Kevin Cardwell B L

Kevin Cardwell b l

Toolkits: All-in-One Approach to Security a

This talk will be on using toolkits for your pen-testing, c vulnerability assessment etc. Configuring a plethora of the different tools out there can be quite time consuming, and

challenging. The focus of this talk will be to look at an alternative k solution that provides a suite of tools at boot. Until recently there was not very many toolkits, and the ones that were there did not work very well, that has changed and in this talk I will discuss the h toolkits available, and demo one of the better ones. The toolkits that will be reviewed will all be open source, and free, there are

commercial solutions available, but why pay when the free ones a are more than adequate. t b r

Kevin Cardwell spent 22 years in the U.S. Navy, starting off in Sound Navigation and Ranging (SONAR). He began i programming in 1987. He was fortunate enough to get on the Testing Team and got to test and evaluate Surveillance e and Weapon system software including; Remote Mine- Hunting System, Multi-System Torpedo Recognition Alert Processor (MSTRAP), Advanced Radar Periscope f Discrimination Detection System (ARPDD), Tactical Decision Support Subsystem (TDSS) and Computer Aided Dead Reckoning Tracer (CADRT). Shortly thereafter he became a software and systems engineer and was was i selected to head the team that built a Network Operation Center (NOC) that provided services to the command ashore n and ships at sea in the Norwegian Sea and Atlantic Ocean.

In 2000, Cardwell formed his own Engineering

Solutions company and has been providing consulting g services for companies throughout the UK and Europe. He is also an Adjunct Associate Professor for the University of Maryland University College and is the European rep for the Information Assurance curriculum. He holds a BS in s Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas.

b l

Toolkits: All-in-one Approach to a

Security c k Blackhat USA 2005 h Speaker: Kevin Cardwell

[email protected] a t b r Agenda i e • Tool Selection Methodology • Tool Usage f – Traditional – Alternative i • Available Toolkits n • Network Security Toolkit – Demo!

• Questions? g s

digital self defense digital self defense digital Tool Usage Tool Selection Tool • Download tool • README File • ./configure • make • make INSTALL • If all goes well! the tool …. Run • with the tool You are comfortable • satisfactorily The tool performs • the job done The tool gets • You are comfortable configuring • Have a reputation of being successful • Are FREE! – Traditional – The tool used is not a factor if – that Finding security tools • Two Approaches • of the most difficult things? One • Toolkit approach black hat briefings b l

Traditional Approach Pitfalls a

• Did you remember all the dependencies? c – Libpcap, openssl etc

• Are all the libraries built? k • Is everything the right version?

• Are there specific steps to follow to get the h tool running – ie: Nessus a • Does the tool work on your OS! t b r Tool Usage: Cont i

• Alternative approach e – Tools Available at Boot!

– No build requirements f – No hard drive impact

• Can use on any machine, and then restore to its normal i operation! – Use on virtually any Intel system n – Web based GUI

– SSL, ssh etc g – Powerful Scripts! s

digital self defense digital self defense digital Available Toolkits – Plethora of security tools – Powerful scripts – Father of the majority of the kits – Forensic based – Designed for “hacking” • Auditor •Toolkit Network Security • Knoppix • Helix • PHLAK black hat briefings b l

Knoppix a

• Most of the toolkits are based on Knoppix c • Hardware friendly • Lots of choices: k – Local Area Security • http://www.localareasecurity.com – Knoppix Security Tools Distribution h • Kyle Rankin – Knoppix Hacks – ISBN: 0-595-00787-6 a t b r

Helix i

• Applications dedicated to Incident Response and e Forensics.

• Will not auto mount swap space, or auto mount f any attached devices

– Forensically sound i

• Special Windows autorun side for Incident n Response and Forensics. • Used by E-fense, SANS and others! g

• http://www.e-fense.com/helix/ s

digital self defense Auditor PHLAK digital self defense digital – http://new.remote-exploit.org/index.php/Tutorials – 600 MB+ – Scanning – Footprinting etc •at getting wireless working at Excellent boot! • Tutorials available • http://www.remote-exploit.org • Very big • Tons of tools broken down into areas – by Alex de Landgraaf • Linux Assault Kit Professional Hackers • of Morphix Derivative • http://www.phlak.org black hat briefings b l

Network Security Toolkit a • My favorite c • The scripts are unbelievable

• From the GUI can run almost everything k within clicks of a mouse

• http://www.networksecuritytoolkit.org h a t b r Introducing the Network Security Toolkit i e • Created by: – Ronald W. Henderson and Paul Blankenbaker f

• Distributed under the GPL (GNU Public License) i

_ Everyone is permitted to copy and distribute n verbatim copies of this license document, but changing it is not allowed • Change is allowed for your own personal use, but not for g distribution to others s

digital self defense . vwtm lx digital self defense digital NST Info probe system can be accomplished probe system ) About the NST About • Run setup_x and choose hardware • The more RAM the better Logging in directly to the probe using the console Logging in directly to the probe logging in via a ssh client program: ssh root@IP to: https://IP/ directing a SSL capable web browser – If problems – Hit or miss – Start by typing –Architectures x86 Intel all virtually Works on – – – in the following manner: The toolkit was designed to provide easy access to easy provide was designed to The toolkit Open Source Network Security best-of-breed and should run on most x86 Applications platforms. running (NST • Boots from an ISO cd image • Creates RAM disk • X windows • ISO This bootable CD is based on Fedora Core 2 • in the When booted manner, access to thedefault black hat briefings b l NST Contents a

• The majority of tools published in the article: Top 75 Security Tools by insecure.org are available in the c toolkit.

– Ettercap k • Man-in-the-middle attacks • SSL sniffing – Nessus h • Top 5 scanner – Kismet

• Wireless WEP cracking a t b r NST contents (cont) i

• Snort e – In 2 mouse clicks • Full blown with BASE or ACID display f – I have never seen an easier Snort setup!! • lots more i – User guide n • http://www.networksecuritytoolkit.org/nst/index.ht

ml g – Man pages s

digital self defense digital self defense digital Startup (cont) Starting the Toolkit Starting – Desktop – Laptop (loads all PCMCIA services) • 2 of note • If there is no DHCP this fails and the boot continues – Several options space bar for custom boot space bar for – ifconfig ever eth0 10.1.1.? (what you are assigning) ip – ifconfig eth0 netmask 255.255.255.0 – System stops and prompts for a password for root – On network interfaces the script looks for a DHCP server – Login as user root with password supplied at boot • Insert CD-Rom • system Boot • boot, at the prompt press During the initial •network setup to ifconfig Use • During boot • After boot black hat briefings b l Initial Setup a

• Once x starts c – Right-click on the desktop and select desktop applications k • Select Firefox • Firefox will load and prompt for a login – Login h • User root

• And password supplied at boot a t b r NST WUI i (Web User Interface) e • There are 2 options

– 1. Use the NST from the machine it is running f on – 2. Connect to it from another machine i

• Open up browser and n – Type https://IP ADDRESS/ – NOTE: g » HTTPS » Cannot log in via HTTP due to clear text login s