Security is something that everyone needs to be aware of and
something that everyone needs to deal with. While you can go out and
collect a number of tools and utilities to help you out, there is an
easier path. There are several Linux distributions out there that
provide an entire suite of tools to fit your security needs. One of the
more popular ones is Kali Linux (originally BackTrack). There are other
ones, like BackBox or Lightweight Portable Security, which may fit
specific needs better. You can run these off of a bootable DVD or USB
drive, allowing you to run forensics on a compromised machine.
Alternatively, you could install it on a box and set it up on your
network for a more permanent security solution.
In this tutorial, we’ll use Kali Linux to go through one possible set
of steps to analyse and test your local security. We will only be able
to cover a subset of all of the tools available in Kali Linux, but you
will learn some basic techniques to monitor your systems and to test
your defences of them.
Resources
Kali Linux Metasploit Each
application has an entry in the menu. If it is a console based
application, it opens in a new terminal with a listing of the options
for that tool
Step by Step
Step 01
Download and install
The first step is to get a copy of Kali Linux to work with. The main
download page provides downloads in several different formats and for
several different architectures. The usual thing to do is to download an
ISO and either burn it to a CD or create a bootable USB drive.
Step 02
Hardware detection
One cool extra that Kali Linux provides is the ability to take a look
at your hardware before booting up. It is always a good idea to get a
lay-of-the-land look at the hardware you want to investigate. This is a
boot option when you start up Kali.
Step 03
Netdiscover
One of the first things to do is to find out who, or what, is on your
network. Netdiscover gives you a tool to do IP address mapping on your
network. This is especially useful on Wi-Fi networks that aren’t using
DHCP.
Step 04
Tcpflow
Once you have a list of hosts, then you will probably want to look at
what kind of communication is happening. Tcpfl ow will monitor the
traffi c occurring on your network and construct conversations that you
can analyse to see what your network is being used for.
Step 05
Intrace
Once you know what kind of conversations are occurring on your
network, you may be interested in finding out what routes those
conversations are taking. Intrace gives you a traceroute-like listing of
packet paths by looking at the TCP packets fl owing on your network.
Step 06
Zenmap
After identifying the hosts on your network, you will probably need
to see what ports are open on them, and what OS is running there. The
go-to application for this is Nmap. The usual GUI front-end used for
Nmap is Zenmap.
Step 07
Sqlninja
Now we need to start poking at security. Microsoft is always a
punching bag when it comes to security, and SQL Server is no exception.
Most corporate networks use Microsoft software, so you need to test how
they
are configured. Sqlninja is the tool to beat on SQL Server, using techniques like SQL injection.
Step 08
Acccheck
Another service that can prove to be a weak point in your systems is
SMB, or Samba file sharing. The utility acccheck can be used to run a
dictionary attack on account passwords, trying to break through Windows
authorisation.
Step 09
Forensics mode
If you do find a machine that you think may have been compromised,
you want to be careful when you try to investigate it. Kali Linux
provides a forensics mode on bootup that simply boots up and leaves all
local drives unmounted and untouched. That way, you can run tests
without changing the state of the system.
Step 10
Offline password cracking
One of the things you will want to investigate is if the machine has
been compromised due to weak password selections. There are several
tools that can be used to try to crack password hashes. Most of these,
like
John the Ripper, use dictionary attacks to dig out passwords.
Step 11
Guymager
In some cases, the machine in question may be too important to leave
offline. In these cases, the only option is to make an image of the
drive to investigate later before rebuilding. Guymager is one of the
tools available to make images for this purpose.
Step 12
Chkrootkit
One of the tings you will need to look for during an investigation is
whether a rootkit has been installed, providing a back entrance to the
bad guys. One of the tools you can use to do this is chkrootkit. This
utility looks for evidence of common rootkits used for taking over
machines.
Step 13
Social engineering
One aspect of security that gets neglected is the social aspect. All
of the security in the world won’t help if your users aren’t computing
safely. Kali Linux provides a social engineering toolkit that you can
use to do things like trying out spear-phishing attacks.
Step 14
Exploit databases
Along with testing the social aspect, you also need to test the
security of the machines to find any holes. You do this by trying known
exploits. Luckily, there is a database full of known exploits online.
Step 15
Metasploit
The usual tool used to test a system is Metasploit, which provides a
full framework for putting together complete attack vectors. These
include intrusions, compromises and channels to allow for remote access
of a compromised machine. Within Kali Linux, there are menu items that
allow you to start up the Metasploit server. There’s also an entry to
grab a dump of diagnostic logs, in case you run into issues. Metasploit
runs in a client-server model, so once you start up the server, you will
need to connect with a client in order to try some exploits against the
machines that you are responsible for.
Step 16
Armitage
One of the graphical interfaces available to you is Armitage. If you
have already started Metasploit, then you can tell Armitage to connect
to this already-running server. Otherwise, Armitage can start up a new
Metasploit server for you to play with.
Step 17
p0f
Once you have your network secured, that is only the beginning. You
need to keep up with what is happening on your system. The p0f tool
passively monitors a network to see what machines exist and what OS they
run, without letting them know that you are listening.
Step 18
Hardware exploits
One set of tools that Kali provides that is unique is the ability to
test other hardware. There are tools to poke into Android devices,
Bluetooth protocols and Arduino systems.
Step 19
DDMS
DDMS is a debugging monitor that gives you low-level access and
control of Android machines. You simply need to plug your device into a
USB port, start up DDMS and check out what is happening on the device.
You do need to install an SDK for a specific version before starting.
Step 20
Android exploits – apktool
Once you have your Android device attached, you can run various
exploits to get root access. These vary, based on what kind of hardware
your Android is running on. One type of exploit may need apktool, in
order to open and edit the APK files on your Android device.
Step 21
Bluetooth
You also have another possible security hole. The Bluetooth protocol
is used for mice, keyboards and other bits of hardware. But security was
never really thought of in any major sense. Kali Linux provides several
tools to look at the Bluetooth signals travelling around.
Step 22
Install on ARM
Support from the Kali developers has provided for an ARM architecture
version. You can find it on the main download page. There are even
instructions on how to install it on a Galaxy Note 10.1 device,
including an
installation image.
Step 23
Conclusion
Hopefully, if you follow these steps, you can start to get a handle
on the security needs for your system. This is only a start, though.
There are lots more tools available in Kali Linux than we covered here,
so don’t be afraid to check out what else is available.
No comments:
Post a Comment