Global ETD Search

1	Automatiserad aktiv penetrationstest med Metasploit via webbplatser Hjartarson, Tomas Myung, Blomberg, Joakim, Sakac, Fredrik January 2011 (has links) I dagens samhälle har internet blivit en stor del av vårt dagliga liv. Nu utför man nästan alla sina ärenden på internet via olika webbplatser. Man handlar böcker, elektronik, utför bankärenden och läser nyheterna. Många antar att dessa webbplatser är säkra, men de flesta är medvetna om någon typ av hot på internet. De vet att man inte ska öppna program eller filer man inte känner igen, dock finns det fler faror. Vårt projekt går ut på att skapa en automatiserad process som visar dessa faror. Vi vill visa att det räcker med att gå in på en webbplats och trycka på en knapp för att kunna bli utsatt för dataintrång. Vi använder en LAMP-server för att tillhandahålla webbplatsen och Metasploit Framework för att åstadkomma det automatiska data-intrånget. När intrångsförsöket är slutfört presenteras resultatet för användarna som då vet om de är sårbara för Metasploits verktyg. Vi visar detta både genom text på webbplatsen och genom modifieringar på användarnas system. Som avslutning ser vi till att inga bakdörrar eller dylikt från Metasploit finns kvar på systemet. / In today’s society the internet plays a large part of our ordinary lives. Nowadays one does almost all of ones errands via the internet. You buy books, electronics, solve bank errands and read the news. Many assume that these sites are safe, but are they really aware of the dangers that exists on various websites? Most users know that they should not execute programs or open files that they do not recognize, although these are not the only dangers that users should be aware of. We want to show that it is enough to just visit a seemingly harmless website and click a button to become a victim of computer intrusion. We will be utilizing a LAMP-server to supply the website and the Metasploit Framework to execute the automized penetration. After the process is finished the user will be presented the results on the website stating whether the computer system is vulnerable of the exploits used by the Metasploit Framework or not. We will show the end result both by text on the website and by modifying the users system. After the test is completed we will make sure that there are no residual effects on the computer system. Automatisation Metasploit Computer intrusion Automatisering Metasploit Dataintrång Computer Systems Datorsystem
2	Vikten av säkra nätverk Ihlström, Pontus January 2011 (has links) The purpose of this thesis is to show how to use vulnerability testing to identify and search for security flaws in networks of computers. The goal is partly to give a casual description of different types of methods of vulnerability testing and partly to present the method and results from a vulnerability test. A document containing the results of the vulnerability test will be handed over and a solution to the found high risk vulnerabilities. The goal is also to carry out and present this work as a form of a scholarly work.The problem was to show how to perform vulnerability tests and identify vulnerabilities in the organization's network and systems. Programs would be run under controlled circumstances in a way that they did not burden the network. Vulnerability tests were conducted sequentially, when data from the survey was needed to continue the scan.A survey of the network was done and data in the form of operating system, among other things, were collected in the tables. A number of systems were selected from the tables and were scanned with Nessus. The result was a table across the network and a table of found vulnerabilities. The table of vulnerabilities has helped the organization to prevent these vulnerabilities by updating the affected computers. Also a wireless network with WEP encryption, which is insecure, has been detected and decrypted. Sårbarhet kartläggning exploit Nessus metasploit
3	Exploring Vulnerabilities in Networked Telemetry Shonubi, Felix, Lynton, Ciara, Odumosu, Joshua, Moten, Daryl 10 1900 (has links) ITC/USA 2015 Conference Proceedings / The Fifty-First Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2015 / Bally's Hotel & Convention Center, Las Vegas, NV / The implementation of Integrated Network Enhanced Telemetry (iNET) in telemetry applications provides significant enhancements to telemetry operations. Unfortunately such networking brings the potential for devastating cyber-attacks and networked telemetry is also susceptible to these attacks. This paper demonstrates a worked example of a social engineering attack carried out on a test bed network, analyzing the attack process from launch to detection. For this demonstration, a penetration-testing tool is used to launch the attack. This attack will be monitored to detect its signature using a network monitoring tool, and this signature will then be used to create a rule which will trigger an alert in an Intrusion Detection System. This work highlights the importance of network security in telemetry applications and is critical to current and future telemetry networks as cyber threats are widespread and potentially devastating. Telemetry Exploit Metasploit Intrusion Detection System (IDS)
4	Telemetry Network Intrusion Detection Test Bed Moten, Daryl, Moazzami, Farhad 10 1900 (has links) ITC/USA 2013 Conference Proceedings / The Forty-Ninth Annual International Telemetering Conference and Technical Exhibition / October 21-24, 2013 / Bally's Hotel & Convention Center, Las Vegas, NV / The transition of telemetry from link-based to network-based architectures opens these systems to new security risks. Tools such as intrusion detection systems and vulnerability scanners will be required for emerging telemetry networks. Intrusion detection systems protect networks against attacks that occur once the network boundary has been breached. An intrusion detection model was developed in the Wireless Networking and Security lab at Morgan State University. The model depends on network traffic being filtered into traffic streams. The streams are then reduced to vectors. The current state of the network can be determined using Viterbi analysis of the stream vectors. Viterbi uses the output of the Hidden Markov Model to find the current state of the network. The state information describes the probability of the network being in predefined normal or attack states based on training data. This output can be sent to a network administrator depending on threshold levels. In this project, a penetration-testing tool called Metasploit was used to launch attacks against systems in an isolated test bed. The network traffic generated during an attack was analyzed for use in the MSU intrusion detection model. iNET Telemetry Intrusion Detection System (IDS) Hidden Markov Model Metasploit
5	Penetrationstest Berntsson, Marcus January 2014 (has links) Det här arbete behandlar grunderna i penetrationstestning, vilket är en metod föratt kontrollera säkerheten i datorer och nätverk genom att försöka sätta in sig isamma tankesätt och metoder som en potentiell angripare kan ha.Den teoritiska delen går igenom processen för hur ett penetrationstest kan gå tilloch vad som är viktigt att veta och att tänka på under penetrationstestet.Det presenteras även några populära och användbara verktyg som kananvändas för penetrationstestning, nämligen Nmap, Backtack, Nessus ochMetasploit, samt en nogrann beskrivning av några av de mest vanligtvisförekommande allvarliga sårbarheterna.I genomförandedelen utförs ett penetrationstest i en labmiljö, och sätter då deninformation i den teoritiska delen i praktik. De verktygen som används gåsigenom mer detaljerat och olika metoder för att använda dessa verktyg ipenetrationstestningssyfte testas.Penetrationstestet gås igenom stegvis, och börjar med att hitta maskiner pånätverket och även hitta detaljerad information och möjligheter för angrepp. Deninformationen används sedan för att hitta sårbarheter i maskinerna, och slutligenutnyttjas dessa sårbarheter för att installera ett remote-access program och gekontrollen till den angripande datorn. penetrationstest säkerhet IT metasploit Nmap Nessus Computer Engineering Datorteknik
6	Antivirus performance in detecting Metasploit payloads : A Case Study on Anti-Virus Effectiveness Nyberg, Eric, Dinis Ferreira, Leandro January 2023 (has links) This paper will focus solely on the effectiveness of AV (antivirus) in detecting Metasploit payloads which have been encapsulated with different encapsulation modules. There seems to be a significant knowledge gap in the evaluation of commercial antivirus's software and their ability to detect malicious code and stop such code from being executed on IT systems. Therefore we would like to evaluate the capabilities of modern AV software with the use of penetration testing tools such as Metasploit. The research process is heavily reliant on a case study methodology as it can be argued that each payload generated reflects a case in itself. Firstly the payloads are generated and encapsulated through the self developed software, secondly they are uploaded to VirusTotal to be scanned with the use of their publicly available API, third the results are obtained from VirusTotal and stored locally. Lastly the results are filtered through with the software which in turn generates graphs of the results. These results will provide sufficient data in comparing encapsulation methods, payload detection rates, draw conclusions regarding which operating system may be most vulnerable as well as the overall state of modern AV software's capabilities in detecting malicious payloads. There are plenty of noteworthy conclusions to be drawn from the results, one of them being the most efficient encapsulation method powershell_base64 which had amongst the lowest detection rates in regards to the amounts of payloads it encoded, meaning that its encapsulation hid the malicious code from the AV at a higher degree than most the other encapsulation modules. The most noteworthy conclusion from the results gathered however is the encapsulation methods which obtained the absolute lowest detection rates, these were x86_nonalpha, x86_shikata_ga_nai, x86_xor_dynamic as well as payloads without any encoding at all, which had a few payloads reach among the lowest detection rates across the board (<20%). Metasploit Anti-Virus Effectivness AV Effectiveness MSFVenom Antivirus AV Software Metasploit Encoding Encodings Detection rates AV Efficiency Antivirus efficiency payloads payload detection.. Computer Systems Datorsystem
7	Proposta de identificação de ataques ao serviço SSH usando padrões no consumo de corrente em plataformas embarcadas Galvan, Victor Gabriel 22 November 2016 (has links) Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / This paper presents the obtaining of electric power consumption curves, from the responses generated by an embedded low-cost Raspberry Pi 2 Model B system running the Linux operating system Raspbian working as a remote access server SSH, which is assessed through different types of access and brute force attacks dictionaries through specialized tools Medusa and Hydra, as well as the tool Metasploit unspecialized. The energy behavior is interpreted by a current consumption measurement system developed by low embedded platform cost Arduino Uno that runs a current sensor based on ACS721ELC-5A Hall effect chip, which has the ability to collect the variations generated by the platform test in response to events produced by the proposed test scenarios, the data is processed by the framework Matlab that collects, parses and normalizes using the Welch method, the current signal which is interpreted by Arduino Uno subsequently presents a standard curve It features a particular event based on scenarios of evidence. The results show the different curves standard patterns, and contextualized on the types of scenarios evaluated subsequently presents a theoretical mathematical model of the proposed power consumption, as well as rules or signatures proposed to identify an attack using the detection method of standards used IDS Snort. These current curves facilitate understanding and obtaining a pattern of current consumption for each access and attack the embedded platform. / Este trabalho apresenta a obtenção de curvas de consumo de corrente elétrica, a partir das respostas geradas por um sistema embarcado de baixo custo Raspberry Pi 2 Model B executando o sistema operacional Linux Raspbian trabalhando como um servidor de acesso remoto SSH, que é avaliado através de diferentes tipos de acessos e ataques de força bruta com dicionários através das ferramentas especializadas Medusa e Hydra, como também a ferramenta não especializada Metasploit. O comportamento energético é interpretado por um sistema de medição de consumo de corrente desenvolvido pela plataforma embarcada de baixo custo Arduino Uno que administra um sensor de corrente baseado no chip ACS721ELC- 5A de efeito Hall, que possui a capacidade de coletar as variações geradas pela plataforma de teste em resposta aos eventos produzidos pelos cenários de provas propostos, os dados são processados pelo Framework Matlab que coleta, analisa e normaliza por meio do método de Welch o sinal de corrente que é interpretado pelo Arduino Uno, posteriormente apresentase uma curva padrão que caracteriza um determinado evento baseado nos cenários de provas. Os resultados apresentam as diferentes curvas padrões normalizadas, e contextualizadas nos tipos de cenários avaliados, seguidamente apresenta-se um modelo matemático teórico do consumo de corrente proposto, como também as regras ou assinaturas propostas para identificar um ataque através do método de detecção por padrões que utilizada o IDS Snort. Essas curvas de corrente facilitam o entendimento e obtenção de um padrão de consumo de corrente para cada acesso e ataque na plataforma embarcada. Computação Raspberry Pi Sistemas embarcados Arduino Uno SSH Medusa Hydra Metasploit
8	Graybox-baserade säkerhetstest : Att kostnadseffektivt simulera illasinnade angrepp Linnér, Samuel January 2008 (has links) <p>Att genomföra ett penetrationstest av en nätverksarkitektur är komplicerat, riskfyllt och omfattande. Denna rapport utforskar hur en konsult bäst genomför ett internt penetrationstest tidseffektivt, utan att utelämna viktiga delar. I ett internt penetrationstest får konsulten ofta ta del av systemdokumentation för att skaffa sig en bild av nätverksarkitekturen, på så sätt elimineras den tid det tar att kartlägga hela nätverket manuellt. Detta medför även att eventuella anomalier i systemdokumentationen kan identifieras. Kommunikation med driftansvariga under testets gång minskar risken för missförstånd och systemkrascher. Om allvarliga sårbarheter identifieras meddelas driftpersonalen omgå-ende. Ett annat sätt att effektivisera testet är att skippa tidskrävande uppgifter som kommer att lyckas förr eller senare, t.ex. lösenordsknäckning, och istället påpeka att orsaken till sårbarheten är att angriparen har möjlighet att testa lösenord obegränsat antal gånger. Därutöver är det lämpligt att simulera vissa attacker som annars kan störa produktionen om testet genomförs i en driftsatt miljö.</p><p>Resultatet av rapporten är en checklista som kan tolkas som en generell metodik för hur ett internt penetrationstest kan genomföras. Checklistans syfte är att underlätta vid genomförande av ett test. Processen består av sju steg: förberedelse och planering, in-formationsinsamling, sårbarhetsdetektering och analys, rättighetseskalering, penetrationstest samt summering och rapportering.</p> / <p>A network architecture penetration test is complicated, full of risks and extensive. This report explores how a consultant carries it out in the most time effective way, without overlook important parts. In an internal penetration test the consultant are often allowed to view the system documentation of the network architecture, which saves a lot of time since no total host discovery is needed. This is also good for discovering anomalies in the system documentation. Communication with system administrators during the test minimizes the risk of misunderstanding and system crashes. If serious vulnerabilities are discovered, the system administrators have to be informed immediately. Another way to make the test more effective is to skip time consuming tasks which will succeed sooner or later, e.g. password cracking, instead; point out that the reason of the vulnerability is the ability to brute force the password. It is also appropriate to simulate attacks which otherwise could infect the production of the organization.</p><p>The result of the report is a checklist by means of a general methodology of how in-ternal penetration tests could be implemented. The purpose of the checklist is to make it easier to do internal penetration tests. The process is divided in seven steps: Planning, information gathering, vulnerability detection and analysis, privilege escalation, pene-tration test and final reporting.</p> Penetration test black box gray box white box vulnerabilities exploit methodology checklist nmap metasploit xss sql-injection security Penetrationstest internt blackbox graybox whitebox sårbarheter exploit metodik checklista nmap metasploit xss sql-injection säkerhet Computer science Datalogi
9	Graybox-baserade säkerhetstest : Att kostnadseffektivt simulera illasinnade angrepp Linnér, Samuel January 2008 (has links) Att genomföra ett penetrationstest av en nätverksarkitektur är komplicerat, riskfyllt och omfattande. Denna rapport utforskar hur en konsult bäst genomför ett internt penetrationstest tidseffektivt, utan att utelämna viktiga delar. I ett internt penetrationstest får konsulten ofta ta del av systemdokumentation för att skaffa sig en bild av nätverksarkitekturen, på så sätt elimineras den tid det tar att kartlägga hela nätverket manuellt. Detta medför även att eventuella anomalier i systemdokumentationen kan identifieras. Kommunikation med driftansvariga under testets gång minskar risken för missförstånd och systemkrascher. Om allvarliga sårbarheter identifieras meddelas driftpersonalen omgå-ende. Ett annat sätt att effektivisera testet är att skippa tidskrävande uppgifter som kommer att lyckas förr eller senare, t.ex. lösenordsknäckning, och istället påpeka att orsaken till sårbarheten är att angriparen har möjlighet att testa lösenord obegränsat antal gånger. Därutöver är det lämpligt att simulera vissa attacker som annars kan störa produktionen om testet genomförs i en driftsatt miljö. Resultatet av rapporten är en checklista som kan tolkas som en generell metodik för hur ett internt penetrationstest kan genomföras. Checklistans syfte är att underlätta vid genomförande av ett test. Processen består av sju steg: förberedelse och planering, in-formationsinsamling, sårbarhetsdetektering och analys, rättighetseskalering, penetrationstest samt summering och rapportering. / A network architecture penetration test is complicated, full of risks and extensive. This report explores how a consultant carries it out in the most time effective way, without overlook important parts. In an internal penetration test the consultant are often allowed to view the system documentation of the network architecture, which saves a lot of time since no total host discovery is needed. This is also good for discovering anomalies in the system documentation. Communication with system administrators during the test minimizes the risk of misunderstanding and system crashes. If serious vulnerabilities are discovered, the system administrators have to be informed immediately. Another way to make the test more effective is to skip time consuming tasks which will succeed sooner or later, e.g. password cracking, instead; point out that the reason of the vulnerability is the ability to brute force the password. It is also appropriate to simulate attacks which otherwise could infect the production of the organization. The result of the report is a checklist by means of a general methodology of how in-ternal penetration tests could be implemented. The purpose of the checklist is to make it easier to do internal penetration tests. The process is divided in seven steps: Planning, information gathering, vulnerability detection and analysis, privilege escalation, pene-tration test and final reporting. Penetration test black box gray box white box vulnerabilities exploit methodology checklist nmap metasploit xss sql-injection security Penetrationstest internt blackbox graybox whitebox sårbarheter exploit metodik checklista nmap metasploit xss sql-injection säkerhet Computer Sciences Datavetenskap (datalogi)
10	Soubor laboratorních úloh k demonstraci počítačových útoků / Collection of laboratory works for demonstration of computer attacks Plašil, Matouš January 2015 (has links) Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.

Search results