![Amine Saighi
Member [at] Owasp Algeria Student Chapter
Member[at] UMC-TECH
Student [at] UMC
Email: amin.saighi@gmail.com
Twitter: @KrNnt
Introduction to penetration testing](https://image.slidesharecdn.com/introductiontopenetrationtesting-160206201858/85/Introduction-to-penetration-testing-1-320.jpg)
Introduction to penetration testing
- 1. Amine Saighi Member [at] Owasp Algeria Student Chapter Member[at] UMC-TECH Student [at] UMC Email: [email protected] Twitter: @KrNnt Introduction to penetration testing
- 2. What’s Pen-testing ? Why Perform Pen-testing ? Pen-testing Methodology. Real world to Pen-testing. Summary?
- 4. There are a variety of reasons for performing a penetration test. Find vulnerabilities before any attacker. Outside expert report the vulnerabilities so that the management can approve to fix them. 2 in 1 - Check out a critical computer system. - Good security practice. Testing a new system before it goes on-line. Gives them another chance. Why perform Pen-testing ?
- 5. A methodology defines a set of rules -Practices. -Procedures. -Methods. Pen-testing Methodology
- 6. Types of Penetration Testing : -Black-Box -White-Box Pen-testing Methodology
- 7. Black Box - External testing - Technologies OFF - Using hacking method - Public or 0Days exploit Pen-testing Methodology
- 8. - Harvest information - Categorizing and translating the identified risks - Black-Hat Pen-testing Methodology
- 9. White-Box -Internal testing -Technologies ON -With minimum possible efforts it can help to view and evaluate the security vulnerabilities -There are always risks Pen-testing Methodology
- 10. -White-box < Black-box -The time and the cost < black box's ones -White-hat Pen-testing Methodology
- 11. The combination of both types of penetration testing Internal& External ’Grey-Box’ Grey-box approach => Black+White-Box approach Pen-testing Methodology
- 12. Information Intelligence. Scanning and Enumerating. Advanced fingerprinting. Vulnerability Assessment. Real world to pen-testing
- 13. Information Intelligence. Information gathering techniques. Real world to pen-testing
- 14. Organize your information during penetration testing The foundation for any successful penetration test is solid information gathering. Using nmap : nmap –oA myscan –-open IP Start dradis server : ./start.sh Real world to pen-testing
- 15. Google/Bing Hacking Searching within a Domain Site:www.umc.edu.dz Filetype:pdf site:www.umc.edu.dz We will use SearchDiggity for extensive and comprehensive searching Google hacking database Real world to pen-testing
- 16. Real world to pen-testing
- 17. Real world to pen-testing
- 18. Real world to pen-testing
- 19. Hunting and profiling people Now we will use pipl.com to search for people and find more information about your target . I will hunt my self. You can search with mobile number or username or email. Real world to pen-testing
- 20. Real world to pen-testing
- 21. Gathering e-mail accounts subdomains/hostnames for a domain The Harvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources. ./theHarvester.py -d yahoo.com -l 500 -b google Real world to pen-testing
- 22. Real world to pen-testing
- 23. Scanning and Enumerating. TCP and UDP port scanning Scanning The goal of the scanning phase is to learn more about the t target environment and find openings by directly interacting with the target systems. Real world to pen-testing
- 24. TCP Port Scanning nc -vv -z –w 2 IP 443-445 Or use metasploit auxiliary TCP Port Scanner TCP SYN Port Scanning Nmap –s IP Or use metasploit auxiliary TCP SYN Port Scanner TCP ACK Firewall Scanning nmap -v -sA IP -P0 Or use metasploit auxiliary TCP ACK Firewall Scanner Real world to pen-testing
- 25. Real world to pen-testing
- 26. UDP sweeping and probing nmap -sU -v IP We can also use metasploit udp_sweep auxiliary to Detect common UDP services We can also use metasploit udp_probe to Detect common UDP services using sequential probes Real world to pen-testing
- 27. MySQL server version enumeration We will use metasploit mysql_version auxiliary to determine the version of MySQL server use auxiliary/scanner/mysql/mysql_version Real world to pen-testing
- 28. Online Tools We will use online tools that can automate DNS Reconnaissance Who.is Robtex.com intodns.com domaincrawler.com Real world to pen-testing
- 29. Advanced Web Application fingerprinting WhatWeb aims to be a fast, accurate, and very generic web application fingerprinter that identifies application and plugin versions via static files. ./whatweb –v url Real world to pen-testing
- 30. Real world to pen-testing
- 31. Real world to pen-testing Advanced Web Application Firewall fingerprinting WAFW00F allows you fingerprint WAF products protecting a website. ./wafw00f.py url
- 32. Real world to pen-testing
- 33. Real world to pen-testing
- 34. Real world to pen-testing Advanced DNS and HTTP Load Balancers fingerprinting During penetration testing finding load balancers on the site is always Complicated and clients expects us to determine the same machine with different IP Addresses ./lbd.sh url
- 35. Real world to pen-testing
- 36. Real world to pen-testing VA vs PT Vulnerability Analysis is the process of identifying vulnerabilities on a network. Whereas a Penetration Testing is focused on actually gaining unauthorized access to the tested systems and using that access to the network or data.
- 37. Real world to pen-testing Nessus The Nessus vulnerability scanner is the world-leader in active scanners with more than five million downloads to date. Nessus features high-speed discovery, configuration auditing, asset profiling,sensitive data discovery and vulnerability analysis of your security posture.
- 38. Assuring Security Grey Hat Real world to penetration testing Bibliography
- 39. Thanks ! Questions? ● Web site: www.owaspalgeriasc.org ● Email: [email protected] ● Twitter: @DzOWASP ● Facebook: http://on.fb.me/OwaspAlgeriaSC ● Google Plus: http://bit.ly/GplusOwaspAlgeriaSC