pen testing the web with firefox: website tools

8/14/2019 Pen Testing the Web with Firefox: Website Tools

1/82

Pen Testing the Web

with Firefox:Website-based Tools

Michael theprez98 Schearer


2/82

Website-based tools (1)

n Out-of-the-box functionality; (mostly) noinstallation required

n Browser-independentn Provides some tool functionality that would

not normally be present in a browser-

only environment


3/82

Website-based tools (2)

n Provides some degree of anonymity froma target because information is being

gathered via a third party (the website)n Primarily passive information gathering

n Some potential vulnerabilities can be

inferred by interpreting the datan


4/82

Caveats

n Website-based tools may be limited infunctionality as compared to their GUI or

CLI versionsn These examples are not meant to be

exhaustive, but to provide you with a

representative sample of whatpenetration testing tools are available toyou in the form of a website


5/82

Categories

n Information gathering

n Network tools

n Special purpose


6/82

Information gathering (1)

n Information gathering websites are designedto provide you with information relevant touser input; typically an IP address, domainor hostname, email address or DNS data

n Many similar sites that provide (mostly) thesame data

n

Some information gathering websites alsoprovide network tools


7/82

Information gathering (2)

n Whois.net

n DomainTools.com

n SamSpade.org + GUI tool (Windows)

n


8/82


9/82


10/82


11/82


12/82

Network tools (1)

n Network tools websites are designed to

n Many similar websites provide (mostly) the

same data although some may haveadditional functionality

n Network tools websites may be limited in

functionality as compared to their GUI orCLI versions


13/82

Network tools (2)

n phaster.com/find_info_net_traffic.shtml

n Network-Tools.com

n HackerWhacker.comn DNSStuff.com/tools

njust-traceroute.com + example

n CentralOps.net + examples


14/82


15/82


16/82


17/82


18/82


19/82


20/82


21/82


22/82


23/82


24/82


25/82


26/82

why not 80?


27/82


28/82


29/82


30/82

Special purpose (1)

n Specialized websites are designed toprovide you with information that may

not be available elsewheren Often provide you with a front-end for a

tool to which you may not currently haveaccess


31/82

Special purpose (2)

n EDGARn Netcraftn

Nmap Onlinen Hosted hash crackersn WiGLEn FOCA

n SHODANn Browser-based shells


32/82

EDGAR

n Electronic Data Gathering Analysis andRetreival

n Searchable depository of the U.S.Securities and Exchanges Commission(SEC) corporate filings

n

Both domestic and foreign companies


33/82

EDGAR searches

n Locate companys Central Index Key (CIK)through EDGAR CIK Lookup eliminate

time-consuming searchesn Be specific, use exact company name

n Know what to look for:

Form 10-K: Annual reportForm 10-Q: Quarterly report

Form 8-K: Current report (significantevents)


34/82


35/82


36/82


37/82


38/82

annual report

quarterly report

current report


39/82

directors


40/82

salaries


41/82

stockholders


42/82

Netcraft (1)

n Internet services company based in Bath,England

n Provides internet security services,including anti-fraud and anti-phishingservices, application testing, codereviews, and automated penetrationtesting

n Provides research data and analysis onmany aspects of the Internet


43/82

Netcraft (2)

n Information can be gathered manuallyfrom the website or automatically by

installing the Netcraft Toolbar (IE andFF)

n Toolbar provides links to Netcraft services,site risk rating, site reports and hostingproviders

n Interpretation of some data may revealpotential site vulnerabilities


44/82

servi

ces

riskr

ating

siter

eport

hoster


45/82


46/82


47/82


48/82


49/82


50/82


51/82


52/82

Nmap Online

n Web-based version of Nmap

n Scans limited to IPs in the same class C

subnet as your IP addressn Scan limitations per day (8) and week (40)

n Some options are disabled


53/82


54/82

Hosted hash crackers (1)

n Special purpose websites that serve as afront-end for a database designed to aid

in the cracking of various cryptographichashes

n Takes advantage of pre-computedrainbow tables and/or distributedcomputing to quickly crack hashes


55/82


n MD5, LM, NTLM, SHA1 are mostcommon; others available too

n Depending upon your client, be wary ofsubmitting hashes to public databases


56/82


n hashcrack.com

n lmcrack.com

n md5crack.comn md5.rednoize.com

n freerainbowtables.com


57/82


58/82


59/82


60/82


61/82


62/82

WiGLE

n Wireless Geographic Logging Engine

n Maps of wireless networks as contributed

by its usersn 19+ million networks worldwide


63/82


64/82


65/82


66/82

Brandon Shores

Wagner

Admin offices

Public road


67/82

Brandon Shores

Wagner

Admin offices

Public road


68/82

Brandon Shores

Wagner

Admin offices

Public road

CEG CEG

CEG

CEG

CEG


69/82

Fingerprinting Organizations

with Collected Archives (FOCA)n Developed by Chema Alonso and Jos

Palzn (SPEAKING TOMORROW!)

n Search and automatically downloaddocuments

n Extract metadata and other hidden

information and lost data


70/82

FOCA (2)

n Analyze the information to aid infingerprinting a network

n Other than downloading the file, theprocess is completely passive

n FOCA is available via download; or

n

Documents can be submitted via a webinterface


71/82


72/82


73/82

SHODAN

n SHODAN is a computer search enginedesigned by web developer JohnMaterly (http://twitter.com/achillean)

n SHODAN interrogates ports and grabs theresulting banners, then indexes thebanners (rather than the web content)

for searchingn
http://twitter.com/achilleanhttp://twitter.com/achillean


74/82


75/82

Browser-based shells

n Software that provides shell access insidea browser window

n

CLI access to tools that would notnormally be available in a browser-onlyenvironment

n Typically requires the installation ofsoftware in a third party location (or yourlocation)


76/82


77/82


78/82


79/82


80/82

Authors and add-ons

n Netcraft (Netcraft Toolbar)


81/82


82/82

Pen Testing the Webwith Firefox:Website-based Tools

Michael theprez98 Schearer