Transcript CORE IMPACT

CORE IMPACT
Hamde AL Tamimi
Mohammad Ali Qattan
Amira Mosa AL Braim
Rakan Tayseer
What is CORE IMPACT ?
 CORE IMPACT is, in fact, an automated penetration(‫ ) تغلغل‬testing tool,
which scans a range of hosts looking for Weak Points for which it has
effective exploits(‫) استغالل‬.
 These exploits can then be launched against the vulnerable(‫ ) الضعيفة‬hosts
to attempt to gain access.
 Having gained access to a vulnerable host,CORE IMPACT can install Agents
which provide varying levels of remote access (including directory listing,
uploading and downloading files, and so on).
 It is even possible to use a compromised host to launch new penetration tests
against other hosts on the network which may not have been visible on the
initial scan.
 This way the penetration tester can move from host to host within the
compromised network.
Cont
CORE IMPACT thus allows the user to safely exploit Weak Points in the
network, replicating the kinds of access an intruder could achieve, and proving
actual paths of attacks that must be eliminated.
The product features the Rapid Penetration Test (RPT),
a step-by-step automation of the penetration testing process. From the initial
information gathering phase to production of the final report, the penetration
testing steps within CORE IMPACT can be run completely autonomously. The
steps in this process include:
Information Gathering
Attack and Penetration
Local Information Gathering
Privilege Escalation(‫) التصعيد‬
Clean Up
Report Generation
Cont
 Each of the six processes listed previously are available as Wizards in the
Rapid Penetration Test window.
 By following each of them in turn, the average user will follow the typical
“hacker methodology” recommended by every generic hacker’s handbook,
and be able to complete a very comprehensive penetration test without
recourse to experts or outside consultants.
 Of course, experts and consultants will also find this tool incredibly useful in
their day-to-day work
Information Gathering
We have types of test which led to multiple ways to gather information
such as:
 Client-Side Rapid Penetration Testing
 Mobile Device Rapid Penetration Testing
 Network Device Rapid Penetration Testing
 Network Rapid Penetration Testing
 Web Application Rapid Penetration Testing
 Wireless Rapid Penetration Testing
Client-Side Rapid
Penetration Testing
In the case of end-user testing, Information Gathering involves the collection of
email addresses to target with phishing, spear phishing(Instead of casting out
thousands of e-mails randomly hoping a few victims will bite, spear phishers
target select groups of people with something in common—they work at the
same company, bank at the same financial institution, ) or other social
engineering attacks. CORE IMPACT offers a number of modules for gathering
email addresses of individuals in your organization, or you can enter or import
your own list of email addresses to test.
Key Capabilities
Crawl a website to harvest addresses published on the site
The Major effect of search engines to locate addresses for a given domain
Find addresses in Pretty Good Privacy (PGP)(Pretty Good Privacy (PGP) is a
popular program used to encrypt and decrypt e-mail over the Internet. ) and
Whois databases
Scan a domain for documents and scrape useful information from them, such
as email addresses
Mobile Device Rapid
Penetration Testing
 To specify mobile devices to test, you simply enter target device information
)such as owner name, email address and phone number (into the CORE
IMPACT interface.
Network Device Rapid
Penetration Testing
If CORE IMPACT Differentiate(‫ ) تميز‬the operating system of a target and
confirms it to be a network device, it will attempt to collect information about
the device. Alternately, CORE IMPACT includes a Passive Cisco Discovery
Protocol (CDP) network discovery module that listens for broadcasts from
Cisco devices.
Key Capabilities
Fingerprint found devices to determine manufacturer, device model/type, and
operating system details
Determine the inputs on which the device accepts connections or instructions,
including Simple Network Management Protocol (SNMP), Telnet, HTTP, etc.
Network Rapid Penetration
Testing
The Information Gathering step collects data about the targeted network,
typically using Network Discovery, Port Scanner, and OS and Service
Identification modules. Alternately, you can complete this step by importing
information from your network mapping tool or Weak Points scanner.
Key Capabilities
 Identify the operating system and services running on targeted machines
 Control the IP ranges you want to scan
 Select from a variety of network discovery and port scanning methods,
including TCP Connect, Fast synchronise packet in (TCP) and Internet
Control Message Protocol (ICMP)
Web Application Rapid
Penetration Testing
During this phase of the Web Application Rapid Penetration Test, CORE
IMPACT crawls through web pages and identifies pages to test. Alternately, you
can import the results from popular web application Weak Points scanners and
validate imported Weak Points for exploitability(‫) إمكانية االستغالل‬.
Key Capabilities
Specify a domain or range of web pages to crawl
Set a link depth limit for the crawler
Select whether to follow links outside the specified site
Crawl JavaScript to discover and assess dynamically generated pages
Establish the browser type and version to use
Supply any login information required to emulate an attack from someone
with access rights to the web application
Import web scanner results for Weak Points validation
Wireless Rapid Penetration
Testing
CORE IMPACT’s discovery capabilities allow users to identify both authorized
networks and unauthorized points of access. It then profiles any networks discovered
by analyzing signal and packet data to measure network strength, determine security
protocols, and identify devices interacting with the involved network.
Key Capabilities
Discover both known and unknown Wi-Fi networks and access points
Gather MAC addresses and service set identifiers (SSID)(An SSID is the name of
a wireless local area network (WLAN). All wireless devices on a WLAN must
employ the same SSID in order to communicate with each other. ) from beaconing
machines
Impersonate(‫ ) انتحال صفة‬access points, and fingerprint / harvest information
from systems that connect
Gather information on network strength, security protocols and connected devices
Scan traffic for streams of sensitive data
Attack and Penetration
We also have the same categories mentioned before such as:
 Client-Side Rapid Penetration Testing
 Mobile Device Rapid Penetration Testing
 Network Device Rapid Penetration Testing
 Network Rapid Penetration Testing
 Web Application Rapid Penetration Testing
 Wireless Rapid Penetration Testing
Client-Side Rapid
Penetration Testing
In this test, you create an email, associate it with an exploit, and go phishing. The product
includes sample email templates that simulate common phishing attacks. You can also create
your own custom spear phishing emails that effects inside knowledge of your organization.
CORE IMPACT’s big library of client-side exploits includes attacks that target endpoint
applications, endpoint security solutions, and endpoint operating systems and services. The
product also takes care of sending the email, giving you options such as selecting an Simple
Mail Transfer Protocol (SMTP) server or Trick a specific “from” email address.
Key Capabilities
Create phishing, spear phishing and spam emails from a variety of pre-built templates
Safely deploy Agents using real-world malware attacks(Malware, short for malicious
software, is software designed to disrupt computer operation, gather sensitive information, or
gain unauthorized access to computer systems. ) to test end-user system security
Track who responds to attacks and measure the effectiveness of security awareness programs
with or without exploiting their systems
‫استدراج‬
‫دجال‬
Assess data leakage risks by luring(
) users to complete imposter(
) web
forms
Prove the consequences of a end-user security breach by interacting with compromised
workstations
Mobile Device Rapid
Penetration Testing
CORE IMPACT uses real-world attack techniques including phishing, web form impersonation,
fake wireless access points, and wireless man-in-the-middle attacks(The man-in-the-middle
attack is a form of active eavesdropping(‫ ) التنصت‬in which the attacker makes independent
connections with the victims and relays messages between them, making them believe that they
are talking directly to each other over a private connection, when in fact the entire conversation
is controlled by the attacker. The attacker must be able to intercept all messages going between
the two victims and inject new ones ) to assess end users and their devices.
Key Capabilities:
Phishing: send emails and texts that determine whether employees would fall prey to phishing
‫خبيث‬
and spear phishing attacks by clicking through to malicious(
) sites and/or installing
Untrusted mobile apps
Web Form Impersonation: assess data leakage threats by doing phishing tests classified with
links to web forms designed to capture and record user-entered data
Fake Wireless Access Points: impersonate valid wireless access points and gather profile
information about the connected devices, launching attacks when the device or user requests
data from the fake access point
Wireless Man-in-the-Middle: identify and monitor wireless networks that have either no
encryption or WEP-based encryption and observe any connected devices; intercept
transmissions and insert attacks that target the connected devices
Network Device Rapid
Penetration Testing
CORE IMPACT uses dictionary attacks (a dictionary attack is a technique for
defeating authentication mechanism by trying to determine its decryption key
by searching likely possibilities successively trying all the words in an list
called a dictionary from a pre-arranged list of values . )to guess passwords and
gain access to network devices. Once the device is compromised, CORE
IMPACT offers various modules to explain the ramifications of the
breach(‫الخرق‬
‫)تداعيات‬.
Key Capabilities:
Launch dictionary attacks to gain device access
Retrieve the configuration file of a compromised device and try to crack
passwords that are in use
Rename compromised devices
Demonstrate how attackers could intercept copies of data packets via interface
monitoring
Network Rapid Penetration
Testing
During Attack and Penetration, CORE IMPACT automatically selects and launches
remote attacks leveraging(‫ ) االستفادة من‬IP, OS, architecture, port and service
information obtained in the Information Gathering step. You can choose to launch
every potential attack against each target computer, or you can have the system stop
once it successfully deploys a single Network Agent, which carries the attack
payload. You maintain full control over which computers are attacked and the order
in which exploits are launched. In addition, you can further simplify and speed tests
by excluding exploits that may leave a target service unavailable or take a long time
to run.
Key Capabilities
Launch multiple, many attacks at the time to speed the penetration testing process
Interact with compromised machines via discrete Agents that are installed only in
system memory
Run local exploits to attack machines internally, rather than from across the
network
Maintain control over which exploits are applied
Web Application Rapid
Penetration Testing
CORE IMPACT enables you to test web applications for Persistent Cross-Site Scripting
(XSS)(Dynamic Web sites have a threat that static Web sites don't, called "cross-site scripting,"
also known as "XSS." ), Reflective XSS (both for static HTML and Adobe Flash® objects),
Remote File Inclusion for PHP applications, SQL Injection, and Blind SQL Injection. CORE
IMPACT then dynamically creates exploits to prove whether the Weak Points makes actual
threats. If an exploit is successful, CORE IMPACT establishes an Agent that allows you to take
a number of actions to reveal at-risk information assets.
Key Capabilities
Analyze custom, customized and out-of-the-box web applications for security weaknesses
Validate security exposures using dynamically generated exploits, emulating a hacker trying
various attack paths and methods
Guess application usernames and passwords with dictionary attacks
The effect of Web Application Firewall (WAF) evasion( ‫ )التهرب‬capabilities
Explain the consequences of an attack by interacting with web server file systems and
databases through command shells and database consoles
Perform penetration tests without corrupting web applications or running code on targeted
servers
Wireless Rapid Penetration
Testing
CORE IMPACT determines keys by taking advantage of known Weak Points in
WEP-secured networks(Wired Equivalent Privacy (WEP) is a security algorithm for
IEEE 802.11 wireless networks ). The solution also assesses networks secured by
WPA(Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two
security protocols and security certification programs developed to secure wireless
computer networks ) and WPA2 (using a Pre-Shared Key) via dictionary attacks that
leverage information from sniffed authentication attempts. Finally, CORE IMPACT
enables you to intercept wireless transmissions and conduct Man-in-the-Middle
attacks
Key Capabilities
Replicate attacks against WEP, WPA and WPA2-encrypted networks
Do Man-in-the-Middle attacks, intercept wireless transmissions, and insert exploits
into relayed traffic
Impersonate access points to connect with beaconing systems and test them against
remote exploits
Local Information Gathering
The Local Information Gathering step collects information about computers that
have CORE IMPACT agents deployed on them. During this step, you leverage
Network Agents to interact with compromised computers and gather previously
unavailable information about the OS, privileges, users and installed applications.
CORE IMPACT can collect information from all deployed Agents or only from
those that you specify.
Key Capabilities
 Browse file structures and view file contents on compromised machines
 View rights obtained on compromised machines
 Interact with compromised machines via command shells
 Explain the consequences of security breaches by replicating the steps an attacker
would take after gaining access to a system
 Extract data from compromised mobile devices, including call, SMS and MMS
logs; GPS location; and contact information
Privilege Escalation
During the Privilege Escalation step, CORE IMPACT attempts to penetrate
deeper into a compromised computer by running local exploits in an attempt to
obtain administrative privileges. After Privilege Escalation, you can shift the
source Agent to one of the newly compromised systems and cycle back to the
initial Information Gathering step, thereby establishing a beachhead from which
to run attacks deeper into the network.
Key Capabilities
 Run local exploits to attack systems internally, rather than from across the
network
 Gain administrative privileges on compromised systems
 View the networks to which a compromised computer is connected
 Launch attacks from any compromised system to other computers on the
same network, gaining access to systems with increasing levels of security
Cleanup
The Cleanup step automatically uninstalls every connected Agent. Agents are
uninstalled in post order to support complex Agent chains. In addition, all
Agents are automatically uninstalled when closing the active workspace,
regardless of whether the Cleanup step is executed or not.
Key Capabilities
 Quickly and easily remove all Agents from compromised machines, leaving
your network and end-user systems in their original states
Penetration Testing Report
Generation
CORE IMPACT generates clear, informative reports that provide data about
targeted systems and applications, results of end-user penetration tests, audits of
all exploits performed, and details about proven Weak Points. You can view and
print reports using Crystal Reports or export them in popular formats such as
HTML, PDF and Microsoft Word.
Key Capabilities
 Obtain actionable information about exploited Weak Points, compromised
end-user systems, web application weaknesses and associated risks
 Create activity audits to satisfy Commitment and regulatory requirements
 Export report content in popular formats that can be easily customized and
shared