Professional Documents
Culture Documents
Easttom PPT 06 Final
Easttom PPT 06 Final
Fundamentals
by Chuck Easttom
Examples
The most basic scan: nmap 192.168.1.1
Scan a range of IP addresses: nmap 192.168.1.1-20
Scan to detect the OS: nmap -O 192.168.1.1
etc.
If a specific computer: users, shared folders, etc.
stringsSQLstatement;
sSQLstatement = “SELECT * FROM tblUsers WHERE UserName = ‘ “
If you enter username = admin and the password = password, this code will
produce this SQL command
SELECT * FROM tblUsers WHERE UserName =‘admin’ AND Password =
‘password’
However whatever you type in, gets put into the text field.
NIST 800-115
NIST 800-115 is the National Institute of Standards and
Technology guideline for security assessments for Federal
Information Systems. Assessments include penetration tests.
NIST 800-115 describes security assessments
Four phases:
Planning: Set specific testing goals, related to pevious risk
assessment evaluations on the target network
Discovery: Using of a variety of tools
Attack: apply the discusses hacking techniques
Reporting: Detailited report to the person who hired the
penetration tester