Now let’s talk in details about 3 major concepts:
Computer Security OSI Security Architecture Cryptography 1- Computer security A definition of computer security consists of 3 concepts, we can name these concepts as CIA security concept
Confidentiality Integrity Availability Confidentiality Assure that confidential information is not available to unauthorized users.
Integrity Assure that information are only changed in a specified and authorized manner.
Availability Assure that services are available to authorized users.
Introduction Metasploit framework is a penetration testing framework that contain a lot of tools (port scanners, vulnerability scanners, exploits,…etc), now we will start with the important step in penetration testing. Information Gathering The first and the most imprtant step in penetration testing is information gathering, it is collecting as much information as possible about a target and your information must be accurate.
Information gathering is 2 types
1- Passive information Gathering: It’s collecting information wthout touching the target like using
IPTables IPTablesis a front-end to control and manage netfilter.
We will focus on layer 3 (Network) controlling source and destination IP Addresses, and layer 4 (ransport) TCP and UDP.
Filter table uses to control IP packets filtering, and it’s consist of 3 chains (INPUT, FORWARD and OUTPUT)
How To use IPTables IPTables command consist of parts, let’s discuss iptables command fields
1- iptables
2- action APPEND, replace, inseart, delete..) followed by name of the chain such as (INPUT, FORWARD or OUTPUT) for Filter tables.
GNU Privacy Guard (GPG/PGP) for encrypting messages by using PKI or asymmetric keywhich is a mechanism uses public and private key.
sender side
public key use to encrypt message to send it. receiver side
private key use to decrypt encrypted message. Owner of the keys can exchange public key with others , and then they send back encrypted messages again to the owner (message encrypt by public key and decrypt by private key), and as usual private key must be secured well.
SSH (secure shell) for making encrypted connection between 2 computers by using a secure channel between these computers for (remote access, copying files, etc..).
SSH is based on client server model: server (SSHD) and clients (scp,sftp,ssh)
Why SSH: SSH with it’s sub-system (scp , sftp ) is instead of (telnet, ftp, rcp ) and protocols that run these program are insecure. Telnet for example uses non encrypted channel to connect with another computer, so man in the middle attack can intercept telnet messages and can get sensitive information such as username and password.
Nmap or Network Mapper, it’s a security scanner for scan ports, OS fingerprinting, banners and others ) in range of network or a specific machine, Nmap written by Faydor
Now we want to use this program to scan our system to know what banners will shown to attacker, and open ports that is not useful to my system and i have to close it or shutdown these services that works on these ports.
Symmetric encryption or symmetric key or single-key encryption is an encryption system which the encryption and the decryption processes are preforms using the same key.
Symmetric Encryption Model: Plaintext (P) The original message or data, the plaintext is an input to the encryption algorithm. Encryption algorithm (E) This algorithm preforms various substitution and transposition on the plaintext and produces the ciphertext. Ciphertext (C) Is the output produced by the encryption algorithm , the ciphertext is scrambled message and it is appears like a random stream of data.
Scanning ByModules Metasploit contains a lot of modules such as (port scanners, banner grabbers for services … etc), we will use here some of these modules
Note 1: To get port scanner modules msf> search portscan TCP-SYN scanning To make TCP-SYN port scan(syn), to use a module use use command
msf> useauxiliary/scanner/portscan/syn
Then to adjust this modules use show options, you will see many options and you can set any variable you want by set command, for example to set IP address of the target address set RHOST 192.
Matching in IPTables IPTables basically based on matching all packets with rules in IPTables tables (Filter, NAT, Mangle) So we can manage matching based on various ways (MAC, IP, ports, protocols .. etc ) or we can say it’s based on Network layers (Data Link, Network, Transport).
For layer 2 (Data Link) based on MAC address For source MAC You can use this flag -m mac --mac-source and for destination MAC you can use this flag -m mac --mac-destination, this will match based on MAC address instead of IP address
Encryption and Decryption We now try to encrypt messages or text file by using GPG, for example i have a file (example.txt) contain
Testing GPG encryption 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Let’s encrypt it with my public key, let’s list our keys by command gpg --list-key
pub 2048R/55728FBB 2010-11-20 uid example <[email protected]> sub 2048R/5A5F62F0 2010-11-20 We will encrypt example.
