Penetration Testing
Penetration testing, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).
Penetration testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.
Penetration testing project done by ICSS Student Rakesh Mondal. The full project discussed below:
Project Name: Penetration testing
Author Name: Rakesh Mondal
Publish Date: 12-07-2018
What is Penetration Testing?
- An attack on a computer system with the intention of finding security weaknesses
- Used to determine the feasibility of a set of attacks
- Used to identity security vulnerabilities
- Testing the ability of network defenders to respond to attacks
- Can be used to help security
- Used by security professionals to harden systems
Steps to Penetration Testing
- Start with list of potential vulnerabilities
- Possible open ports, old software, or week passwords
- Rank the list in order of criticality.
- Most damaging possible attack to least
- Device a test for each possible vulnerability.
- Port scans, password crackers, find software versions.
- Run tests on possible vulnerabilities.
- Fix issues that were found.
Penetration Testing Tools
- Kali Linux
- Nmap, Fragrouter, Fern Wifi Cracker, HydraGTK
- Websites
- Port scanners, web vulnerability checkers, DNS checkers
- Metasploit
- Exploit tester, GUI interface, test web apps and networks
- Wireshark
- Monitor network traffic, packets
- W3af
- Web attack and audit framework
What is Kali Linux?
- Advanced penetration testing and security auditing linux distribution
- 300+ build in penetration testing tools
- Free / Open source
- FHS (File Hierarchy Standard) compliant
- Secure development environment
- Spin off of Backtrack
Using Kali Linux
- Install to hard disk
- 10 GB disk space
- USB / CD-DVD
- Live USB Install
- 2GB capacity
- Win32 Disk Imager
- Android 2.1 + devices
- 5 GB free space
- Network install
- Virtual Machine
- Run in side another OS
Included Kali Tools
- Information Gathering
- Dnsdict6
- Nmap
- Urlcrazy
- IDS/IPS (Intrusion Detection/Protection System)
- Fragrouter
- Network Scanners
- Dnmap
- Netdiscover
- Traffic Analysis
- Intrace
- Vulnerability Analysis
- Cisco tools
- Yersinia
- Web Vulnerability Scanner
- ProxyStrike
- Cadaver
- Wireless Attacks
- Bluelog
- Spooftooph
- Wireless Tools
- Aircrack
Information Gathering Tools DNSDICT6
- Finds all sub-domains of a website or web server
- Enumerates all IPv4 and IPv6 addresses to extract dumps
- Sub-domains
- IP information
- Powerful for extracting sub domains that are restricted
- Tutorials Online
- Youtube
Information Gathering Tools Nmap
- Security Scanner
- Gordon Lyon
- Discovers hosts and services on a computer network and creates a map of the network
- Special Packets
- Analyzes reponses
- Host discovery
- Service discovery
- Operating system detections
IDP / IPS Fragrouter
- Intercepts, Modifies, and rewrites traffic destined for a specified host
- Routes network traffic in a way that eludes IDS
- Uses
- Test IDS timeout and reassembly
- Test TCP/IP scrubbing
- Test firewalls
- Evade Passive OS fingerprinting
Network Scanners DNMap
- Framework for distributing nmap scans among many clients
- Client/Server architecture
- Server knows what to do
- Clients do it
- Clients work when server is offline
- Real time statistics of the clients and their targets
- Scans very large networks quickly
Traffic Analysis Intrace
- Works along the same lines as Fragrouter
- Enumerates IP hops exploiting TCP connections to display the path of packets over the network
- Network reconnaissance
- Who is connected to who
- Firewall bypassing
Vulnerability Analysis Cisco Auditing Tool
- Perl script that scans cisco routers for common vulnerabilities
- Default passwords, usernames
- Easy to guess names and passwords
- IOS bug history
- Hijack a router
- Test router security
- Password
- Username
Web Vulnerability Scanner ProxyStrike
- Active web application proxy designed to find vulnerabilities while browsing a web application
- Mainly javascript
- Sql injection and XSS plugins
- Listens to port 8008 and analyzes all the parameters of applications running in the port for vulnerabilities
Conclusion
- Security focused Linux Distribution
- 300+ security tools
- Spin off of popular backtrack
- Multiple ways to run
- Hard drive
- USB / Live CD
- Virtual Machine
- Detailed Look at some tools
- To many to cover them all
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Pen Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Pen Testing
Other Location for Online Courses:
WhatsApp Live Chat