Offensive Security-Books Pdf

Offensive Security
01 Dec 2019 | 39 views | 0 downloads | 14 Pages | 1.67 MB

Share Pdf : Offensive Security

Download and Preview : Offensive Security


Report CopyRight/DMCA Form For : Offensive Security



Transcription

About this Document, Submitting your course exercises PWK lab report along with your exam report may have its benefits. For example up to 5 points may be earned by submitting your lab report along with your exercises. Although submitting your PWK lab report and the corresponding course exercises is completely. optional it is not difficult to see why it s highly recommended to do so. This document is provided as an example of what is expected at minimum in a typical lab report that is. submitted for review You must successfully compromise no less than 10 machines in the labs and. document all of your steps as illustrated in the Offensive Security Lab and Exam Penetration Report. Section 3 Methodologies template You may choose to include more than 10 machines in your. report however this will not provide any additional points to your final exam score. The sample report presented in this document has been adapted for the non native English speaker For. that reason Offensive Security has opted for a more visual i e more screenshots style of reporting A. narrative of how the machine was compromised as well as vulnerability information can be included in. the report at your discretion Please note that this template is only a guide you may opt not to use it. and create your own The report regardless of the template used must be clear concise and most. importantly it must be reproducible In other words we must be able to compromise the machine again. by simply following the report,Table of Contents, 1 0 Offensive Security Lab and Exam Penetration Test Report 4. 1 1 Introduction 4,1 2 Objective 4,1 3 Requirements 4. 2 0 Report High Level Summary 5,2 1 Report Recommendations 5. 3 0 Report Methodologies 5,3 1 Report Information Gathering 6.
3 2 Report Service Enumeration 6,3 3 Report Penetration 7. 3 4 Report House Cleaning 14,4 0 PWK Course Exercises 14. 1 0 Offensive Security Lab and Exam Penetration Test Report. 1 1 Introduction, The Offensive Security Lab and Exam penetration test report should contain all the steps taken to. successfully compromise machines both in the exam and lab environments Accompanying data used in. both environments should also be included such as PoCs custom exploit code and so on Please note. that this report will be graded from a standpoint of correctness and completeness The purpose of this. report is to ensure that the student has a full understanding of penetration testing methodologies as. well as the technical knowledge required to successfully achieve the Offensive Security Certified. Professional OSCP certification,1 2 Objective, The objective of this assessment is to perform an internal penetration test against the Offensive Security. Lab and Exam network The student is tasked with following methodical approach in obtaining access to. the objective goals This test should simulate an actual penetration test and how you would start from. beginning to end including the overall report A sample page has been included in this document that. should help you determine what is expected of you from a reporting standpoint Please use the sample. report as a guide to get you through the reporting requirement of the course. 1 3 Requirements, The student will be required to complete this penetration testing report in its entirety and to include the.
following sections, Overall High Level Summary and Recommendations Non technical. Methodology walk through and detailed outline of steps taken. Each finding with accompanying screenshots walk throughs sample code and proof txt file if. applicable,Any additional items as deemed necessary. 2 0 Report High Level Summary, OS XXXXX was tasked with performing an internal penetration test in the Offensive Security Labs and. Exam network An internal penetration test is a simulated attack against internally connected systems. The focus of this test is to perform attacks similar to those of a malicious entity and attempt to. infiltrate Offensive Security s internal lab systems the THINC local domain and the exam network OS. XXXXX s overall objective was to evaluate the network identify systems and exploit flaws while. reporting the findings back to Offensive Security, While conducting the internal penetration test there were several alarming vulnerabilities that were. identified within Offensive Security s network For example OS XXXXX was able to gain access to. multiple machines primarily due to outdated patches and poor security configurations During testing. OS XXXXX had administrative level access to multiple systems All systems were successfully exploited. and access granted These systems as well as a brief description on how access was obtained are listed. Target 1 Obtained a low privilege shell via the vulnerable web application called KikChat. Once in access was leveraged to escalate to root using the getsystem command in. Meterpreter,2 1 Report Recommendations, OS XXXXX recommends patching the vulnerabilities identified during the penetration test to ensure that.
an attacker cannot exploit these systems in the future One thing to remember is that these systems. require frequent patching and once patched should remain on a regular patch program in order to. mitigate additional vulnerabilities that may be discovered at a later date. 3 0 Report Methodologies, OS XXXXX utilized a widely adopted approach to performing penetration testing that is effective in. testing how well the Offensive Security Labs and Exam environments are secure Below is a summary of. how OS XXXXX was able to identify and exploit a number of systems. 3 1 Report Information Gathering, The information gathering portion of a penetration test focuses on identifying the scope of the. penetration test During this penetration test OS XXXXX was tasked with exploiting the lab and exam. network The specific IP addresses were,Lab Network. 192 168 31 218,3 2 Report Service Enumeration, The service enumeration portion of a penetration test focuses on gathering information about what. services are alive on a system or systems This is valuable to an attacker as it provides detailed. information on potential attack vectors into a system Understanding what applications are running on. the system provides an attacker with vital information before conducting the actual penetration test In. some cases some ports may not be listed,Server IP Address Ports Open Service Banner.
192 168 31 218 TCP 80 3389 Apache RDP,3 3 Report Penetration. The penetration testing portion of the assessment focuses heavily on gaining access to a variety of. systems During this penetration test OS XXXXX was able to successfully gain access to 10 out of the 50. Vulnerability Exploited KikChat LFI RCE Multiple Vulnerability. System Vulnerable 192 168 31 218, Vulnerability Explanation The KikChat web application suffers from a Local File Include LFI as well as. a Remote Code Execution RCE vulnerability A combination of these vulnerabilities was used to obtain. a low privilege shell, Privilege Escalation Vulnerability Named Pipe Impersonation In Memory Admin. Vulnerability Fix No known patch or update for this issue. Severity Critical,Information Gathering,Full Nmap scan of all ports. Nikto scan on target s port 80,Content of target s robots txt using curl.
Further enumeration of port 80 using a browser, Searching Exploit DB for PoC on KikChat s vulnerability. Proof Of Concept Code https www exploit db com exploits 30235. Confirming RCE Using the PoC from Exploit DB additional information about the web server is gathered. by creating a php file with phpinfo and viewing it. Command issued from terminal, http 192 168 31 218 8678576453 rooms get php name info php ROOM php. Viewing custom php file in the browser,10 P a g e,Getting Low Privilege shell. Using the RCE vulnerability create a php file called shell php that will download nc txt Save it as a. batch file create nc exe and connect back to attacker. Hosting nc txt file, RCE command to download nc txt run shell php and connect to attacking machine. Listener on attacking machine,11 P a g e, Privilege Escalation Using Metasploit a meterpreter php reverse shell is created Once created it is.
then uploaded to the target machine the same way as the nc txt file and then it is executed using. Creating Meterpreter PHP reverse shell,Hosting executing malicious file. 12 P a g e, Creating a Meterpreter reverse TCP shell executing it and escalating with getsystem. 13 P a g e,Proof file,3 4 Report House Cleaning, The house cleaning portion of the assessment ensures that remnants of the penetration test are. removed Often times fragments of tools or user accounts are left on an organization s computer which. can cause security issues down the road Ensuring that we are meticulous and no remnants of our. penetration test are left over is paramount importance. After the objectives on both the lab network and exam network were successfully completed OS XXXXX. removed all user accounts and passwords as well as the Meterpreter services installed on the system. Offensive Security should not have to remove any user accounts or services from any of the systems. 4 0 PWK Courses Exercises, Course exercises are to be documented and added in this section of the report.

Related Books

Benjamin Delpy @gentilkiwi TBA - Vanquish Network Security

Benjamin Delpy gentilkiwi TBA Vanquish Network Security

Social Engineer: The Human Element of Security and Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails.Chris specializes in understanding how malicious attackers exploit human communication and trust to obtain access to information and resources through manipulation and deceit. His goal is to secure companies

CompTIA CySA+ Certification CS0-001 Exam

CompTIA CySA Certification CS0 001 Exam

CompTIA CySA+ Certification CS0-001 Exam ... Which of the following BEST describes the offensive participants in a tabletop exercise? A. Red team B. Blue team C. System administrators D. Security analysts E. Operations team Answer: A QUESTION 2 After analyzing and correlating activity from multiple sensors, the security analyst has determined a group from a high-risk country is responsible for ...

POLICY CHANGES FOR ACQUISITION OF OFFENSIVE CYBERSPACE ...

POLICY CHANGES FOR ACQUISITION OF OFFENSIVE CYBERSPACE

Security Classification ... Metasploit ... performed comparing the strategic guidance (National Defense Strategy and National Military

A Simple Laboratory Environment for Real-World Offensive ...

A Simple Laboratory Environment for Real World Offensive

A Simple Laboratory Environment for Real-World Offensive Security Education Maxim Timchenko and David Starobinski Electrical and Computer Engineering Department ...

Penetration)Testing)with)Kali)Linux - Sahil Rai

Penetration Testing with Kali Linux Sahil Rai

Penetration)Testing)with)Kali) ... 0.5F!Offensive!Security!Labs! 0.5.1&%VPN%Labs%Overview! ... Offensive Security Created Date:

Iranian Politics and Religious Modernism

Iranian Politics and Religious Modernism

Iranian politics and religious modernism: the liberation movement of Iran. t. Iran. Politics I. Title 320.955 ISBN 1-85043-198-1 Printed in the United States of America For my parents . N.llillll ...

Repair of submerged concrete piles with FRP composites

Repair of submerged concrete piles with FRP composites

Deterioration of concrete piles in marine structures due to harsh environmental conditions has highlighted the need of continuous maintenance and renewal of such structures. To repair these structures a relatively new and emerging repair method is to wrap the piles with fibre reinforced polymer (FRP) materials. The lightweight, high

Maintenance Planning Of Reinforced Concrete Structures ...

Maintenance Planning Of Reinforced Concrete Structures

Maintenance Planning Of Reinforced Concrete Structures: Redesign In A Probabilistic Environment Inspection Update And Derived Decision Making C Gehlen & C Sodeikat Consulting Bureau Professor Schiessl Germany Summary: In the European Brite-Euram research project DURACRETE, a new service life design concept for reinforced concrete structures has been established. This new concept enables the ..

INDIAN INSTITUTE OF TECHNOLOGY ROORKEE

INDIAN INSTITUTE OF TECHNOLOGY ROORKEE

9. Objective: To introduce the theoretical concepts of ordinary differential equations. 10. Details of Course: S. No. Contents Contact Hours 1. Existence, uniqueness and continuation of solutions of a differential equation and system of differential equations, differential and integral inequalities, fixed point methods. 9 2. Linear systems ...

Syllabus of B. Tech. Computer Engineering + M. Tech ...

Syllabus of B Tech Computer Engineering M Tech

Syllabus of B. Tech. Computer Engineering + M. Tech. Computer Engineering (C ED) for 1st and 2nd Semesters (According to 22nd and 23rd Senate meeting minutes) Course Title Calculus Course No (w ill be assigned) Specialization Mathematics Structure (LTPC) 3 0 0 3 Offered for UG& DD Status Core Elective Faculty Type New Modification Pre-requisite To take effect from Submission date 21/07/2014 ..