I'm take picture from here and there by goggling not mentioning all source please let me know if anyone has any objection. This presentation was presented in IUT CTF G3t R00t
4. The OWASP Foundation
http://www.owasp.org
Nahidul Kibria
Co-Leader, OWASP Bangladesh Chapter,
Senior Software Engineer, KAZ Software
Ltd.
Writing code for fun and food.
And security enthusiastic
Twitter:@nahidupa
5. What is the event all
about?
Computer security? Information security?
Cyber Security?
Is it a game?
Are we going to learn hacking?
5
6. Capture The Flag(CTF)
In computer security, Capture the Flag
(CTF) is a computer security wargame.
Each team is given a machine (or small
network) to defend on an isolated
network.--wikipedia
6
11. If you want to be a Penetration Tester
11
A penetration test, occasionally pentest, is a method of
evaluating the security of a computer system or network by
simulating an attack from malicious outsiders with authorize by
the owner of that system.
12. Prerequisites
1. Good understanding network
architecture.
2. How modern operating system work
and system administration.
3. Application/Database/Service how they
designed and work.
12
37. About OWASP
OWASP’s mission is “to make application security visible, so
that people and organizations can make informed decisions
about true application”
Attacker not use black art to exploit your application
38. OWASP Bangladesh
• Bangladeshi community of Security professional
• Globally recognized
• Open for all
• Free for all
What do we have to offer?
• Monthly Meetings
• Mailing List
• Presentations & Groups
• Open Forums for Discussion
• Vendor Neutral Environments
40. Our Successes
OWASP Tools and
Documentation:
• ~15,000 downloads (per
month)
• ~30,000 unique visitors
(per month)
• ~2 million website hits (per
month)
OWASP Chapters are
blossoming worldwide
• 1500+ OWASP Members in
active chapters worldwide
• 20,000+ participants
OWASP AppSec Conferences:
• Chicago, New York, London,
Washington D.C, Brazil, China,
Germany, more…
Distributed content portal
• 100+ authors for tools,
projects, and chapters
OWASP and its materials are
used, recommended and
referenced by many
government, standards and
industry organizations.
40
45. Questions.
1. A question from cryptography. (300 points)
2. A question from malware analysis. (not that
much hardcore as it sound) (150 points)
3. A forensic analysis ( The easiest question of
the contest) (50 points)
45
46. Final Questions.
1. A server named GetRoot_v00t will be given. (500 points)
2. Another server named GetRoot_Drag0n will be given.
(1000 points)
Both server is take down from live because it suspected to
compromise by attacker and the attacker changed it root
password. So your job is recover the root password of this
server as well as create a report of what venerability this
server has to the judge.
46
47. Rules
1. You must run the given Virtual machine
only in NATed mode.
2. Take Screenshots in each success steps
include them to a document.
3. Cheating is allowed if you can manage
it silently.
47
48. We select the winner according the
following criteria (We will do partial
marking.)
1.How many points the participants has (scoring).
2.How complete the solutions are (quality).
3. Creativity, Geek Factor.
48
51. Netcat
Originally released in 1996, Netcat is a networking program
designed to read and write data across both Transmission
Control Protocol TCP and User Datagram Protocol (UDP)
connections using the TCP/Internet Protocol (IP) protocol
suite. Netcat is often referred to as a ”Swiss Army knife”
utility, and for good reason.
52. Basic Operations
Simple Chat Interface
Port Scanning
Transferring Files
Banner Grabbing
Redirecting Ports and Traffic
Creating backdoor
and what else u need ..........
57. 1) Get info about remote host
ports and OS detection
nmap -sS -P0 -sV -O <target>
Where < target > may be a single IP, a hostname or a subnet
-sS TCP SYN scanning (also known as half-open, or stealth scanning)
-P0 option allows you to switch off ICMP pings.
-sV option enables version detection
-O flag attempt to identify the remote operating system
Other option:
-A option enables both OS fingerprinting and version detection
-v use -v twice for more verbosity.
nmap -sS -P0 -A -v < target >
58. 2) Get list of servers with a
specific port open
nmap -sT -p 80 -oG – 192.168.1.* |
grep open
Change the -p argument for the port
number. See “man nmap” for different
ways to specify address ranges.
59. 3) Find all active IP addresses
in a network
nmap -sP 192.168.0.*
There are several other options. This one
is plain and simple.
Another option is:
nmap -sP 192.168.0.0/24
for specific subnets
60. 4) Ping a range of IP
addresses
nmap -sP 192.168.1.100-254
nmap accepts a wide variety of addressing
notation, multiple targets/ranges, etc.
61. 5) Find unused IPs on a given
subnet
nmap -T4 -sP 192.168.2.0/24 &&
egrep “00:00:00:00:00:00″
/proc/net/arp
62. 6) Scan for the Conficker
virus on your LAN ect.
nmap -PN -T4 -p139,445 -n -v –
script=smb-check-vulns –script-
args safe=1 192.168.0.1-254
replace 192.168.0.1-256 with the IP’s you
want to check.
63. 7) Scan Network for Rogue
APs.
nmap -A -p1-85,113,443,8080-8100 -
T4 –min-hostgroup 50 –max-rtt-
timeout 2000 –initial-rtt-timeout
300 –max-retries 3 –host-timeout
20m –max-scan-delay 1000 -oA
wapscan 10.0.0.0/8
I’ve used this scan to successfully find
many rogue APs on a very, very large
network.
64. 9) How Many Linux And
Windows Devices Are On
Your Network?
sudo nmap -F -O 192.168.0.1-255 | grep
“Running: ” > /tmp/os; echo “$(cat
/tmp/os | grep Linux | wc -l) Linux
device(s)”; echo “$(cat /tmp/os | grep
Windows | wc -l) Window(s) devices”
65. OS fingerprinting
1. XP with service pack 1
2. XP with service pack 2
3. Linux 64.0.33
4. MAC os
5. Open BSD
6. Etc etc