Class Presentation on Hacking
Hi all, allow me to pick your brains for a second...
I'm going to give a class presentation on security awareness. I plan on showing them basic hacker attacks and how they can protect themselves. I have the methodology down but I'd also like to demonstrate an attack. I will do the parlor tricks of WPA cracking, sniffing, and ARP poisoning to get their attention but I'd really like to finish with a true beginning to end attack. (i.e. Port Scan, Find Vulnerability, Exploit, Penetration)
This is a true lab environment, I can put whatever buggy apps I need to on the target machine and ignore the firewall (assume I'm inside of the network). Are there any old vulnerabilities/exploits you guys can think of? The simpler, the better. Thanks in advance!
Damn Vulnerable Linux has some vulnerable services on it that you can start up and configure to listen on the network.
There's also a good list of deliberately insecure web apps here, which was posted onto the forums a while ago, in a thread dedicated to learning resources (I think). Don't have a link to that thread handy, but here's the insecure web app link:
http://www.irongeek.com/i.php?page=s...b-app-security
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
You could also check the DeIce disks. They are good for a demo too.
Tiocfaidh ár lá
Yeah the first De-Ice disk takes about 15-20 minutes or so to go from boot to root. If of course you know the procedures, and what tools to use.Originally Posted by KMDave
Take the disk and write the steps on a 3x5 card for reference if needed, and you are done. The only thing that may need to be explained is root and it's function in a *nix environment.
DE-ICE http://heorot.net/livecds/ on the forums and registration is required I believe.
DVL http://www.damnvulnerablelinux.org/ version 1.5 is the latest.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Since your already starting with wireless attacks why not stick with it. What i mean is why not just set up a WEP router and get another laptop hand it to the teacher and tell her to just browse around for awile.
Crack the WEP arp poison then then record everything shouting off what site shes visiting. If thats not enough set up sslstrip and ask her to log into her e-mail.
If that still isnt enough set up karmetasploit, or you could just take the really easy road and enable telnet on the windows box or set up sharing and trojan it.
Depending on the time your allotted you could even show them how to bypass the schools filtering policy with a ssl tunel, or show them how to break a windows user password with a simple cd. Remember its the simple shit that amazes people if you go in there telling them how to exploit a dns server there going to look at and laugh.
Whatever you do just be carefull and make sure you get WRITTEN permission. Way back when i was in computer school "what a joke and a half" i got in some major trouble for taking over an instructors personal laptop even tho i was asked if i could.
Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.
I think what he is looking for, is exploitation in a windows environment, by exploiting a vulnerable service and gaining access to a victim machine, that will also be more interesting to his students, I believe.
-
what you can also do, is look up the latest exploits published on milw0rm (adobe pdf as a hint), change the payload in one such pdf (yesterday they published one so you should be fairly easy to find it - and it works on all xp versions). You can even stick with the default one, as it launches calc.exe - if you don't know how to change shellcode for it to start a bind shell, for example.
You can also look for vulnerable versions of some windows ftp, http, ssh servers - there are exploits for such on milw0rm too - you can also install fairly old version of windows XP SP1 or SP2, unpatched (more easy for you to break them), start all default windows services, start IIS, and run autopwn against it... autopwn is located inside fast-track on bt3 and bt4.
I hope that helped you, at least a bit...
Thanks for all your replies, xorred hit it dead on. I'm going to stick with a Windows box target since the class will mostly be running Windows so it'd be most relevent to them. I'll see where autopwn gets me and probably will run milw0rm's adobe exploit as-is just to show even an updated computer isn't necessarily safe. Thanks again!
There is a long list of Security Test Distros/Apps over here:
http://forums.remote-exploit.org/showthread.php?t=21952
Hacking != Security Awareness. In fact if your audience doesn't know that hacking (as the media defines it these days) is malicious exploitation of IT security vulnerabilities then you've picked the wrong topic for them.Class Presentation on Hacking
Hi all, allow me to pick your brains for a second...
I'm going to give a class presentation on security awareness. I plan on showing them basic hacker attacks and how they can protect themselves.
IMHO you'd be much further ahead (and so would your audience) if you spoke about common mistakes or misconceptions in IT security instead of trying to demonstrate some l337 hacking skills to the class using known vulnerable targets. While your idea does provide lots of nice bells and whistles so to speak it doesn't really benefit them very much. Whereas a discussion on recognizing phishing email/sites and general online safety would actually benefit them while also giving you a chance to talk about recent OS/browser/supporting app (quicktime, media player, winamp, acrobat reader) vulnerabilities.
Just my 2 cents.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
thorin has the rub of it, imho
I'm a firm believer that the quickest way into the network is to hack the users, not the systems. social engineering so often gets overlooked in training or mass-media simply because it isn't that sexy to report on..but it is arguably the single most important topic. Sure, give them a few flashing red lights to look at and certainly throw a couple of "i read your email" tricks at them... but to expand on thorin's wise advice, choose topics that directly impact them and their network environment. pull off a little shoulder-surfing in the class and then call them on it... introduce your grandmother who gained unauthorized access to the building and has been listening in the back of the room...call the help desk on a speaker phone and get -your- password changed without authentication challenge.
just thoughts...
peace
~b
Hear no evil, Speak no evil...and you'll never be invited to a party.
If you still plan on doing a live demo, make damn sure that you make a video/flash of it first. That way, when the demo gremlins pop up and ruin your live demo, you have the video/flash backup to show the audience.
I'm with the other posters here in regards that if you use a demo, make it an attention getter that ties into a discussion of security awareness, what mistakes users make and how to correct those (or be at least be aware of) problems and threats.
Posting Permissions
