Penetration testing - PowerPoint PPT Presentation

About This Presentation
Title:

Penetration testing

Description:

Pen Testing – PowerPoint PPT presentation

Number of Views:3905
Slides: 14
Provided by: bless_mathew
Category: Other
Tags:

less

Transcript and Presenter's Notes

Title: Penetration testing


1
PENETRATION TESTING
  • I ntroduction to

2
Reasons
  • Determining the feasibility of a particular set
    of attack vectors.
  • Identifying vulnerabilities.
  • Testing the ability of network defenders to
    successfully detect and respond to the attacks.

3
Attack Vectors
  • Authentication attacks
  • Buffer overflow attacks

4
Authentication attacks
  • a) Cracking the password.
  • b) Resetting the existing password to some other
    string

5
  • Cracking password is done by the technique Brute
    Force attack.
  • This method has become extremely fast with the
    help of Rainbow Tables!
  • Rainbow tables are pre-computed tables of
    password hashes.
  • Resetting the user password
  • By exploits and properly inserted payloads.

6
Buffer overflow attacks
  • Continuously writing data to the buffer, in turn
    overruns the buffers space and over writes the
    adjacent memory.
  • System crash but no kind of unauthenticated
    access is granted to the attacker in this case.

7
Exploits
  • An exploit attacking a vulnerability is
    generating an event that the application/program/O
    S is not programmed/designed to recover
    successfully and therefore the result is a system
    that discontinues to function correctly.
  • Exploits are the results of proper payloads.

8
Payloads
  • A sequence of code that is executed when the
    vulnerability is triggered.
  • Different payload types exist and they accomplish
    different tasks
  • exec ? Execute a command or program on the remote
    system
  • download_exec ? Download a file from a URL and
    execute
  • upload_exec ? Upload a local file and execute
  • adduser ? Add user to system accounts

9
  • However, the most common payload type used with
    exploits are shellcodes or shell payloads.
  • These payloads are very useful because they
    provide the attacker an interactive shell that
    can be used to completely control the system
    remotely
  • There are two different types of shell payloads
  • Bind shells
  • Reverse shells

10
(No Transcript)
11
(No Transcript)
12
Interpreters used
  • Backtrack (Linux distribution)
  • A suite of penetration testing pre-installed.
  • The most top rated Linux live distribution
    focused on penetration testing.
  • Consists of more than 300 different up-to-date
    tools which are logically structured according to
    the work flow of security professionals.

13
  • Thank You
Write a Comment
User Comments (0)
About PowerShow.com