PLUG Linux Security HackFest

● LisaKachold@Obnosis.com
● “OSI Layer Up” Security
● Phoenix Linux Users Group Security Lab
 Overview

● Review Linux OSI “Layer Up” Security

● Investigate Knoppix STD [A+] LiveCD
● Lab - Live Demos & Team Testing
● Questions & Interactive PLUG Lab Training
● Investigate Backtrack [WoW] LiveCD
● PLUG User Presented Forensic Challenges
or Security Issues
 Linux Security Goals

● TroubleShooting vs. “Ethical Hacking”

● For Professionals – Where to Draw the
Line?
● Post Installation Security/Hardening
● Wireless/SSH Security in Public Nets
● Review TCP/IP Security
● Review C Stack Security
● Use Layered Security in Context
● Circumvent/Test
● Recognize Circumvention Tests in IDS &
Logs
● PenTesting via Knoppix STD and BackTrack
 Linux Post Installation &
Production Security
● Loop Mounted ISO's MD Signatures and
Source Sanitation
● Linux Post-Installation Security ← Use?
● SSH
● Wireless
● Encryption/Decrytion
● Ports/Services ← Less is More!
● SELinux/AppArmour/StackGuard-
Immunix/LibSafe Kernel Stack Locking
● Iptables/Stateful Packet Inspection/Layer 3
Switches & Layer 7 Firewalls
 Lab Instructions
● Boot LiveCD
● Verify Network Connection
● Join a Team or Grab a Partner
● Choose a LAB
● Review Material
● Complete it using LiveCD → Target
● Review Logs
● Adjust Exploit or Develop Lab
● Rinse and Repeat
● Attack “TARGET” & LiveCD Partners ONLY!
 Knoppix STD Tools
● STD 0.1 Knoppix security tools distribution
● MD5: de03204ea5777d0e5fd6eb97b43034cb
● http://www.knoppix.net/wiki/Knoppix_Remastering_Howto = Add Drivers for Wireless & Ethernet or Video
● Not developed for “script kiddy hacking” - this is a training aid for basic Computer Security Concepts that scales to ad-
vanced professional uses.
● THIS IS A TRAINING TOOL Until You Make it WORK (Many Security Tools are “broken by design” in Small Ways).
● Knoppix-STD does not have GUI's for everything. If there is a console based way to do it “better”; Knoppix uses the
console. Refer to the video examples and references for each lab, as well as the help files included in each directory:
●

● Tool OverView Available on Knoppix STD:

● Tools are grouped as follows:
● /usr/bin/auth/
● /usr/bin/crypto/
● /usr/bin/forensics/
● /usr/bin/fw/
● /usr/bin/honeypot/
● /usr/bin/ids/
● /usr/bin/net-utils/
● /usr/bin/pwd-tools/
● /usr/bin/servers
● /usr/bin/sniff/
● /usr/bin/tcp-tools
● /usr/bin/tunnels
● /usr/bin/vuln-test
● /usr/bin/wireless/

Full list of tools available: http://www.knoppix-std.org/tools.html

 Lab Demos

● 0 = BackTrack – Working LiveCD Tool!

● 1 = SSH Brute Force/Dictionary/Crypt

● 2 = Router Ownership Encyption/Decrypt

● 3 =TCP/IP, Arp, Scan, & DoS (use w/#4)

● 4 = Buffer OverFlow

● 5 = Sniffing, IDS and HoneyPots (use w/#2)

● 6 = Wireless/Crypt

● 7 = Advanced Challenges

Optimally, we use a team approach for Each

Team Demo (pair up)
Exchange/Declare Results
 Lab 0 = BackTrack
Explore BackTrack Live CD
● http://backtrack.offensive-

security.com/index.php?title=Tools
● http://isisblogs.poly.edu/2008/04/08/backtrack-3-d

● http://wtcs.ca/wiki/index.php/DEMO_using_BackT

● http://www.ethicalhacker.net/content/view/167/2/

Other Resources
● http://www.owasp.org/index.php/Category:OWASP

● http://hackaday.com
 Lab 1 SSH Brute Force:
●  LAB 1 SSH/FTP: Trust is Earned
● Create a User & Assign a Password
● Use Hydra to Attack
● http://www.youtube.com/watch?v=lLBVV67Nxks
● Hydra Windows cmd Example:
http://www.youtube.com/watch?
v=vDi3UPuV3RI&feature=related
● http://blog.hazrulnz.net/813/ssh-brute-forcereconn
● http://www.dtc.umn.edu/umssia/resources/day2d_
● Use Tcpdump or Logs to Catch Attack
● Protect against SSH/FTP crackers how?
 Lab 2 = Own the
Router
● Use Hydra to Own the Router
● Or Why Remote Management = OFF!
● http://freeworld.thc.org/thc-hydra/
● http://blip.tv/scripts/flash/showplayer.swf?
enablejs=true&feedurl=http://purehate138.bli
p.tv/rss&file=http://blip.tv/rss/flash/527781&s
howplayerpath=http://blip.tv/scripts/flash/sho
wplayer.swf
 Lab 3 = TCP/IP
TCP Explained:
http://www.youtube.com/watch?v=z40w3G8szK0
Nmap Spoofing an IP Address
http://www.networkuptime.com/nmap/page3-1
6.shtml
Tool = Cain: Arp Poisening:
http://www.youtube.com/watch?v=zG-_Y17lKpg&f
Tool = ettercap:
● http://www.youtube.com/watch?v=agTBk5qGjCQ

Stealth Scanning Script: (Advanced)

● http://crack0hack.wetpaint.com/page/TCP+Port+S
 Lab 4 = Smashing the Stack
Escalated Privileges/DoS via C Stack Buffer
Explained:
● http://www.ibm.com/developerworks/linux/libr

ary/l-sp4.html
Web Based Packet Overflows:
● http://www.youtube.com/watch?v=vyKnk197bUM

● http://www.youtube.com/watch?v=AlgwqMH3Uss
 Lab 5 = IDS SNORT and
HoneyPots
Recognize IDS Signatures using SNORT
● Backtrack Tool – Snort → KDE Menu

● Knoppix STD: Tools:

● /usr/bin/ids

● /usr/bin/honeypot

Logs From HackFests Around the World

● http://gd.tuwien.ac.at/infosys/security/oldsnor

t/packets.html

Pair with Lab #2 Team

 Lab 6 = Wireless Sniffing
Wired Traffic Through Wireless Device:
ettercap
● http://www.youtube.com/watch?v=RllU5mE095g

Wireshark: 1 of 3
http://www.youtube.com/watch?v=NHLTa29iovU&
Cookies & Grabbing Passwd: 2 of 3
● http://www.youtube.com/watch?

v=7ezGTP99xSw
DataMining:3 of 3
● http://www.youtube.com/watch?

v=WaIc5EfLPgc
 Lab 7 = Advanced
Pcap TCP/IP DNS and SSH fun:
● http://www.hackinglinuxexposed.com/articles/2003

SSL DNS Spoof Attack:

● http://www.youtube.com/watch?v=IIHQHoOyAEA&

Metasploit Windows:
● http://www.youtube.com/watch?v=4Fye4_VSE-A

Nikto Website Pentesting & More:

● http://www.securitytutorials5.thetazzone.com/

Absinthe Setting up Postgresql Injection: http://

www.0x90.org/releases/absinthe/docs/basicu
sage.php