Be a loving person rather than in a love relationship because relationships happen one day and disappear another day. They are flowers; in the morning they bloom, by the evening they are gone. But people find it very difficult to be a loving person, a loving soul, so they create a relationship and be fool that way that "Now I am a loving person because I am in a relationship". And the relationship may be just one of monopoly, possessiveness and exclusiveness. The relationship is needed only because love is not there. Relationship is a substitute. Become alert! Relationship destroys love, destroys the very possibility of its birth.
Wednesday, 5 February 2014
Explore Penetration testing
Hello Guys, Now it the time to have something serious on my blog. Yeah, I'm taking about pen testing. You all may be aware about it. what it's, what it do, how we do it, why we need it, these might be your questions. Don't worry you will find answers to all your questions here. I will also provide you guys with the all required pen testing tools. Keep reading folks.
Types of Penetration testing:
Penetration testing is not a limited area, it's tests are often separated into different types. And what are those types are listed below.
- Network penetration tests - most widely used…
- Web application penetration tests
- Wireless penetration tests
- Social engineering tests
- Physical penetration tests
Requirements or specification for Pen testing
well, all categories define above they all have their different scope. Moreover skills and logic's that are required for them are also different. Always keep in mind it's better to have concern over one major area rather then having concern for all area and mind it result will be very much like a confused mind. I mean one major category in your mind like network, web app, wireless pen test. These are the categories you must go for which define an healthy, robust and fast growing industry.
Dealing with Specialization
Now If you have decided that you want to be a real pen tester, i mean a good one then pick one of these categories and focus or take your action on it.
- Build your skills, zooming in on the fine-grained aspects of that kind of test
- I’ll provide tips for improving your skills in the three big categories later
- If you want to procure good pen tests, make sure you get each of these types of tests performed
Need to apply Breaks Here
Well, i mean we must carefully look into all the thing in this environment before we kick of. Remember "haste make waste". There are some significant problems in our specialization.
- being pigeon-holed career-wise From a tester’s perspective,
- Missing huge sets of vulnerabilities from “the other side” From an enterprise perspective,
- But, perhaps most important, missing out on the risk posed by combined attacks.
- Well, As pen testers, our job is to determine business risks by modeling, to the extent possible, the activities of real-world attackers.
- Without taking a combined approach into account during testing, it can be difficult or impossible to determine and explain the true business risk associated with vulnerabilities. So combined attacks are acting as key here.
- You will think that it's common Because everyone do this.Let me guess what you thinking. here is an example
For e.g
- First of all A pen tester finds a rogue access point and gets power to the intranet
- The tester ping sweeps and port scans, which of course finding an intranet web app
- On the internal web app, the tester finds a directory traversal flaw to read /etc/passwd, getting a list of users. but not the passwords.
- what then?. Tester then launches a password guessing attack via ssh, determines the password for an account, and then logs in with command shell access
And i will give one more example. This example is not deep i mean it circling around surface not going deep into concept. Going deeper mean to discern the true risk.
- let's Consider, using the new-found ssh access to launch a local private escalation attack to get UID 0 on the box
- Then, on the intranet web server, add content that includes browser scripts to run on admin browsers that surf there.
- Then, use those browsers to… well, let’s not get ahead of ourselves
Some Combined Attacks
Guest Wireless Networks
Many enterprises deploy wireless networks specifically for use by guests
- Conference rooms and Front entrance waiting rooms
- Most guest networks have no encryption
- Even if the traffic is encrypted, attacker could try to break the crypto key – Aircrack-ng, Cowpatty, etc.
- Sometimes, legitimate internal users rely on guest networks for a short period of time Mostly for convenience
Wireless Traffic Manipulation
- Pen-tester can manipulate clients on an open AP
- Impersonating responses, or requests
Traffic Manipulation Opportunities
DNS spoofing – inform victim that legitimate domain name maps to attacker’s IP address
- Unencrypted session manipulation (telnet, ftp, other legacy)
- HTTP response manipulation
– Responding after legitimate site, adding to HTTP response
Manipulating HTTP Responses
AirCSRF (“Air, Sea, Surf”)
• Not-yet-released tool from Garland Glessner
– Automating wireless injection for XSS
Note that we’ve injected a response that will direct the browser to fetch Javascript. Associated with BeEF
– A specialized browser script attack tool
- Most wireless and network pen testers usually ignore XSS
– “That’s just a web app thing… why would a network or wireless pen tester care about it?”
- But, XSS provides enormous access within a network
– Hooking browsers to pivot into the network
– Using browsers to exploit other services
Using XSS to Pivot into a Network
Client machines provide new and exciting viewpoints to wireless and network penetration testers
– From the vantage point of a script inside a victim browser
Scenario For You
Suppose that a pen tester is evaluating the security of wireless networks in a pen test with a scope that includes combined attacks
- Pen tester discovers a wireless network set up for guest access from a conference room
- A legit administrator is using the guest wireless network temporarily
- Pen tester could hook that admin user’s browser, controlling it for all kinds of additional access
Internal Client Browser Used to Admin Important Systems
Use Wireless to Hook Browser
Control Browser and Fetch History
Using Hooked Browsers to Attack Other Targets
Many protocols are forgiving
– They will ignore "junk" and HTTP request headers are often considered junk!
• BeEF allows for exploitation across protocols
– From a hooked browser running attacker’s scripts, we can direct
HTTP requests to target servers
• And possibly other protocols besides HTTP: FTP, RDP, VNC, SMB, etc.
– Payload of HTTP request is a service-side exploit, to be delivered from hooked browser to target server (possibly on intranet)
• BeEF injects a BindShell as an exploit payload
• Pen tester interacts with the shell
– Through BeEF controller application
– Controller runs on pen tester's server
Use Hooked Browser to Exploit Intranet Server
BeEF Exploit Module Interface
BeEF BindShell Interface
Use Shell on Internal Server to Attack Rest of Infrastructure
Getting Up to Speed On
Wireless Pen Testing
Get to know the protocols
– 802.11 (alphabet soup and MAC), 802.1X, EAP, RADIUS
– Know how to identify WPA, WPA2, WEP
– Wireshark is your BFF here (but not for Paris Hilton)
- Get to know attack tools and how they function
– Very limited commercial tools for wireless pen-testing
- Get to know client functionality
- Did we mention Bluetooth, ZigBee, WiMax, RFID, proprietary ?
Get to know protocols
– TCP/IP, HTTP, SSL, LDAP, NetBIOS, SMB, 802.11, 802.1X, EAP
- Get to know command-lines and scripting within operating systems
– Cmd.exe
– Bash
– Perl or Python or Ruby
- Get to know administration features of operating systems
– Windows, Linux, Unix
- Get to know exploitation tools and how exploits function
– Metasploit, Core IMPACT, Immunity Canvas
- Get to know how exploits and tools work and the languages that they are often written in
– C, C++, x86 Assembly
Get to know the protocols
– HTTP and HTTPS (possibly others, depending on the application)
- Get to know various server-side scripting language
– ASP/.NET, Java, PHP, Cold Fusion, Perl, Ruby
– Basic web app development understanding
– Administration understanding
- Get to know client functionality
– Browsers and other third-party client software
– History, caching, cross-domain content restrictions, etc.
- Get to know client-side languages
– JavaScript, Flex, VBscript (did we mention painful?)
Subscribe to:
Post Comments (Atom)
Popular Posts
-
After studying or while studying, you may to work or you many want to have rather you would like to have some job experience. That will sur...
-
Have you heard about, facebook has overtaken whatsapp. What you think out of it. Hello, there, facebook is using whatsapp. I will be tak...
-
.jpg)
Hello everyone, I'm back with hacking tutorial. This time i'm introducing to you how to hack facebook account using simple text ... -
Hello there, Welcome to our blog. How you all are, Hope you all doing great. On our blog you will find support for tech, hacking and socia... -
hello folks!, how you are all, this time i'm here to share some queries about OSI and TCP/IP model. Query 1 according to you, Wh...
-
Apple is one of the most chosen products by people. Time by time it had produced such a concepts that has stunned most of us. Here as it...
-
Access Control Lists Introduction Hello everyone. How are you all. This time i'm going to discuss about Access control list with ... -
Hello there, Welcome to our blog. How you all are, Hope you all doing great. On our blog you will find support for tech, hacking and so...
-
Social media is very important part of our life. I mean everyone's life. We can't have our food digest until we don't chat for...
-
Certified Ethical hacking Hello Folks, How ...
0 comments:
Post a Comment