HOW TO LEARN A MAKE A PENTEST
WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS
HOW TO BYPASS AV |
HOW TO HACK WINDOWS 7 | REMOTEHOW TO HACK – FACEBOOK HOW TO AVOID SOME ATACKS ?DEMO
FELIPE ZUCKERMANENTHUSIAST IN IT FOCUSED ON SAFETY
WHAT IS A PENTEST ?
YOUR PHASES
RECONNAISSANCE
use auxiliary/scanner/smb/smb_version
This phase consist in obtain the maximum of information about the target such as:OS SystemTopology Network Email Address,Presence of Firewall, AV
Enumeration about the services and your version
nmap --script smb-os-discovery.nse <target>
ttl value windows= 128 Linux = 64
LET’S SEE ?
GAINING ACCESS
NETSH ADVFIREWALL SET PUBLICPROFILE STATE OFF
SCANNING • The scanning process can be divided into three steps:
• Determining if a system is active.
• Port scanning the system.
• Scanning the system for vulnerabilities
• Ex: USAGE
#nmap [Scan Type(s)] [Options] {target specification}
MAINTAINING ACCESS
NETCAT
BELOW IS SHOWN SOME WAYS TO DETECT INTRUDERS IN YOUR
SYSTEM
%AllUsersProfile%\Application Data\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
DISABLE SOME SERVICES• TELNET • REMOTE DESKTOP• REMOTE REGISTRY
Nessus é um dos melhores scanners de vulnerabilidades e pode ser encontrado tanto na versão comercial quanto na versão doméstica, que é grátis. Além do Nessus temos também o OpenVAS e Nexpose que também são ótimos scanners de vulnerabilidades que abordaremos em breve.
PenETRATION TEST ?
Configuração do Computador > Configurações do Windows > Configurações de Segurança > Políticas Locais > Política de Auditoria.
PRIVILEGE ESCALATIONLocal privilege escalation happens when one user acquires the system rights of another user. Network intruders have many techniques for increasing privileges once they have gained a foothold on a system
LINK: http://www.exploit-db.com/exploits/15609/
PRIVILEGE LOCAL
PRIVILEGE REMOTE
HACKING WINDOWS 7 WITH POWERSHELL
BYPASSING ANTIVIRUS
• Veil-Evasion is a tool to generate payload executables that bypass common antivirus solutions.
1 2
33
O ANTIVIRUS DETECTOU MEU ARQUIVO
4
5 6
8
NO COMENTS
CLEARING TRACKS
CLEARING TRACKS
PENETRATION TEST DEMO
1. Metasploithttp://www.metasploit.com
2. Pen Testerhttp://en.wikipedia.org/wiki/Penetration_test
3. NETWORK COMPUTERShttp://pt.wikipedia.org/wiki/Rede_de_computadores
4. INSTRODUTION TO TCP/IPhttp://www.vivaolinux.com.br/artigo/Introducao-ao-Protocolo-Internet-IP
5. VIRTUALIZATION http://www.vivaolinux.com.br/artigo/Virtualizacao-Montando-uma-rede-virtual-para-testes-e-estudos-de-servicos-e-servidores
6. Keylogginghttp://pt.wikipedia.org/wiki/Keylogger
7. Backdoorhttp://pt.wikipedia.org/wiki/Backdoor
REFERENCES