Introtopentesting 150207164113 Conversion Gate02

7/25/2019 Introtopentesting 150207164113 Conversion Gate02

1/23

Introduction to Penetration

Testing


2/23

Table of Contents

Overview

Enumeration

Tool Output

Do We Stop Here? Custom Scripts

Wpscan

Online esearc!

Testing E"ploitation

PHP #$I

Code E"ecution% &es Please'


3/23

Overview

T!is session will cover t!e mindset Ifollow w!en approac!ing a webapplication

I am going to s!ow w!ere man(mig!t stop% and w!at !appens w!en(ou pus! furt!er

T!ese t(pes of tec!ni)ues can beapplied to an( web application


4/23

Overview Cont*

Tools #everaged+ ,map

W!atweb

Wpscan

Wget

Custom scripts

-urp Suite

,etcat .oogle


5/23

/et!odolog( Overview

Pre0Engagement 1ctivities Hammer out all t!e details to conduct t!e test

2Sc!edule% Scoping% ules of Engagement% $ormalPermission% etc*3

Information .at!ering and econnaissance Depends on t(pe of test and information (ou are given

2Organi4ation name% CID% list of 5#s% source code%etc*3

1utomated Testing /anual Testing and 6alidation

eporting

emediation Support


6/23

/et!odologies Cont*

Penetration Testing E"ecutionStandard 2PTES3+ !ttp+77www*pentest0standard*org7inde"*

p!p7/ain8Page
http://www.pentest-standard.org/index.php/Main_Pagehttp://www.pentest-standard.org/index.php/Main_Pagehttp://www.pentest-standard.org/index.php/Main_Pagehttp://www.pentest-standard.org/index.php/Main_Page


7/23

/indset is 9e(

T!in: li:e an attac:er and see t!ingst!roug! a di;erent lens+ 5pload an avatar? Hmmm add code?

Download a report? Hmm director( traversalfor anot!er


8/23

Enumeration

Nmap+

WhatWeb+


9/23

Do We Stop Here?

Hmmm?


10/23

Custom Scripts

Web 1pplication testing re)uirescustom scripting*reall( no wa(getting around it+


11/23

Custom Scripts Cont*

/a:ing web re)uests wit! a scripting languageisn=t too di@cult

C!ec: out tutorials online and tr( to automateweb re)uests

/a:ing a tool for C6E0ABA0A is a good use

case because (ou need to ma:e a POST re)uestand modif( several !eader values If (ou can write a tool for t!is C6E% it demonstrates

concepts t!at can be applied to man( di;erent C6Es


12/23

Wpscan

Wpscan+


13/23

Wpscan

Do we stop !ere?


14/23

Wpscan + PluginEnumeration

Wpscan+ 00enumerate p


15/23

Online esearc!


16/23

Online esearc! Cont*

Hmm% our web server doesn=trespond w!en we re)uestF7wordpress7wp7wp0content7G

Do we stop !ere?


17/23

Testing E"ploitation

&ea% lets grap F7etc7passwdG


18/23

PHP #$I

Cool% so we can #$I% do we stop now?


19/23

PHP #$I,ow W!at?

W!at can be done wit! a PHP #$I?

It depends on w!at function is leading to t!e #$Ivulnerabilit( 2include23% read


20/23

Code E"ecution? &es%Please'


21/23

Code E"ecution? &es%Please'

e)uest+


22/23

Demo


23/23

Summar(

Tools ma( not give (ou t!e answer

6er( eas( to !it a !urdle and )uit

&ou need to be curious7creative andconstantl( pus! to get more information

Con

Introtopentesting 150207164113 Conversion Gate02

Documents

Transcript of Introtopentesting 150207164113 Conversion Gate02