Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Automated Penetration Testing With Core Impact

1. Core Impact is a commercial penetration testing framework that uses a common methodology of information gathering, attack, privilege escalation, and reporting on networks, clients, and web applications. 2. It works by launching modules and agents against target systems from a console to fingerprint systems, scan for vulnerabilities, and perform exploits to compromise targets. 3. While powerful, it has some limitations like importing only certain vulnerability data, occasional bugs and crashes, and being expensive.

1 of 11

1

Automated Penetration Testing with CORE IMPACT Tom Eston NEO Information Security Forum February 20, 2008

2

Topics What makes a good penetration testing framework? What is CORE IMPACT? How does it work? Cool features Limitations Live demonstration Network Side RPT (Rapid Penetration Test) Client Side RPT

3

Disclaimer I am not a paid spokesman for Core Security Technologies Opinions are from a customer perspective “ Automated penetration testing does not replace the need for manual, detailed penetration testing!”

4

What makes a good penetration testing framework? Platform independent Install on Windows, Mac, Linux Good exploit collection w/regular updates A intuitive, robust GUI Ability to add new exploits Open source or ability to customize Good reporting tools

5

What frameworks are available? Metasploit Framework Inguma SecurityForest Attack Tool Kit Immunity Canvas ($) CORE IMPACT ($) Some are application or web specific… Orasploit (Oracle) PIRANA (email content filtering framework) BeEF (Browser Exploitation Framework) W3af (Web Application Exploit Framework)

6

What is CORE IMPACT? Commercial penetration testing framework ($$) Uses a common pen test methodology Information Gathering Attack and Penetration Privilege Escalation Clean Up and Reporting Network, client-side and web (SQL Injection and PHP remote file inclusion) RPT functions Detailed logging Easy to use Safe Exploits are extensively tested by the CORE IMPACT team Develop custom modules and exploits (Python) Pretty reports…

7

How does it work? Launch agents and modules against target systems from the console Agents - Small programs you install on compromised systems and use to advance an attack. Memory resident! (think Metasploit’s meterpreter) Level of agents give you additional functionality (pivoting) Modules - Operations that can be launched against target systems OS fingerprinting, port scanning, and targeted exploits View detailed information about target systems Keeps a record of all activity, module output, and the results of attacks

8

Cool Features Pivoting Use compromised host to attack hosts on internal network Collect Windows password hashes in-memory Log keystrokes, sniff passwords and hashes Collect saved login credentials from popular applications such as Internet Explorer, Firefox and MSN Install agents with valid username, password, hash combinations MSRPC fragmentation and traffic encryption Test IDS/IPS defenses

9

Limitations Importing external vulnerability data Nessus, Qualys, etc… Slow and buggy at times Console sometimes unstable Crash will cause agents to disconnect Know Python? Expensive!

10

Live Demonstration Lab Setup VMware Server, CORE IMPACT Console 4 Windows Systems, 1 Linux Network Side Rapid Penetration Test Information Gathering Attack and Penetration w/multiple exploits Clean Up Client Side Rapid Penetration Test Phishing simulation Windows XP target running Outlook Express Microsoft WMF Exploit

11

Questions [email_address] CORE IMPACT from Core Security Technologies http://www.coresecurity.com/

More Related Content

Automated Penetration Testing With Core Impact

  • 1. Automated Penetration Testing with CORE IMPACT Tom Eston NEO Information Security Forum February 20, 2008
  • 2. Topics What makes a good penetration testing framework? What is CORE IMPACT? How does it work? Cool features Limitations Live demonstration Network Side RPT (Rapid Penetration Test) Client Side RPT
  • 3. Disclaimer I am not a paid spokesman for Core Security Technologies Opinions are from a customer perspective “ Automated penetration testing does not replace the need for manual, detailed penetration testing!”
  • 4. What makes a good penetration testing framework? Platform independent Install on Windows, Mac, Linux Good exploit collection w/regular updates A intuitive, robust GUI Ability to add new exploits Open source or ability to customize Good reporting tools
  • 5. What frameworks are available? Metasploit Framework Inguma SecurityForest Attack Tool Kit Immunity Canvas ($) CORE IMPACT ($) Some are application or web specific… Orasploit (Oracle) PIRANA (email content filtering framework) BeEF (Browser Exploitation Framework) W3af (Web Application Exploit Framework)
  • 6. What is CORE IMPACT? Commercial penetration testing framework ($$) Uses a common pen test methodology Information Gathering Attack and Penetration Privilege Escalation Clean Up and Reporting Network, client-side and web (SQL Injection and PHP remote file inclusion) RPT functions Detailed logging Easy to use Safe Exploits are extensively tested by the CORE IMPACT team Develop custom modules and exploits (Python) Pretty reports…
  • 7. How does it work? Launch agents and modules against target systems from the console Agents - Small programs you install on compromised systems and use to advance an attack. Memory resident! (think Metasploit’s meterpreter) Level of agents give you additional functionality (pivoting) Modules - Operations that can be launched against target systems OS fingerprinting, port scanning, and targeted exploits View detailed information about target systems Keeps a record of all activity, module output, and the results of attacks
  • 8. Cool Features Pivoting Use compromised host to attack hosts on internal network Collect Windows password hashes in-memory Log keystrokes, sniff passwords and hashes Collect saved login credentials from popular applications such as Internet Explorer, Firefox and MSN Install agents with valid username, password, hash combinations MSRPC fragmentation and traffic encryption Test IDS/IPS defenses
  • 9. Limitations Importing external vulnerability data Nessus, Qualys, etc… Slow and buggy at times Console sometimes unstable Crash will cause agents to disconnect Know Python? Expensive!
  • 10. Live Demonstration Lab Setup VMware Server, CORE IMPACT Console 4 Windows Systems, 1 Linux Network Side Rapid Penetration Test Information Gathering Attack and Penetration w/multiple exploits Clean Up Client Side Rapid Penetration Test Phishing simulation Windows XP target running Outlook Express Microsoft WMF Exploit
  • 11. Questions [email_address] CORE IMPACT from Core Security Technologies http://www.coresecurity.com/