CORE IMPACT

Hamde AL Tamimi
Mohammad Ali Qattan
Amira Mosa AL Braim
Rakan Tayseer

?What is CORE IMPACT

CORE IMPACT is, in fact, an automated penetration( ) testing tool,
which scans a range of hosts looking for Weak Points for which it has

effective exploits() .
These exploits can then be launched against the vulnerable( ) hosts to
attempt to gain access.
Having gained access to a vulnerable host,CORE IMPACT can install Agents
which provide varying levels of remote access (including directory listing,
uploading and downloading files, and so on).
It is even possible to use a compromised host to launch new penetration tests
against other hosts on the network which may not have been visible on the
initial scan.
This way the penetration tester can move from host to host within the
compromised network.

Cont
CORE IMPACT thus allows the user to safely exploit Weak Points in the
network, replicating the kinds of access an intruder could achieve, and proving
actual paths of attacks that must be eliminated.
The product features the Rapid Penetration Test (RPT),
a step-by-step automation of the penetration testing process. From the initial
information gathering phase to production of the final report, the penetration
testing steps within CORE IMPACT can be run completely autonomously. The
steps in this process include:
Information Gathering
Attack and Penetration
Local Information Gathering
Privilege Escalation()
Clean Up
Report Generation

Cont
Each of the six processes listed previously are available as Wizards in the
Rapid Penetration Test window.
By following each of them in turn, the average user will follow the typical
hacker methodology recommended by every generic hackers handbook,
and be able to complete a very comprehensive penetration test without
recourse to experts or outside consultants.
Of course, experts and consultants will also find this tool incredibly useful in
their day-to-day work

Information Gathering
We have types of test which led to multiple ways to gather information
such as:
Client-Side Rapid Penetration Testing
Mobile Device Rapid Penetration Testing
Network Device Rapid Penetration Testing
Network Rapid Penetration Testing
Web Application Rapid Penetration Testing
Wireless Rapid Penetration Testing

Client-Side Rapid
Penetration Testing
In the case of end-user testing, Information Gathering involves the collection of email
addresses to target with phishing, spear phishing(Instead of casting out thousands of e-mails
randomly hoping a few victims will bite, spear phishers target select groups of people with
something in commonthey work at the same company, bank at the same financial institution,
) or other social engineering attacks. CORE IMPACT offers a number of modules for
gathering email addresses of individuals in your organization, or you can enter or import your
own list of email addresses to test.
Key Capabilities
Crawl a website to harvest addresses published on the site
The Major effect of search engines to locate addresses for a given domain
Find addresses in Pretty Good Privacy (PGP)(Pretty Good Privacy (PGP) is a popular
program used to encrypt and decrypt e-mail over the Internet. ) and Whois databases
Scan a domain for documents and scrape useful information from them, such as email
addresses

Mobile Device Rapid

Penetration Testing
To specify mobile devices to test, you simply enter target device information
)such as owner name, email address and phone number (into the CORE
IMPACT interface.

Network Device Rapid

Penetration Testing
If CORE IMPACT Differentiate( ) the operating system of a target and
confirms it to be a network device, it will attempt to collect information about
the device. Alternately, CORE IMPACT includes a Passive Cisco Discovery
Protocol (CDP) network discovery module that listens for broadcasts from
Cisco devices.
Key Capabilities
Fingerprint found devices to determine manufacturer, device model/type, and
operating system details
Determine the inputs on which the device accepts connections or instructions,
including Simple Network Management Protocol (SNMP), Telnet, HTTP, etc.

Network Rapid Penetration

Testing
The Information Gathering step collects data about the targeted network,
typically using Network Discovery, Port Scanner, and OS and Service
Identification modules. Alternately, you can complete this step by importing
information from your network mapping tool or Weak Points scanner.
Key Capabilities
Identify the operating system and services running on targeted machines
Control the IP ranges you want to scan
Select from a variety of network discovery and port scanning methods,
including TCP Connect, Fast synchronise packet in (TCP) and Internet Control
Message Protocol (ICMP)

Web Application Rapid

Penetration Testing

During this phase of the Web Application Rapid Penetration Test, CORE
IMPACT crawls through web pages and identifies pages to test. Alternately, you
can import the results from popular web application Weak Points scanners and
validate imported Weak Points for exploitability() .
Key Capabilities
Specify a domain or range of web pages to crawl
Set a link depth limit for the crawler
Select whether to follow links outside the specified site
Crawl JavaScript to discover and assess dynamically generated pages
Establish the browser type and version to use
Supply any login information required to emulate an attack from someone
with access rights to the web application
Import web scanner results for Weak Points validation

CORE IMPACTs discovery capabilities allow users to identify both authorized networks
and unauthorized points of access. It then profiles any networks discovered by analyzing
signal and packet data to measure network strength, determine security protocols, and
identify devices interacting with the involved network.
Key Capabilities
Discover both known and unknown Wi-Fi networks and access points
Gather MAC addresses and service set identifiers (SSID)(An SSID is the name of a
wireless local area network (WLAN). All wireless devices on a WLAN must employ the
same SSID in order to communicate with each other. ) from beaconing machines
Impersonate( ) access points, and fingerprint / harvest information from
systems that connect
Gather information on network strength, security protocols and connected devices
Scan traffic for streams of sensitive data

Wireless Rapid Penetration

Attack and Penetration

We also have the same categories mentioned before such as:
Client-Side Rapid Penetration Testing
Mobile Device Rapid Penetration Testing
Network Device Rapid Penetration Testing
Network Rapid Penetration Testing
Web Application Rapid Penetration Testing
Wireless Rapid Penetration Testing

Client-Side Rapid
Penetration Testing
In this test, you create an email, associate it with an exploit, and go phishing. The product
includes sample email templates that simulate common phishing attacks. You can also create
your own custom spear phishing emails that effects inside knowledge of your organization.
CORE IMPACTs big library of client-side exploits includes attacks that target endpoint
applications, endpoint security solutions, and endpoint operating systems and services. The
product also takes care of sending the email, giving you options such as selecting an Simple
Mail Transfer Protocol (SMTP) server or Trick a specific from email address.
Key Capabilities
Create phishing, spear phishing and spam emails from a variety of pre-built templates
Safely deploy Agents using real-world malware attacks(Malware, short for malicious
software, is software designed to disrupt computer operation, gather sensitive information, or
gain unauthorized access to computer systems. ) to test end-user system security
Track who responds to attacks and measure the effectiveness of security awareness programs
with or without exploiting their systems

Assess data leakage risks by luring(

) users to complete imposter(
) web
forms
Prove the consequences of a end-user security breach by interacting with compromised
workstations

CORE IMPACT uses real-world attack techniques including phishing, web form impersonation, fake
wireless access points, and wireless man-in-the-middle attacks(The man-in-the-middle attack is a form of
active eavesdropping( ) in which the attacker makes independent connections with the victims and
relays messages between them, making them believe that they are talking directly to each other over a
private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be
able to intercept all messages going between the two victims and inject new ones ) to assess end users and
their devices.
Key Capabilities:
Phishing: send emails and texts that determine whether employees would fall prey to phishing and spear

phishing attacks by clicking through to malicious(

) sites and/or installing Untrusted mobile apps
Web Form Impersonation: assess data leakage threats by doing phishing tests classified with links to
web forms designed to capture and record user-entered data
Fake Wireless Access Points: impersonate valid wireless access points and gather profile information
about the connected devices, launching attacks when the device or user requests data from the fake access
point
Wireless Man-in-the-Middle: identify and monitor wireless networks that have either no encryption or
WEP-based encryption and observe any connected devices; intercept transmissions and insert attacks that
target the connected devices

Mobile Device Rapid

Network Device Rapid

Penetration Testing
CORE IMPACT uses dictionary attacks (a dictionary attack is a technique for
defeating authentication mechanism by trying to determine its decryption key by
searching likely possibilities successively trying all the words in an list called a
dictionary from a pre-arranged list of values . )to guess passwords and gain access to
network devices. Once the device is compromised, CORE IMPACT offers various
modules to explain the ramifications of the breach(

).

Key Capabilities:
Launch dictionary attacks to gain device access
Retrieve the configuration file of a compromised device and try to crack
passwords that are in use
Rename compromised devices
Demonstrate how attackers could intercept copies of data packets via interface
monitoring

Network Rapid Penetration

Testing

During Attack and Penetration, CORE IMPACT automatically selects and launches
remote attacks leveraging( ) IP, OS, architecture, port and service
information obtained in the Information Gathering step. You can choose to launch
every potential attack against each target computer, or you can have the system stop
once it successfully deploys a single Network Agent, which carries the attack
payload. You maintain full control over which computers are attacked and the order in
which exploits are launched. In addition, you can further simplify and speed tests by
excluding exploits that may leave a target service unavailable or take a long time to
run.
Key Capabilities
Launch multiple, many attacks at the time to speed the penetration testing process
Interact with compromised machines via discrete Agents that are installed only in
system memory
Run local exploits to attack machines internally, rather than from across the network
Maintain control over which exploits are applied

Web Application Rapid

Penetration Testing
CORE IMPACT enables you to test web applications for Persistent Cross-Site Scripting (XSS)
(Dynamic Web sites have a threat that static Web sites don't, called "cross-site scripting," also
known as "XSS." ), Reflective XSS (both for static HTML and Adobe Flash objects), Remote File
Inclusion for PHP applications, SQL Injection, and Blind SQL Injection. CORE IMPACT then
dynamically creates exploits to prove whether the Weak Points makes actual threats. If an exploit is
successful, CORE IMPACT establishes an Agent that allows you to take a number of actions to
reveal at-risk information assets.
Key Capabilities
Analyze custom, customized and out-of-the-box web applications for security weaknesses
Validate security exposures using dynamically generated exploits, emulating a hacker trying
various attack paths and methods
Guess application usernames and passwords with dictionary attacks
The effect of Web Application Firewall (WAF) evasion( ) capabilities
Explain the consequences of an attack by interacting with web server file systems and databases
through command shells and database consoles
Perform penetration tests without corrupting web applications or running code on targeted servers

Wireless Rapid Penetration

Testing
CORE IMPACT determines keys by taking advantage of known Weak Points in WEP-secured
networks(Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless
networks ). The solution also assesses networks secured by WPA(Wi-Fi Protected Access (WPA)
and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs
developed to secure wireless computer networks ) and WPA2 (using a Pre-Shared Key) via
dictionary attacks that leverage information from sniffed authentication attempts. Finally, CORE
IMPACT enables you to intercept wireless transmissions and conduct Man-in-the-Middle attacks
Key Capabilities
Replicate attacks against WEP, WPA and WPA2-encrypted networks
Do Man-in-the-Middle attacks, intercept wireless transmissions, and insert exploits into relayed
traffic
Impersonate access points to connect with beaconing systems and test them against remote exploits

Local Information Gathering

The Local Information Gathering step collects information about computers that
have CORE IMPACT agents deployed on them. During this step, you leverage
Network Agents to interact with compromised computers and gather previously
unavailable information about the OS, privileges, users and installed applications.
CORE IMPACT can collect information from all deployed Agents or only from
those that you specify.
Key Capabilities
Browse file structures and view file contents on compromised machines
View rights obtained on compromised machines
Interact with compromised machines via command shells
Explain the consequences of security breaches by replicating the steps an attacker
would take after gaining access to a system
Extract data from compromised mobile devices, including call, SMS and MMS
logs; GPS location; and contact information

Privilege Escalation
During the Privilege Escalation step, CORE IMPACT attempts to penetrate
deeper into a compromised computer by running local exploits in an attempt to
obtain administrative privileges. After Privilege Escalation, you can shift the
source Agent to one of the newly compromised systems and cycle back to the
initial Information Gathering step, thereby establishing a beachhead from which
to run attacks deeper into the network.
Key Capabilities
Run local exploits to attack systems internally, rather than from across the
network
Gain administrative privileges on compromised systems
View the networks to which a compromised computer is connected
Launch attacks from any compromised system to other computers on the
same network, gaining access to systems with increasing levels of security

Cleanup
The Cleanup step automatically uninstalls every connected Agent. Agents are
uninstalled in post order to support complex Agent chains. In addition, all
Agents are automatically uninstalled when closing the active workspace,
regardless of whether the Cleanup step is executed or not.
Key Capabilities
Quickly and easily remove all Agents from compromised machines, leaving
your network and end-user systems in their original states

Penetration Testing Report

Generation

CORE IMPACT generates clear, informative reports that provide data about
targeted systems and applications, results of end-user penetration tests, audits of
all exploits performed, and details about proven Weak Points. You can view and
print reports using Crystal Reports or export them in popular formats such as
HTML, PDF and Microsoft Word.
Key Capabilities
Obtain actionable information about exploited Weak Points, compromised
end-user systems, web application weaknesses and associated risks
Create activity audits to satisfy Commitment and regulatory requirements
Export report content in popular formats that can be easily customized and
shared