Changes between Version 3 and Version 4 of netsec2018pentest
- Timestamp:
- Jun 6, 2018, 1:52:39 PM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
netsec2018pentest
v3 v4 15 15 OpenVAS has tens of thousands of signatures and when installing if you do not give your system enough resources, particularly RAM, you will find yourself in a world of misery. For our purpose, Kali VM only has 2GB RAM and it will be more than enough to scan small websites. But if you need to scan websites like a main web of a University, then you might consider in increasing RAM and CPU. 16 16 17 === Installation === 17 18 18 To install OpenVAS on kali,19 - To install OpenVAS on kali, 19 20 {{{ 20 21 apt-get install open-vas 21 22 }}} 22 23 23 once the installation is finished, type '''openvas-setup''' on terminal to do the initial setup. At the end of the setup it will give you a long password for the default user ‘admin’. '''Please note it somewhere'''.24 - Once the installation is finished, type '''openvas-setup''' on terminal to do the initial setup. At the end of the setup it will give you a long password for the default user ‘admin’. '''Please note it somewhere'''. 24 25 25 When the OpenVAS setup process is finished the OpenVAS manager, scanner and services are listening on port 9390, 9391, 9392 and on port 80. You can use the following netstat command to check if these services are listening:26 - When the OpenVAS setup process is finished the OpenVAS manager, scanner and services are listening on port 9390, 9391, 9392 and on port 80. You can use the following netstat command to check if these services are listening: 26 27 {{{ 27 28 netstat –antp 28 29 }}} 29 30 30 Netstat –antp command Explained31 - Netstat –antp command Explained 31 32 {{{ 32 33 -a all … … 36 37 }}} 37 38 38 If the OpenVAS services are not running than use the following command to start these services:39 - If the OpenVAS services are not running than use the following command to start these services: 39 40 {{{ 40 41 openvas-start 41 42 }}} 42 43 43 and open '''https://127.0.0.1:9392''' using your default browser.44 - Open '''https://127.0.0.1:9392''' using your default browser. 44 45 45 Log in to '''Greenbone Security Assistant''' using the username admin and the password from the previous step.46 - Log in to '''Greenbone Security Assistant''' using the username admin and the password from the previous step. 46 47 47 48 The default dashboard will show you a collection of scans, hosts etc. 48 49 50 === Scanning === 51 49 52 Let’s start a scan. 50 {{{51 Go to Scans -- > Tasks52 }}}53 53 54 Click on the Purple wizard icon 54 - Go to '''Scans -- > Tasks''' 55 56 - Click on the Purple wizard icon 55 57 56 58 [[Image(https://ws.learn.ac.lk/raw-attachment/wiki/netsec2018pentest/image.png)]] 57 59 58 Enter your target host ( In this case IP of your test vm) and start scanning.60 - Enter your target host ( In this case IP of your test vm) and start scanning. 59 61 60 62 Please be patient as it may take some time to do the scanning. Therefore please do not try this on your actual live systems at this moment as it will create high traffic / slowness and you may slow all others in the lab as well. 61 63 62 Once the scan is completed, go to Scans -- > Resultsand see what have detected.64 - Once the scan is completed, go to '''Scans -- > Results''' and see what have detected. 63 65 64 66 OPENVAS is a whole set of tools in detecting vulnerabilities, reporting and scheduling tasks. Due to our limited environment, you may refer youtube and google for further usages. 65 67 66 Use openvas-stop to terminate OpenVAS service.68 - Use openvas-stop to terminate OpenVAS service. 67 69 68 Port Scanner – Zenmap 70 === Port Scanner – Zenmap === 69 71 70 72 Zenmap is a nmap based port scanner. It has a basic GUI and will help testers to find open blocked or filtered ports of a target easily. In addition to showing Nmap's normal output, Zenmap can arrange its display to show all ports on a host or all hosts running a particular service. It summarizes details about a single host or a complete scan in a convenient display. Zenmap can even draw a topology map of discovered networks. The results of several scans may be combined together and viewed at once. 71 73 74 - Open Zenmap from Applications -- > Information Gathering zenmap. 72 75 73 Open Zenmap from Applications -- > Information Gathering zenmap.76 - You can specify your Target and select a required profile and Scan. 74 77 75 You can specify your Target and select a required profile and Scan.78 - The '''Intense scan''' in profile list is just one of several scan profiles that come with Zenmap. Choose a profile by selecting it from the '''Profile''' combo box. Profiles exist for several common scans. After selecting a profile the Nmap command line associated with it is displayed on the screen. Of course, it is possible to edit these profiles or create new ones. 76 79 77 The “Intense scan” in profile list is just one of several scan profiles that come with Zenmap. Choose a profile by selecting it from the “Profile” combo box. Profiles exist for several common scans. After selecting a profile the Nmap command line associated with it is displayed on the screen. Of course, it is possible to edit these profiles or create new ones. 78 79 Once a scan is finished you can check the results on, 80 80 - Once a scan is finished you can check the results on, 81 {{{ 81 82 Nmap Output – which is the default view of all results 82 83 Ports/ Hosts – All port statuses will be presented in a user friendly way … … 84 85 Host Details – All details on the target device 85 86 Scans – this will list down the previous scans 87 }}} 86 88 87 89 In a controlled system if you find any unknown ports that are open, then it might be a potential risk or a vulnerability that target is having. 88 90 89 90 91 Distributed Denial of Service Pentest. 91 === Distributed Denial of Service Pentest === 92 92 93 93 Form Wikipedia … … 99 99 Before proceed make sure you do this tests on your own environment. DO NOT try this for your neighbor’s VM’s, otherwise it will damage whole lab network. 100 100 101 As all our VM’s run http servers use following to do the testing. 101 - As all our VM’s run http servers use following to do the testing. 102 {{{ 103 hping3 -F --flood -p 80 <your vm address> 104 }}} 102 105 103 hping3 -F --flood -p 80 <your vm address> 104 105 while the hping3 is running try to access your web server through a browser. 106 - while the hping3 is running try to access your web server through a browser. 106 107 107 108 To detect these kind of attacks you should utilize an IDS or a packet analyzer like wireshark. (We will have a wireshark session on latter part of the workshop) … … 109 110 There are several ways of creating high traffic to servers and check their capability in surviving. Depending on your results, you can change application specific parameters to support your service. 110 111 111 Few example attacks, 112 '''Few example attacks,''' 112 113 113 UDP flood 114 - UDP flood 115 {{{ 116 hping3 --udp --flood -p 80 <your vm address> 117 }}} 114 118 115 hping3 --udp --flood -p 80 <your vm address> 119 - SYN-FIN flood 120 {{{ 121 hping3 --SF --flood -p 80 <your vm address> 122 }}} 116 123 117 SYN-FIN flood 124 - PUSH-ACK flood 125 {{{ 126 hping3 --PA --flood -p 80 <your vm address> 127 }}} 118 128 119 hping3 --SF --flood -p 80 <your vm address> 129 - Reset flood 130 {{{ 131 hping3 --R --flood -p 80 <your vm address> 132 }}} 120 133 121 PUSH-ACK flood 122 123 hping3 --PA --flood -p 80 <your vm address> 124 125 Reset flood 126 127 hping3 --R --flood -p 80 <your vm address> 128 129 FIN flood 130 134 - FIN flood 135 {{{ 131 136 hping3 --F --flood -p 80 <your vm address> 132 137 }}} 133 138 134 139 What are SYS, ACK, FIN, PUSH ? check them at https://en.wikipedia.org/wiki/Transmission_Control_Protocol
