.5/32 –d 0.0.0.0/0:10.0.0.6/32 –I eth1
*.pcap
• Command2 (refer above image)tcpreplay-edit –C –M 400.00 –l 100000 –enet-
dmac=14:D6:4D:14:BB:BB, 00:13:D3:A7:00:42 –s
0.0.0.0/0:10.0.0.6/32 –d 0.0.0.0/0:10.0.0.5/32 –I eth0
*.pcap
http://disects.com/ Praveen Darshanam
netperf
• netperf - network performance benchmark
• Server
netserver
• Client
netperf –H 192.168.1.102
http://disects.com/ Praveen Darshanam
iperf
• iperf- perform network throughput tests
• Server iperf –s –p 8888
• Client iperf –c –p 8888
http://disects.com/ Praveen Darshanam
Snort IDS Testing
• stick
• IDSwakeup
• IDS Informer
• mucus
• sneeze.pl
• fpg
• NOTE: These are pretty old tools, pre PCRE.
http://disects.com/ Praveen Darshanam
SNMP
• SNMP is used for remote management and monitoring of network devices
snmpwalk –v 1 –c mysnmp 192.168.1.1 hrSWRunState
• Options-v version
-c community string or user name
http://disects.com/ Praveen Darshanam
snmpwalk snapshot
http://disects.com/ Praveen Darshanam
Network Time Protocol
• NTP is used to synchronise clocks
• Ntpupdate collects time samples from Time Server
ntpupdate ntp_server_ip
• Ntptrace gets source of time to a particular server
ntptrace
• Ntpdc used to query NTP daemons current state
ntpdc –c sysinfo ip_address
• Ntpq monitor NTP daemons operations and performance
ntpq ip_address
http://disects.com/ Praveen Darshanam
DoS
• tcpjunk
• slowloris.pl
• thc-ssl-dos tool
• many fuzzers
• few Metasploit auxiliary/ modules
http://disects.com/ Praveen Darshanam
References
• http://www.backtrack-linux.org/
• http://tcpreplay.synfin.net/
• http://nmap.org/
• http://wiki.hping.org/
• http://www.secdev.org/projects/scapy/doc/usage.html
• http://www.gnu.org/software/wget/manual/wget.html
• http://www.ntop.org/
• http://cirt.net/nikto2-docs/
http://disects.com/ Praveen Darshanam