In this is article we shall explore the current presence of known vulnerabilities in switched LAN's. I really hope to open your eyes on a few of the methods & tools that may be freely downloaded and used to try your network. Let us begin with a few of the basics we see in many small to medium networks. Now we have to start assessing the network and gathering home elevators it. We have to look at few things first to higher comprehend the obstacles we may face on a pen test. Begin with these basic questions as a foundation to gathering information.
Where would be the switches located?
Are you able to access the gear?
What type & kind of switches or hubs have been in the network?
Would be the switch's manageable and do they've a web interface?
What's the physical topology or design of the network?
Do the switches have security features (IDS) and therefore are there VLAN's getting used?
As we have the fundamental home elevators the network design and the gear utilized in the network we have to research the vendor's security bulletins to see if you will find any known exploits to try. If this network has wireless there are a great number of other methods we are able to deploy to locate susceptible points. At this time we must also look at what Physical media can be used to maneuver data on the network (CAT5, Fibre, or Wireless). Knowing what the network media is you are able to determine the easiest method to make use of it. Here are ideas on making use of the network and tools used.
Ethernet (CAT3, CAT5, or CAT6):
To tap Ethernet it's normally done using a protocol sniffer like Ethereal. To sniff on an Ethernet LAN you must have use of the network via switch port of other network connection.
Fibre (Gig-e or FDDI):
To tap a fibre network you'll need an optical splitter like "netoptics". To tap with a splitter you'll have to get access to the fibre lines. After you have the splitter installed you are able to run ethereal or every other network sniffer.
Wireless (802. 11 A, B, & G):
To tap wireless you have to first identify what type of signal the network is using. Most typical networks is going to be using 802. 11 B or G but there are several networks with an 802. 11 A. To discover what the kind of wireless is you are able to run computer software like Network Stumbler. Network Stumbler will help you to begin to see the access points and all of the need information on them such as the channel, signal, encryption used. Knowing let's say the AP is open or encrypted you are able to plan you road to accessing the network. If you discover the wireless network is encrypted you're going to have to find tools to crack the encryption. For WEP encryption you should use tools like AirCrack to break the encryption. After you have gained use of the wireless network you'll make use of a network sniffer like ethereal to fully capture packets.
Sniffing/ Tapping the Network
When i have stated above Ethereal is an excellent (and free) network sniffer but there are lots of other protocol Sniffing tools on the web most are free however, many vendor charge for there tools. The concept behind sniffing is as you are able to see all of the packets on the network. Having the ability to begin to see the packets and capture them you are able to reconstruct the information that flows within the network and access passwords and password hashes. Other of use data you are able to collect is e-mails, web site data, database info, & a great deal of other sensitive and painful info. Some obstacles you might face sniffing is when the network is switched you'll only see broadcast traffic and traffic directed to your IP ADDRESS. To resolve this issue you're going to have to sniff on a trunk port, mirror port, or spoof the network traffic to pass though your port. One good tool to sniff and spoof is Cain & Able, with Cain you may also sniff for VoIP calls and several other passwords.
Port Scanning
Port scanning is really a method of testing network devices to see what communication ports may be open. This is often done from the LAN, WAN, MAN, or the web. Port scanners are a few of the most used tools by pen tester to what exactly is open and how exactly to most useful identifier devices and services running on network devices. For instance in the event that you port scan an IP ADDRESS and also you see port 25 open then there's a possibility that the mail service is running. Next thing to try port 25 may be to telnet to the port if the reply is really a banner. If these devices is really a mail server it'll normally report back again to your telnet session with something banner. Microsoft Exchange server will report its SMTP name and the version of Exchange running on the server. Other interesting ports are 23 Telnet, 21 FTP, 23 SSH, 80 HTTP, 443 HTTPS, and 3389 Terminal servers (RDP). Good quality programs for port scanning are SuperScan (from foundstone), Nmap (from insecure. org) and X-scan (from xfocuse. com). You will find countless scanners on the web and several are specialized for scanning for several services or exploits. If you like more info on port scanning just Google it and you'll be busy for months.
Password Recovery
Password recovery can be achieved remotely or physically with computer software. On windows PC's you are able to run programs remotely like PWDump and when you have access you are able to run many kinds of bootable disk to alter and recover passwords. Other password recovery techniques include running Hash or Sam files recover tools from the PC on a users account. With the SAM file of Hashes after that you can go to crack the hash to achieve the password.
Password Cracking
Password cracking is performed by firmly taking an encrypted value (Hash) and utilizing a way to crack or reverse engineer it. Several commend kind of cracking is running deanery, Burteforce, or Cryptanalysis attacks on the hash. There are lots of programs on the web to operate dictionary & Burteforce attacks however the fastest method to crack passwords is by using rainbow Tables in it. There are some rainbow tables cracking websites on line and this program rcrack. exe is really a download free with source code from "antsight. com/zsl/rainbowcrack" Typically the most popular site to crack hashes on line is plain-text. info plus they allow 2 hashes free each hour to crack. With rainbow tables a pen tester's life has gotten much easier. Older ways of cracking like "Burteforce" may take months to crack a password and dictionary attacks only work if the password is really a commend word.
To date we now have discussed how exactly to analyze a network after which profile it for a pen test. We now have also covered methods to tap/sniff the network for data. With the small info we now have discuses it will prove as a great primer session to exhibit you how to start with pen testing. All of the tools mentioned in this specific article are often on the internet and all of the tools discussed in this specific article are free for down load. If you want any help with pen testing just utilze the internet as there are lots of guides around that cover specialized regions of pen testing. Keep in mind that the entire idea behind pen testing to understand and secure your network.
没有评论:
发表评论