G3t R00t at IUT

2

root@labla/# whoami

The OWASP Foundationhttp://www.owasp.org

Nahidul Kibria

Co-Leader, OWASP Bangladesh Chapter,Senior Software Engineer, KAZ Software

Ltd.

Writing code for fun and food.And security enthusiastic

Twitter:@nahidupa

What is the event all about?

Computer security? Information security? Cyber Security?

Is it a game?

Are we going to learn hacking?

5

Capture The Flag(CTF)

In computer security, Capture the Flag (CTF) is a computer security wargame. Each team is given a machine (or small network) to defend on an isolated network.--wikipedia

6

Its not just a competition… more than it…

HOW?

7

8

9

The domain is giant

10

If you want to be a Penetration Tester

11

A penetration test, occasionally pentest, is a method of

evaluating the security of a computer system or network by

simulating an attack from malicious outsiders with authorize by

the owner of that system.

Prerequisites

1. Good understanding network architecture.

2. How modern operating system work and system administration.

3. Application/Database/Service how they designed and work.

12

Penetration testingPenetration testing methodology

• Information Gathering/Reconnaissance

• Scanning/Enumeration

• Vulnerability Identification

• Exploitation

13

Tools and tactics

Do not reinvent the wheel…Use existing tools

But do not just depends on Tools/Scripts…In some case you have to write your own

14

Books

15

If you want to be a Malware Analyst

16

Kick start

Basic Static Analysis

Basic Dynamic Analysis

17

Lab Setup

18

Collect sample

Hashing: A Fingerprint for Malware

Look like--373e7a863a1a345c60edb9e20ec3231

19

Reverse engineering

ollydbg

Immunity debugger

Ida Pro

20

Books

21

If you want to be a Vulnerability Researcher

22

Common techniques

Fuzzing

Code review

Disassemblers

Debuggers

23

2

4

25

Books

26

If you want to be a Exploit Developer

Prerequisites

Programming

Assembly

Memory management

Windows/*nix internal

Kernel

27

28

Books

29

If you want to be a Forensic Analyst

Prerequisites

30

31

Books

32

Coolest Jobs in Information Security

#1 Information Security Crime Investigator/Forensics Expert

#2 System, Network, and/or Web Penetration Tester

#3 Forensic Analyst#4 Incident Responder

#5 Security Architect

#6 Malware Analyst#7 Network Security Engineer

#8 Security Analyst

#9 Computer Crime Investigator

#10 CISO/ISO or Director of Security

#11 Application Penetration Tester#12 Security Operations Center Analyst

#13 Prosecutor Specializing in Information Security Crime

#14 Technical Director and Deputy CISO

#15 Intrusion Analyst

#16 Vulnerability Researcher/ Exploit Developer#17 Security Auditor

#18 Security-savvy Software Developer

#19 Security Maven in an Application Developer Organization

#20 Disaster Recovery/Business Continuity Analyst/Manager

But you have only one life

33

Just become a learning machine

34

Here comes communityCollaborative teaching

35

36

About OWASPOWASP’s mission is “to make application security visible, so

that people and organizations can make informed decisions about true application”

Attacker not use black art to exploit your application

OWASP Bangladesh• Bangladeshi community of Security professional

• Globally recognized

• Open for all

• Free for all

What do we have to offer?

• Monthly Meetings

• Mailing List

• Presentations & Groups

• Open Forums for Discussion

• Vendor Neutral Environments

220 Chapters

39

Our SuccessesOWASP Tools and

Documentation:

• ~15,000 downloads (per month)

• ~30,000 unique visitors (per month)

• ~2 million website hits (per month)

OWASP Chapters are blossoming worldwide

• 1500+ OWASP Members in active chapters worldwide

• 20,000+ participants

OWASP AppSec Conferences:

• Chicago, New York, London, Washington D.C, Brazil, China, Germany, more…

Distributed content portal

• 100+ authors for tools, projects, and chapters

OWASP and its materials are used, recommended and referenced by many government, standards and industry organizations.

40

Conferences

41

Download Get OWASP Books

Ok enough ! Can you please tell

me what I need to do today?

WE DO NOT HAVE ANY PREPARATION

Questions.

1. A question from cryptography. (300 points)

2. A question from malware analysis. (not that much hardcore as it sound) (150 points)

3. A forensic analysis ( The easiest question of the contest) (50 points)

45

Final Questions.

1. A server named GetRoot_v00t will be given. (500 points)

2. Another server named GetRoot_Drag0n will be given. (1000 points)

Both server is take down from live because it suspected to compromise by attacker and the attacker changed it root password. So your job is recover the root password of this server as well as create a report of what venerability this server has to the judge.

46

Rules

1. You must run the given Virtual machine only in NATed mode.

2. Take Screenshots in each success steps include them to a document.

3. Cheating is allowed if you can manage it silently.

47

We select the winner according the following criteria (We will do partial marking.)

1.How many points the participants has (scoring).

2.How complete the solutions are (quality).

3. Creativity, Geek Factor.

48

49

Open Talk

Subscribe Google group

Keep up to date!

5

0

Netcat

Originally released in 1996, Netcat is a networking program designed to read and write data across both Transmission Control Protocol TCP and User Datagram Protocol (UDP) connections using the TCP/Internet Protocol (IP) protocol suite. Netcat is often referred to as a ”Swiss Army knife” utility, and for good reason.

Basic Operations

Simple Chat InterfacePort ScanningTransferring FilesBanner GrabbingRedirecting Ports and TrafficCreating backdoor

and what else u need ..........

Basic Operations

Simple Chat Interface

Port scanning

Banner grab

Creating backdoor...(^_-)

1) Get info about remote host ports and OS detection

nmap -sS -P0 -sV -O <target>

Where < target > may be a single IP, a hostname or a subnet

-sS TCP SYN scanning (also known as half-open, or stealth scanning)

-P0 option allows you to switch off ICMP pings.

-sV option enables version detection

-O flag attempt to identify the remote operating system

Other option:

-A option enables both OS fingerprinting and version detection

-v use -v twice for more verbosity.

nmap -sS -P0 -A -v < target >

2) Get list of servers with a specific port open

nmap -sT -p 80 -oG – 192.168.1.* | grep open

Change the -p argument for the port number. See “man nmap” for different ways to specify address ranges.

3) Find all active IP addresses in a network

nmap -sP 192.168.0.*

There are several other options. This one is plain and simple.

Another option is:

nmap -sP 192.168.0.0/24

for specific subnets

4) Ping a range of IP addresses

nmap -sP 192.168.1.100-254

nmap accepts a wide variety of addressing notation, multiple targets/ranges, etc.

5) Find unused IPs on a given subnet

nmap -T4 -sP 192.168.2.0/24 && egrep “00:00:00:00:00:00″ /proc/net/arp

6) Scan for the Confickervirus on your LAN ect.

nmap -PN -T4 -p139,445 -n -v –script=smb-check-vulns –script-args safe=1 192.168.0.1-254

replace 192.168.0.1-256 with the IP’s you want to check.

7) Scan Network for Rogue APs.

nmap -A -p1-85,113,443,8080-8100 -T4 –min-hostgroup 50 –max-rtt-timeout 2000 –initial-rtt-timeout 300 –max-retries 3 –host-timeout 20m –max-scan-delay 1000 -oAwapscan 10.0.0.0/8

I’ve used this scan to successfully find many rogue APs on a very, very large network.

9) How Many Linux And Windows Devices Are On

Your Network?

sudo nmap -F -O 192.168.0.1-255 | grep“Running: ” > /tmp/os; echo “$(cat /tmp/os | grep Linux | wc -l) Linux device(s)”; echo “$(cat /tmp/os | grepWindows | wc -l) Window(s) devices”

OS fingerprinting1. XP with service pack 1

2. XP with service pack 2

3. Linux 64.0.33

4. MAC os

5. Open BSD

6. Etc etc

TOOLS

P0f (passive )

Xprobe/ Xprobe2

DMitry

Demo

Web Application threat surface

67

XSS

CSRF

Click jacking

Parameter

tempering /sniffing

FORGED

TOKEN

Directory

Traversal

DIRECT

OBJECT

REFERENCE

SQL Injection

XML Injection

OWASP Top 10 Web Application Security Risks (2010 Edition)

http://www.owasp.org/index.php/Top_10

Learning tools

OWASP Web Goat.

Mutillidae

69

Zap Proxy

Burp Proxy

70

Firefox proxy settings

71

7

2