Documente Academic
Documente Profesional
Documente Cultură
● LisaKachold@Obnosis.com
● “OSI Layer Up” Security
● Phoenix Linux Users Group Security Lab
Overview
● 4 = Buffer OverFlow
● 6 = Wireless/Crypt
● 7 = Advanced Challenges
security.com/index.php?title=Tools
● http://isisblogs.poly.edu/2008/04/08/backtrack-3-d
● http://wtcs.ca/wiki/index.php/DEMO_using_BackT
● http://www.ethicalhacker.net/content/view/167/2/
Other Resources
● http://www.owasp.org/index.php/Category:OWASP
● http://hackaday.com
Lab 1 SSH Brute Force:
● LAB 1 SSH/FTP: Trust is Earned
● Create a User & Assign a Password
● Use Hydra to Attack
● http://www.youtube.com/watch?v=lLBVV67Nxks
● Hydra Windows cmd Example:
http://www.youtube.com/watch?
v=vDi3UPuV3RI&feature=related
● http://blog.hazrulnz.net/813/ssh-brute-forcereconn
● http://www.dtc.umn.edu/umssia/resources/day2d_
● Use Tcpdump or Logs to Catch Attack
● Protect against SSH/FTP crackers how?
Lab 2 = Own the
Router
● Use Hydra to Own the Router
● Or Why Remote Management = OFF!
● http://freeworld.thc.org/thc-hydra/
● http://blip.tv/scripts/flash/showplayer.swf?
enablejs=true&feedurl=http://purehate138.bli
p.tv/rss&file=http://blip.tv/rss/flash/527781&s
howplayerpath=http://blip.tv/scripts/flash/sho
wplayer.swf
Lab 3 = TCP/IP
TCP Explained:
http://www.youtube.com/watch?v=z40w3G8szK0
Nmap Spoofing an IP Address
http://www.networkuptime.com/nmap/page3-1
6.shtml
Tool = Cain: Arp Poisening:
http://www.youtube.com/watch?v=zG-_Y17lKpg&f
Tool = ettercap:
● http://www.youtube.com/watch?v=agTBk5qGjCQ
ary/l-sp4.html
Web Based Packet Overflows:
● http://www.youtube.com/watch?v=vyKnk197bUM
● http://www.youtube.com/watch?v=AlgwqMH3Uss
Lab 5 = IDS SNORT and
HoneyPots
Recognize IDS Signatures using SNORT
● Backtrack Tool – Snort → KDE Menu
● /usr/bin/ids
● /usr/bin/honeypot
t/packets.html
Wireshark: 1 of 3
http://www.youtube.com/watch?v=NHLTa29iovU&
Cookies & Grabbing Passwd: 2 of 3
● http://www.youtube.com/watch?
v=7ezGTP99xSw
DataMining:3 of 3
● http://www.youtube.com/watch?
v=WaIc5EfLPgc
Lab 7 = Advanced
Pcap TCP/IP DNS and SSH fun:
● http://www.hackinglinuxexposed.com/articles/2003
Metasploit Windows:
● http://www.youtube.com/watch?v=4Fye4_VSE-A