Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing Presented by: Elham Hojati

Published byArron Sims Modified over 6 years ago

Similar presentations

Presentation on theme: "Penetration Testing Presented by: Elham Hojati"— Presentation transcript:

1 Penetration Testing Presented by: Elham Hojati
Advisor: Dr. Akbar Namin July 2014

2 Part one: the concept of penetration testing

3 What is a penetration test?(informal)
Port scanning Vulnerability Scanning Penetration Testing 3

4 What is a penetration test?
A penetration test is an attack on a computer system, network or Web application to find vulnerabilities that an attacker could exploit with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data. Pen tests can be automated with software applications or they can be performed manually. The process includes: gathering information about the target before the test (reconnaissance), identifying possible entry points(Port scanning), attempting to break in (either virtually or for real) reporting back the findings. 4

5 Why conduct a penetration test?
Prevent data breach Test your security controls Ensure system security Get a baseline Compliance 5

6 Steps of penetration test (informal)
Establish goal Information gathering Reconnaissance Discovery Port scanning Vulnerability scanning Vulnerability analysis Taking control Exploitation Brute forcing Social engineering Pivoting Reporting Evidence collection Risk analysis Remediation 6

7 Some Considerations Scope Internal or external In-house or outsourced
Selecting a pen-tester (white hat hacker) White hat hacker vs Black hat hacker Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems 7

8 Steps of penetration test
12 subcategories of the Web Application Penetration Testing Methodology: based on OWASP methodology Introduction and Objectives Information Gathering Configuration and Deploy Management Testing Identity Management Testing Authentication Testing Authorization Testing Session Management Testing Data Validation Testing Error Handling Cryptography Business Logic Testing Client Side Testing 8

9 Steps of network penetration test
9

10 Steps of penetration test
Step 1: Introduction and Objectives Step 2:Information gathering Step 3:Vulnerability analysis Step 4:Simulation (Penetrate the system to provide the proof) Step 5:Risk assessment Step 6:Recommendations for reduction or recovery and providing the report 10

11 Part 2: Introduction to some Penetration Testing Tools
pt.isfahanblog.com

12 Kali Linux Kali Linux is a Debian-derived Linux distribution, designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs. Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits. From the creators of BackTrack comes Kali Linux, the most advanced penetration testing distribution created till now. 12

13 Installing Kali Linux 1- Go to the link 2- Download a proper version of the kali Linux image (based on your “system type”, if it is 32 bit or 64 bit, for example for 64 bit OS you can download Kali Linux 64 bit ISO (to find the type of the system: right click on the computer icon in your desktop or in the start menu and go to the properties tab and read the system type there). 3- Then you can write this ISO file to a cd or DVD or flash memory and use it or you can put it in the VMware like below. 4- For running Kali Linux in the VMware, go to the start and type VMware Workstation and open that. 5- Go to the file-> new virtual machine to install the Kali Linux through this wizard. 6- Install the Kali Linux and select it from the list in the left sideof the page and power it on. 7- Type the user name and password (ex. User: root Pass: toor). 8- Go to the application->Kali Linux to see all the penetration testing tools there. 13

14 Penetration testing tools
whois: for information gathering step Maltego: for information gathering step Hydra: for brute force step Vega: for Vulnerability analysis 14

15 Maltego Maltego is an open source intelligence and forensics application. It will offer you gathering of information as well as the representation of this information in an easy to understand format. 15

16 Maltego 1- Go to the Applications -> Kali Linux -> top 10 security tools -> maltego, or open a command line terminal and type maltego. 2- If it is your first time you want to run this program, you should register to this program by using an address and then login to the program using this address and the password that you set before. 3- Go to the menu tab (a circle at the top left corner of the page) and select new. 4-from the palette menu (from the left side of the page), select domain and drag and drop it to the middle of the page. 5- Type the domain name in the property view of the domain (at the right side). 6- Right click on the domain. Choose Run Transform-> all transforms-> to website DNS 7- Right click on one of the websites and choose Run Transform-> all transforms-> ToServerTechnologiesWebsite. 16

17 Maltego 8- Right click on one of the websites and choose Run Transform-> all transforms-> To IP Address. 9- Right click on one of the IP address and choose Run Transform-> all transforms ->Net block using Whois. 10- Right click on one of the net block and choose Run Transform-> all transforms-> toLocationCountryNetblock. 11- Right click on one of the websites and choose Run Transform-> all transforms-> Mirror: addresses found 17

18 WHOIS SERVICE WHOIS is a query and response protocol that is widely used for querying databases that store the registered users of an Internet resource, such as a domain name, an IP address block, or an autonomous system It is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. 18

19 Using WHOIS SERVICE 1- Open a command line terminal in Kali Linux and type whois <target> for example: whois google.com 2- Type ping yahoo.com and find the IP address of yahoo. 3-type whois <yahoo IP address> 4- Go to the link and type google.com 5- Go to the link and type 19

20 Vega Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows 20

21 Vega 1- In the Kali Linux go to the Applications -> Kali Linux -> Web Applications -> web crawlers -> Vega, or Open a command line terminal in Kali Linux and type vega. 2- Go to the link to download Vega. 3- Install the Vega tool and run it. 4- Go to the scan tab -> start new scan. 5- Type to find this website vulnerability. 21

22 Hydra: Brute force Attack
22

23 Finding a username and password of a website
Go the the website: Type /hackme at the end of the website URL address (for going to this part of the site you need to have a username and password). Download a library of usernames and a library of passwords through the internet or use some tools such as key generator tools to produce a list of username and password ( now you have 2 files, one of the consists of a list of usernames and the other one consists of a list of passwords.) Go to the command line terminal and type this: hydra <website> -L <userlist> -P <wordlist> -V -f http-get /<sub dir> for example: hydra -L /root/Desktop/userlist.txt -P /root/Desktop/wordlist.txt -V -f http-get /hackme You find the username and password of this web site Login to the website using the username: guest and password: password [4] 23

24 Hydra-gtk : Finding Gmail password
1- Go to the Applications -> Kali Linux -> Password Attacks -> Online Attacks -> hydra-gtk 2- Set: In the target tab: Single Target: smtp.gmail.com Port: 465 Protocol: smtp Use SSL should be selected Show Attempts should be selected In the passwords tab: Username: Password list: browse and choose the password file Try login as password should be selected. Click start in the start tab. 24

25 3- Hydra found gmail password: q 4- Or you can go to the command line terminal and type: hydra -S -l -P /root/Desktop/pass4.txt -V -s 465 smtp.gmail.com smtp Or type: hydra -s 465 -S -V -l -P/root/Desktop/pass4.txt -e s -t 36 -w 36 smtp.gmail.com smtp 25

26 References: [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] 26

27 Question 27

Download ppt "Penetration Testing Presented by: Elham Hojati"

Similar presentations

For further information computersecurity.wlu.ca

For further information computersecurity.wlu.ca
Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.

Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Red Hat Installation. Installing Red Hat Linux is the process of copying operating system files from a CD, DVD, or USB flash drive to hard disk(s) on.

Red Hat Installation. Installing Red Hat Linux is the process of copying operating system files from a CD, DVD, or USB flash drive to hard disk(s) on.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.

Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
Security Testing Case Study 360logica Software Testing Services.

Security Testing Case Study 360logica Software Testing Services.

Similar presentations

Ads by Google