introduction to penetration testing
TRANSCRIPT
![Page 1: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/1.jpg)
Introduction to Penetration Testing
![Page 2: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/2.jpg)
Table of Contents
• Overview• Enumeration• Tool Output• Do We Stop Here?• Custom Scripts• Wpscan• Online Research• Testing Exploitation• PHP LFI• Code Execution, Yes Please!
![Page 3: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/3.jpg)
Overview
• This session will cover the mindset I follow when approaching a web application
• I am going to show where many might stop, and what happens when you push further
• These types of techniques can be applied to any web application
![Page 4: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/4.jpg)
Overview Cont.
• Tools Leveraged:
– Nmap
– Whatweb
– Wpscan
– Wget
– Custom scripts
– Burp Suite
– Netcat
![Page 5: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/5.jpg)
Methodology Overview
• Pre-Engagement Activities – Hammer out all the details to conduct the test (Schedule,
Scoping, Rules of Engagement, Formal Permission, etc.)
• Information Gathering and Reconnaissance– Depends on type of test and information you are given
(Organization name, CIDR, list of URLs, source code, etc.)
• Automated Testing
• Manual Testing and Validation
• Reporting
• Remediation Support
![Page 6: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/6.jpg)
Methodologies Cont.
• Penetration Testing Execution Standard (PTES):
– http://www.pentest-standard.org/index.php/Main_Page
![Page 7: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/7.jpg)
Mindset is Key
• Think like an attacker and see things through a different lens:
– Upload an avatar? Hmmm add code?
– Download a report? Hmm directory traversal for another file?
• Confidence
– Without it you’ll very easily hit a wall and stop
– I tell myself a vulnerability is here I just need to find it
![Page 8: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/8.jpg)
Enumeration
• Nmap:
• WhatWeb:
![Page 9: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/9.jpg)
Do We Stop Here?
• Hmmm?
![Page 10: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/10.jpg)
Custom Scripts
• Web Application testing requires custom scripting….really no way getting around it:
![Page 11: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/11.jpg)
Custom Scripts Cont.
• Making web requests with a scripting language isn’t too difficult
• Check out tutorials online and try to automate web requests
• Making a tool for CVE-2012-1823 is a good use case because you need to make a POST request and modify several header values– If you can write a tool for this CVE, it demonstrates
concepts that can be applied to many different CVEs
![Page 12: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/12.jpg)
Wpscan
• Wpscan:
![Page 13: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/13.jpg)
Wpscan
• Do we stop here?
![Page 14: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/14.jpg)
Wpscan : Plugin Enumeration
• Wpscan: --enumerate p
![Page 15: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/15.jpg)
Online Research
![Page 16: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/16.jpg)
Online Research Cont.
• Hmm, our web server doesn’t respond when we request “/wordpress/wp/wp-content/”
• Do we stop here?
![Page 17: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/17.jpg)
Testing Exploitation
• Yea, lets grap “/etc/passwd”
![Page 18: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/18.jpg)
PHP LFI
• Cool, so we can LFI, do we stop now?
![Page 19: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/19.jpg)
PHP LFI…Now What?
• What can be done with a PHP LFI?
• It depends on what function is leading to the LFI vulnerability (include(), readfile(), etc.)
• PHP functions like include() will execute PHP code in the included file– Yay code execution through php snippets!
• PHP functions like readfile() will only display output– We have more work to do
![Page 20: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/20.jpg)
Code Execution? Yes, Please!
![Page 21: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/21.jpg)
Code Execution? Yes, Please!
• Request:
![Page 22: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/22.jpg)
Demo
![Page 23: Introduction to Penetration Testing](https://reader034.vdocuments.net/reader034/viewer/2022052316/55a639581a28ab6b1e8b47ec/html5/thumbnails/23.jpg)
Summary
• Tools may not give you the answer
• Very easy to hit a hurdle and quit
• You need to be curious/creative and constantly push to get more information
• Confidence and mindset goes a long way