Upload
amin-saighi
View
274
Download
0
Embed Size (px)
Citation preview
Amine Saighi
Member [at] Owasp Algeria Student ChapterMember[at] UMC-TECHStudent [at] UMC
Email: [email protected] Twitter: @KrNnt
Introduction to penetration testing
What’s Pen-testing ?
Why Perform Pen-testing ?
Pen-testing Methodology.
Real world to Pen-testing.
Summary?
History
Pen-testing
What’s Pen-test ?
There are a variety of reasons for performing a penetration test.
Find vulnerabilities before any attacker.Outside expert report the vulnerabilities so that the management can approve to fix them.2 in 1 - Check out a critical computer system.
- Good security practice.Testing a new system before it goes on-line.Gives them another chance.
Why perform Pen-testing ?
A methodology defines a set of rules
-Practices.
-Procedures.
-Methods.
Pen-testing Methodology
Types of Penetration Testing :
-Black-Box -White-Box
Pen-testing Methodology
Black Box
- External testing- Technologies OFF- Using hacking method- Public or 0Days exploit
Pen-testing Methodology
- Harvest information- Categorizing and translating
the identified risks- Black-Hat
Pen-testing Methodology
White-Box
-Internal testing-Technologies ON-With minimum possible efforts it can help to
view and evaluate the security vulnerabilities-There are always risks
Pen-testing Methodology
-White-box < Black-box -The time and the cost < black box's ones-White-hat
Pen-testing Methodology
The combination of both types of penetration testing
Internal& External ’Grey-Box’
Grey-box approach => Black+White-Box approach
Pen-testing Methodology
Information Intelligence.
Scanning and Enumerating.
Advanced fingerprinting.
Vulnerability Assessment.
Real world to pen-testing
Information Intelligence.
Information gathering techniques.
Real world to pen-testing
Organize your information during penetration testing
The foundation for any successful penetration test is solid information gathering.
Using nmap : nmap –oA myscan –-open IP
Start dradis server : ./start.sh
Real world to pen-testing
Google/Bing Hacking
Searching within a Domain Site:www.umc.edu.dz Filetype:pdf site:www.umc.edu.dz
We will use SearchDiggity for extensive and comprehensive searching
Google hacking database
Real world to pen-testing
Real world to pen-testing
Real world to pen-testing
Real world to pen-testing
Hunting and profiling people
Now we will use pipl.com to search for people and find more information about your target .
I will hunt my self.You can search with mobile number or
username or email.
Real world to pen-testing
Real world to pen-testing
Gathering e-mail accounts subdomains/hostnames for a domain
The Harvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from
different public sources.
./theHarvester.py -d yahoo.com -l 500 -b google
Real world to pen-testing
Real world to pen-testing
Scanning and Enumerating.
TCP and UDP port scanning
Scanning
The goal of the scanning phase is to learn more about the t target environment and find openings by directly interacting with the target systems.
Real world to pen-testing
TCP Port Scanningnc -vv -z –w 2 IP 443-445 Or use metasploit auxiliary TCP Port Scanner
TCP SYN Port ScanningNmap –s IP Or use metasploit auxiliary TCP SYN Port Scanner
TCP ACK Firewall Scanning nmap -v -sA IP -P0 Or use metasploit auxiliary TCP ACK Firewall Scanner
Real world to pen-testing
Real world to pen-testing
UDP sweeping and probing
nmap -sU -v IP
We can also use metasploit udp_sweep auxiliary to Detect common UDP services
We can also use metasploit udp_probe to Detect common UDP services using sequential probes
Real world to pen-testing
MySQL server version enumeration
We will use metasploit mysql_version auxiliary to determine the version of MySQL server
use auxiliary/scanner/mysql/mysql_version
Real world to pen-testing
Online Tools
We will use online tools that can automate DNS Reconnaissance
Who.is Robtex.com intodns.com domaincrawler.com
Real world to pen-testing
Advanced Web Application fingerprinting
WhatWeb aims to be a fast, accurate, and very generic web application fingerprinter that identifies application and plugin versions via static files.
./whatweb –v url
Real world to pen-testing
Real world to pen-testing
Real world to pen-testing
Advanced Web Application Firewall fingerprinting
WAFW00F allows you fingerprint WAF products protecting a website.
./wafw00f.py url
Real world to pen-testing
Real world to pen-testing
Real world to pen-testing
Advanced DNS and HTTP Load Balancers fingerprinting
During penetration testing finding load balancers on the site is always Complicated and clients expects us to determine the same machine with different IP Addresses
./lbd.sh url
Real world to pen-testing
Real world to pen-testing
VA vs PT
Vulnerability Analysis is the process of identifying vulnerabilities on a network.
Whereas a Penetration Testing is focused on actually gaining unauthorized access to the tested systems and using that access to the network or data.
Real world to pen-testing
Nessus
The Nessus vulnerability scanner is the world-leader in active scanners with more than five million downloads to date.
Nessus features high-speed discovery, configuration auditing, asset profiling,sensitive data discovery and vulnerability analysis of your security posture.
Assuring SecurityGrey HatReal world to penetration testing
Bibliography
Thanks !
Questions?
●Web site: www.owaspalgeriasc.org●Email: [email protected]●Twitter: @DzOWASP●Facebook: http://on.fb.me/OwaspAlgeriaSC●Google Plus: http://bit.ly/GplusOwaspAlgeriaSC