Amine Saighi

Member [at] Owasp Algeria Student ChapterMember[at] UMC-TECHStudent [at] UMC

Email: amin.saighi@gmail.com Twitter: @KrNnt

Introduction to penetration testing

What’s Pen-testing ?

Why Perform Pen-testing ?

Pen-testing Methodology.

Real world to Pen-testing.

Summary?

History

Pen-testing

What’s Pen-test ?

There are a variety of reasons for performing a penetration test.

Find vulnerabilities before any attacker.Outside expert report the vulnerabilities so that the management can approve to fix them.2 in 1 - Check out a critical computer system.

- Good security practice.Testing a new system before it goes on-line.Gives them another chance.

Why perform Pen-testing ?

A methodology defines a set of rules

-Practices.

-Procedures.

-Methods.

Pen-testing Methodology

Types of Penetration Testing :

-Black-Box -White-Box

Pen-testing Methodology

Black Box

- External testing- Technologies OFF- Using hacking method- Public or 0Days exploit

Pen-testing Methodology

- Harvest information- Categorizing and translating

the identified risks- Black-Hat

Pen-testing Methodology

White-Box

-Internal testing-Technologies ON-With minimum possible efforts it can help to

view and evaluate the security vulnerabilities-There are always risks

Pen-testing Methodology

-White-box < Black-box -The time and the cost < black box's ones-White-hat

Pen-testing Methodology

The combination of both types of penetration testing

Internal& External ’Grey-Box’

Grey-box approach => Black+White-Box approach

Pen-testing Methodology

Information Intelligence.

Scanning and Enumerating.

Advanced fingerprinting.

Vulnerability Assessment.

Real world to pen-testing

Information Intelligence.

Information gathering techniques.

Real world to pen-testing

Organize your information during penetration testing

The foundation for any successful penetration test is solid information gathering.

Using nmap : nmap –oA myscan –-open IP

Start dradis server : ./start.sh

Real world to pen-testing

Google/Bing Hacking

Searching within a Domain Site:www.umc.edu.dz Filetype:pdf site:www.umc.edu.dz

We will use SearchDiggity for extensive and comprehensive searching

Google hacking database

Real world to pen-testing

Real world to pen-testing

Real world to pen-testing

Real world to pen-testing

Hunting and profiling people

Now we will use pipl.com to search for people and find more information about your target .

I will hunt my self.You can search with mobile number or

username or email.

Real world to pen-testing

Real world to pen-testing

Gathering e-mail accounts subdomains/hostnames for a domain

The Harvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from

different public sources.

./theHarvester.py -d yahoo.com -l 500 -b google

Real world to pen-testing

Real world to pen-testing

Scanning and Enumerating.

TCP and UDP port scanning

Scanning

The goal of the scanning phase is to learn more about the t target environment and find openings by directly interacting with the target systems.

Real world to pen-testing

TCP Port Scanningnc -vv -z –w 2 IP 443-445 Or use metasploit auxiliary TCP Port Scanner

TCP SYN Port ScanningNmap –s IP Or use metasploit auxiliary TCP SYN Port Scanner

TCP ACK Firewall Scanning nmap -v -sA IP -P0 Or use metasploit auxiliary TCP ACK Firewall Scanner

Real world to pen-testing

Real world to pen-testing

UDP sweeping and probing

nmap -sU -v IP

We can also use metasploit udp_sweep auxiliary to Detect common UDP services

We can also use metasploit udp_probe to Detect common UDP services using sequential probes

Real world to pen-testing

MySQL server version enumeration

We will use metasploit mysql_version auxiliary to determine the version of MySQL server

use auxiliary/scanner/mysql/mysql_version

Real world to pen-testing

Online Tools

We will use online tools that can automate DNS Reconnaissance

Who.is Robtex.com intodns.com domaincrawler.com

Real world to pen-testing

Advanced Web Application fingerprinting

WhatWeb aims to be a fast, accurate, and very generic web application fingerprinter that identifies application and plugin versions via static files.

./whatweb –v url

Real world to pen-testing

Real world to pen-testing

Real world to pen-testing

Advanced Web Application Firewall fingerprinting

WAFW00F allows you fingerprint WAF products protecting a website.

./wafw00f.py url

Real world to pen-testing

Real world to pen-testing

Real world to pen-testing

Advanced DNS and HTTP Load Balancers fingerprinting

During penetration testing finding load balancers on the site is always Complicated and clients expects us to determine the same machine with different IP Addresses

./lbd.sh url

Real world to pen-testing

Real world to pen-testing

VA vs PT

Vulnerability Analysis is the process of identifying vulnerabilities on a network.

Whereas a Penetration Testing is focused on actually gaining unauthorized access to the tested systems and using that access to the network or data.

Real world to pen-testing

Nessus

The Nessus vulnerability scanner is the world-leader in active scanners with more than five million downloads to date.

Nessus features high-speed discovery, configuration auditing, asset profiling,sensitive data discovery and vulnerability analysis of your security posture.

Assuring SecurityGrey HatReal world to penetration testing

Bibliography

Thanks !

Questions?

●Web site: www.owaspalgeriasc.org●Email: owasp@esi.dz●Twitter: @DzOWASP●Facebook: http://on.fb.me/OwaspAlgeriaSC●Google Plus: http://bit.ly/GplusOwaspAlgeriaSC