Penetration Testing Karen Miller
Purpose Using a variety of tools and resources; While acting as an attacker; In order to test an organization’s defenses;
Steps Define your scope and goal; why are you performing the penetration test? Reconnaissance; gather information on target (open ports, operating system, IP addresses, etc.) Enumeration; use gathered information to identify potential entry points Vulnerability scanning/exploitation; discover and exploit vulnerabilities Report findings including possible methods of strengthening defenses
Vulnerability Scanning Finding weaknesses in computers, networks, and applications; To find possible methods of strengthening the system; Or to exploit the system in order to gain more information about weaknesses.
Vulnerability Scanning Tools Nessus: network vulnerability scanner (Linux, OSX, Windows) Nikto: web application security scanner (Linux, OSX, Windows) OpenVAS: vulnerability scanning/management tools (Linux, Windows) w3af: vulnerability scanner/exploitation tool (Linux, OSX, Windows)
Damn Vulnerable Web Application (DVWA) PHP/MySQL web application Variety of web app vulnerabilities to test your skills with i.e. Command injection, SQL injection
Nikto root@Kali:~# nikto –host http://127.0.0.1/dvwa + OSVDB-3268: /dvwa/config/: Directory indexing found. + /dvwa/config/: Configuration information may be available remotely. + OSVDB-12184: /dvwa/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. Go to: http://osvdb.org/ and search for “OSVDB-XXXX” for more information on the vulnerability i.e. http://osvdb.org/show/osvdb/3268 which shows details about the OSVDB-3268 vulnerability Nikto detected
OpenVAS You can add targets by going to Configuration > Targets > New Target (star button) To set up a scan, go to Scan Management > Tasks > New Task Give your scan a name, select a target, and for “Scan Config” select “Full and very deep ultimate” Create the task, then hit the green play button to start the scan
Sources https://www.sans.org/reading-room/whitepapers/analyst/penetration- testing-assessing-security-attackers-34635 https://www.sans.org/reading- room/whitepapers/threats/vulnerabilities-vulnerability-scanning-1195 http://www.geekyshows.com/2013/08/how-to-install-dvwa-in-kali- linux.html https://uwnthesis.wordpress.com/2013/08/31/kali-openvas- vulnerability-scanner-how-to-use-openvas-on-kali-debian-linux/