SlideShare ist ein Scribd-Unternehmen logo

Introduction to Penetration Testing

Als PPTX, PDF herunterladen
Andrew McNicol
Andrew McNicol

Introduction to Penetration Testing with a use case of LFI -> Shell. I talk about the mindset required to be a good tester, and show places many testers and automated tools stop and how to go further.

Technologie
1 von 23
Introduction to Penetration Testing
Table of Contents • Overview • Enumeration • Tool Output • Do We Stop Here? • Custom Scripts • Wpscan • Online Research • Testing Exploitation • PHP LFI • Code Execution, Yes Please!
Overview • This session will cover the mindset I follow when approaching a web application • I am going to show where many might stop, and what happens when you push further • These types of techniques can be applied to any web application
Overview Cont. • Tools Leveraged: – Nmap – Whatweb – Wpscan – Wget – Custom scripts – Burp Suite – Netcat – Google
Methodology Overview • Pre-Engagement Activities – Hammer out all the details to conduct the test (Schedule, Scoping, Rules of Engagement, Formal Permission, etc.) • Information Gathering and Reconnaissance – Depends on type of test and information you are given (Organization name, CIDR, list of URLs, source code, etc.) • Automated Testing • Manual Testing and Validation • Reporting • Remediation Support
Methodologies Cont. • Penetration Testing Execution Standard (PTES): – http://www.pentest- standard.org/index.php/Main_Page
Mindset is Key • Think like an attacker and see things through a different lens: – Upload an avatar? Hmmm add code? – Download a report? Hmm directory traversal for another file? • Confidence – Without it you’ll very easily hit a wall and stop – I tell myself a vulnerability is here I just need to find it
Enumeration • Nmap: • WhatWeb:
Do We Stop Here? • Hmmm?
Custom Scripts • Web Application testing requires custom scripting….really no way getting around it:
Custom Scripts Cont. • Making web requests with a scripting language isn’t too difficult • Check out tutorials online and try to automate web requests • Making a tool for CVE-2012-1823 is a good use case because you need to make a POST request and modify several header values – If you can write a tool for this CVE, it demonstrates concepts that can be applied to many different CVEs
Wpscan • Wpscan:
Wpscan • Do we stop here?
Wpscan : Plugin Enumeration • Wpscan: --enumerate p
Online Research
Online Research Cont. • Hmm, our web server doesn’t respond when we request “/wordpress/wp/wp-content/” • Do we stop here?
Testing Exploitation • Yea, lets grap “/etc/passwd”
PHP LFI • Cool, so we can LFI, do we stop now?
PHP LFI…Now What? • What can be done with a PHP LFI? • It depends on what function is leading to the LFI vulnerability (include(), readfile(), etc.) • PHP functions like include() will execute PHP code in the included file – Yay code execution through php snippets! • PHP functions like readfile() will only display output – We have more work to do 
Code Execution? Yes, Please!
Code Execution? Yes, Please! • Request:
Demo
Summary • Tools may not give you the answer • Very easy to hit a hurdle and quit • You need to be curious/creative and constantly push to get more information • Confidence and mindset goes a long way

Empfohlen

Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Security testing
Security testingSecurity testing
Security testing
Khizra Sammad
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 

Empfohlen

Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Security testing
Security testingSecurity testing
Security testing
Khizra Sammad
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept Overview
Ilya O
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Learning to code
Learning to codeLearning to code
Learning to code
Sara-Jayne Terp
 
[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T
OWASP EEE
 

Weitere ähnliche Inhalte

Was ist angesagt?

Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 

Was ist angesagt? (20)

Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept Overview
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
System hacking
System hackingSystem hacking
System hacking
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 

Ähnlich wie Introduction to Penetration Testing

Providence: rapid vulnerability prevention
Providence: rapid vulnerability preventionProvidence: rapid vulnerability prevention
Providence: rapid vulnerability prevention
Salesforce Engineering
 
Continuous Integration In A PHP World
Continuous Integration In A PHP WorldContinuous Integration In A PHP World
Continuous Integration In A PHP World
Idaf_1er
 
Using REST with VSTS and TFS
Using REST with VSTS and TFSUsing REST with VSTS and TFS
Using REST with VSTS and TFS
Jeff Bramwell
 

Ähnlich wie Introduction to Penetration Testing (20)

Learning to code
Learning to codeLearning to code
Learning to code
 
[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T
 
Structured Functional Automated Web Service Testing
Structured Functional Automated Web Service TestingStructured Functional Automated Web Service Testing
Structured Functional Automated Web Service Testing
 
we45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Python
 
Find maximum bugs in limited time
Find maximum bugs in limited timeFind maximum bugs in limited time
Find maximum bugs in limited time
 
Api fundamentals
Api fundamentalsApi fundamentals
Api fundamentals
 
Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017
 
Untangling spring week1
Untangling spring week1Untangling spring week1
Untangling spring week1
 
Hello world - intro to node js
Hello world - intro to node jsHello world - intro to node js
Hello world - intro to node js
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty Details
 
Testing Testing everywhere
Testing Testing everywhereTesting Testing everywhere
Testing Testing everywhere
 
API City 2019 Presentation - Delivering Developer Tools at Scale: Microsoft A...
API City 2019 Presentation - Delivering Developer Tools at Scale: Microsoft A...API City 2019 Presentation - Delivering Developer Tools at Scale: Microsoft A...
API City 2019 Presentation - Delivering Developer Tools at Scale: Microsoft A...
 
<?php + WordPress
<?php + WordPress<?php + WordPress
<?php + WordPress
 
SOA Testing
SOA TestingSOA Testing
SOA Testing
 
Providence: rapid vulnerability prevention
Providence: rapid vulnerability preventionProvidence: rapid vulnerability prevention
Providence: rapid vulnerability prevention
 
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
 
Continuous Integration In A PHP World
Continuous Integration In A PHP WorldContinuous Integration In A PHP World
Continuous Integration In A PHP World
 
Quality code in wordpress
Quality code in wordpressQuality code in wordpress
Quality code in wordpress
 
Using REST with VSTS and TFS
Using REST with VSTS and TFSUsing REST with VSTS and TFS
Using REST with VSTS and TFS
 

Mehr von Andrew McNicol

Mehr von Andrew McNicol (12)

BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
 
BSidesDC 2016 Beyond Automated Testing
BSidesDC 2016 Beyond Automated TestingBSidesDC 2016 Beyond Automated Testing
BSidesDC 2016 Beyond Automated Testing
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 
How To Start Your InfoSec Career
How To Start Your InfoSec CareerHow To Start Your InfoSec Career
How To Start Your InfoSec Career
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathers
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security Professionals
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 

Kürzlich hochgeladen

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Kürzlich hochgeladen (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Introduction to Penetration Testing

  • 2. Table of Contents • Overview • Enumeration • Tool Output • Do We Stop Here? • Custom Scripts • Wpscan • Online Research • Testing Exploitation • PHP LFI • Code Execution, Yes Please!
  • 3. Overview • This session will cover the mindset I follow when approaching a web application • I am going to show where many might stop, and what happens when you push further • These types of techniques can be applied to any web application
  • 4. Overview Cont. • Tools Leveraged: – Nmap – Whatweb – Wpscan – Wget – Custom scripts – Burp Suite – Netcat – Google
  • 5. Methodology Overview • Pre-Engagement Activities – Hammer out all the details to conduct the test (Schedule, Scoping, Rules of Engagement, Formal Permission, etc.) • Information Gathering and Reconnaissance – Depends on type of test and information you are given (Organization name, CIDR, list of URLs, source code, etc.) • Automated Testing • Manual Testing and Validation • Reporting • Remediation Support
  • 6. Methodologies Cont. • Penetration Testing Execution Standard (PTES): – http://www.pentest- standard.org/index.php/Main_Page
  • 7. Mindset is Key • Think like an attacker and see things through a different lens: – Upload an avatar? Hmmm add code? – Download a report? Hmm directory traversal for another file? • Confidence – Without it you’ll very easily hit a wall and stop – I tell myself a vulnerability is here I just need to find it
  • 9. Do We Stop Here? • Hmmm?
  • 10. Custom Scripts • Web Application testing requires custom scripting….really no way getting around it:
  • 11. Custom Scripts Cont. • Making web requests with a scripting language isn’t too difficult • Check out tutorials online and try to automate web requests • Making a tool for CVE-2012-1823 is a good use case because you need to make a POST request and modify several header values – If you can write a tool for this CVE, it demonstrates concepts that can be applied to many different CVEs
  • 13. Wpscan • Do we stop here?
  • 14. Wpscan : Plugin Enumeration • Wpscan: --enumerate p
  • 16. Online Research Cont. • Hmm, our web server doesn’t respond when we request “/wordpress/wp/wp-content/” • Do we stop here?
  • 17. Testing Exploitation • Yea, lets grap “/etc/passwd”
  • 18. PHP LFI • Cool, so we can LFI, do we stop now?
  • 19. PHP LFI…Now What? • What can be done with a PHP LFI? • It depends on what function is leading to the LFI vulnerability (include(), readfile(), etc.) • PHP functions like include() will execute PHP code in the included file – Yay code execution through php snippets! • PHP functions like readfile() will only display output – We have more work to do 
  • 21. Code Execution? Yes, Please! • Request:
  • 22. Demo
  • 23. Summary • Tools may not give you the answer • Very easy to hit a hurdle and quit • You need to be curious/creative and constantly push to get more information • Confidence and mindset goes a long way