HOW TO LEARN A MAKE A PENTEST

SCHEDULE WHAT IS A PENTEST YOUR PHASES * RECONNAISSANCE | SCANNING | GAINING ACCESS | MAINTAINING ACCESS | CLEANING TRACKS HOW TO BYPASS AV | HOW TO HACK WINDOWS 7 | REMOTE HOW TO HACK – FACEBOOK HOW TO AVOID SOME ATACKS ? DEMO

FELIPE ZUCKERMAN ENTHUSIAST IN IT FOCUSED ON SAFETY

WHAT IS A PENTEST ?

YOUR PHASES

RECONNAISSANCE This phase consist in obtain the maximum of information about the target such as: OS System Topology Network Email Address, Presence of Firewall, AV Enumeration about the services and your version use auxiliary/scanner/smb/smb_version  nmap --script smb-os-discovery.nse <target> ttl value windows= 128 Linux = 64

LET’S SEE ?

GAINING ACCESS

NETSH ADVFIREWALL SET PUBLICPROFILE STATE OFF

SCANNING The scanning process can be divided into three steps: Determining if a system is active. Port scanning the system. Scanning the system for vulnerabilities Ex: USAGE  #nmap [Scan Type(s)] [Options] {target specification}

MAINTAINING ACCESS

NETCAT

BELOW IS SHOWN SOME WAYS TO DETECT INTRUDERS IN YOUR SYSTEM %AllUsersProfile%\Application Data\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

DISABLE SOME SERVICES TELNET REMOTE DESKTOP REMOTE REGISTRY

Nessus é um dos melhores scanners de vulnerabilidades e pode ser encontrado tanto na versão comercial quanto na versão doméstica, que é grátis. Além do Nessus temos também o OpenVAS e Nexpose que também são ótimos scanners de vulnerabilidades que abordaremos em breve.

PenETRATION TEST ?

Configuração do Computador > Configurações do Windows > Configurações de Segurança > Políticas Locais > Política de Auditoria.

PRIVILEGE ESCALATION Local privilege escalation happens when one user acquires the system rights of another user. Network intruders have many techniques for increasing privileges once they have gained a foothold on a system

LINK: http://www.exploit-db.com/exploits/15609/ PRIVILEGE LOCAL PRIVILEGE REMOTE LINK: http://www.exploit-db.com/exploits/15609/

HACKING WINDOWS 7 WITH POWERSHELL

BYPASSING ANTIVIRUS Veil-Evasion is a tool to generate payload executables that bypass common antivirus solutions.

2 1 O ANTIVIRUS DETECTOU MEU ARQUIVO 3 3 4

6 5 NO COMENTS 8

CLEARING TRACKS

CLEARING TRACKS

PENETRATION TEST DEMO

REFERENCES 1. Metasploit http://www.metasploit.com 2. Pen Tester http://en.wikipedia.org/wiki/Penetration_test 3. NETWORK COMPUTERS http://pt.wikipedia.org/wiki/Rede_de_computadores 4. INSTRODUTION TO TCP/IP http://www.vivaolinux.com.br/artigo/Introducao-ao-Protocolo-Internet-IP 5. VIRTUALIZATION http://www.vivaolinux.com.br/artigo/Virtualizacao-Montando-uma-rede-virtual-para-testes-e-estudos-de-servicos-e-servidores 6. Keylogging http://pt.wikipedia.org/wiki/Keylogger 7. Backdoor http://pt.wikipedia.org/wiki/Backdoor

CONTACT @FelipeZuckerman Felipezuckerman Felipesecmaniac@gmail.com