Documente Academic
Documente Profesional
Documente Cultură
Part one:
the concept of
penetration testing
Port scanning
Vulnerability scanning
Vulnerability analysis
Taking control
Exploitation
Brute forcing
Social engineering
Pivoting
Reporting
Evidence collection
Risk analysis
Remediation
Some Considerations
Scope
Internal or external
In-house or outsourced
Selecting a pen-tester (white hat hacker)
White hat hacker vs Black hat hacker
Penetration tests are sometimes called white hat attacks because in a pen test, the good
guys are attempting to break in. The term "white hat" in Internet slang refers to an ethical
computer hacker, or a computer security expert, who specializes in penetration testing
and in other testing methodologies to ensure the security of an organization's information
systems
10
Part 2:
Introduction to some
Penetration Testing
Tools
https://drive.google.com/file/d/0B7j6y0yrm70VSmFGV0VtYWpucHM/edit?usp=sharing
pt.isfahanblog.com
11
Kali Linux
Kali Linux is a Debian-derived Linux distribution, designed for digital forensics
and penetration testing.
Kali Linux is preinstalled with numerous penetration-testing programs.
Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported
platform of the Metasploit Project's Metasploit Framework, a tool for developing
and executing security exploits.
From the creators of BackTrack comes Kali Linux, the most advanced penetration
testing distribution created till now.
12
13
14
Maltego
Maltego is an open source intelligence and forensics application.
15
Maltego
1- Go to the Applications -> Kali Linux -> top 10 security tools -> maltego, or open a
command line terminal and type maltego.
2- If it is your first time you want to run this program, you should register to this
program by using an email address and then login to the program using this email
address and the password that you set before.
3- Go to the menu tab (a circle at the top left corner of the page) and select new.
4-from the palette menu (from the left side of the page), select domain and drag and
drop it to the middle of the page.
5- Type the domain name in the property view of the domain (at the right side).
6- Right click on the domain. Choose Run Transform-> all transforms-> to website
DNS
7- Right click on one of the websites and choose Run Transform-> all transforms->
ToServerTechnologiesWebsite.
16
Maltego
8- Right click on one of the websites and choose Run Transform-> all transforms-> To
IP Address.
9- Right click on one of the IP address and choose Run Transform-> all transforms
->Net block using Whois.
10- Right click on one of the net block and choose Run Transform-> all transforms->
toLocationCountryNetblock.
11- Right click on one of the websites and choose Run Transform-> all transforms->
Mirror: email addresses found
17
WHOIS SERVICE
WHOIS is a query and response protocol that is widely used for querying
databases that store the registered users of an Internet resource, such as a domain
name, an IP address block, or an autonomous system
It is also used for a wider range of other information.
The protocol stores and delivers database content in a human-readable format.
18
19
Vega
Vega is a free and open source scanner and testing platform to test the security of
web applications.
Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS),
inadvertently disclosed sensitive information, and other vulnerabilities.
It is written in Java, GUI based, and runs on Linux, OS X, and Windows
20
Vega
1- In the Kali Linux go to the Applications -> Kali Linux -> Web Applications -> web
crawlers -> Vega, or Open a command line terminal in Kali Linux and type vega.
2- Go to the link https://subgraph.com/vega/download/index.en.html to download
Vega.
3- Install the Vega tool and run it.
4- Go to the scan tab -> start new scan.
5- Type http://www.ebay.com/ to find this website vulnerability.
21
22
24
25
References:
[1] http://en.wikipedia.org/wiki/White_hat_%28computer_security%29
[2] https://community.rapid7.com/docs/DOC-2248
[3] http://searchsoftwarequality.techtarget.com/definition/penetration-testing
[4] http://en.wikipedia.org/wiki/Penetration_test
[5] https://www.securitymetrics.com/pentest_steps.adp
[6] http://www.kali.org/
[7] http://en.wikipedia.org/wiki/Kali_Linux
[8] https://www.paterva.com/web6/
[9] http://en.wikipedia.org/wiki/Whois
[10] https://subgraph.com/vega/
[11] http://www.youtube.com/watch?v=plitHS8Tqdo
26
Question
27