Introduction to Penetration Testing
Its a post info gathering phase in which we exploit the vulnerabilities discovered in the VA phase.
MOBILE PT – Mobile SF Framework .apk .ipa
Documentation : Digital Security Report
Ethics of Penetration Tester
1. Nothing out of the box in scope
2. You are a hacker not a hero
3. Documentation is for developers not for CEO so make sense.
4. Read the code of conduct and make sure you will not anything which beyond our scope.
Penetration Testing Methodlogies
1. Web Based Pen Testing : Scope + Info Gather + Exploit + Report of remedations +
Applying the patch through company team.
2. Network and Mobile
3. Process or Governence : Read the polcies,contracts,vendor agreements and so on + Find Loopholes in clauses + Report and Identify to high level management+ draft new polciy.
iso 27001 Complaince : Read
Step 1: Query for VAPT
Step 2: Scoping document WEB/NETWORK/MOBILE
Step 3: Response Meeting
Step 4: Proposal with Price and MAN per day cost
Step 5: Acceptance and Date to start the project.
Customer and Legal Agreements
-> Code of Conduct Signing
-> NDA – non Disclosure Agreement
-> MOU – Momerendum Of Understand
Pen Testing Planning and Scheduling
VA : Web , Network , Mobile , Complaince
PT : Web , Network , Mobile , Complaince
Date Start : 21st Jan 2016 of Jan 26th Jan 2016
Total Number of Days : 6 Man Days
Green Zone : 2 3 Weeks 2 day : Sat Sunday
Night Shift : 8.00PM -> Monday 3AM Close 422 Servers
Sr. Resource : RM RM–> Single point of contact for the client.
Pre Pen Testing Checklist
1. License Requirements ????
2. List of tools to be used in the testing
3. Team Listing and Tracking
Types of Pen Testing
-> Internal : Network Pentesting and Internal Application Layer Pentesting inside which we try to audit and test all network assests of the organisation along with all in house web applications which runs on the network communication.
-> External : Web Application Testing + Pen testing through a company VPN.
-> White Box : Scope is clear, what os is running on each machines, open port details, service pack details , kernal details, critical or non critical details, version of services details and so on, application source code visibility etc etc.
-> Grey Box : List of IP addresses in terms of network PT and Host name details thats all. In web subdomain names and thats all.
-> Black Box : Webiste www.target.com IP List in scope.
Physical Security Penetration Testing
After virtual security auditings major coprorations may not deploy a huge amount and resources to ensure the physical environment is secure. Hence auditing physical security again can be a big task for these organisations.
Major Organisations which need physical Security.
– Nuclear Power Plants
– Space Stations
– Hydrogen Experimental sites
– Data Control Centers
etc etc etc…
Physical Security Check list Areas
1. Organisation Surroundings
2. Ensure the people in the organisation following the physical security rules.
– They must use icards for the authentication
– There must be a log manager of all the in-out activities
– There should be a physical resource person(team) who is monitoring 24*7 the in-out operational work by the employees.
– Reason for the visit should be validated.
Check list for entering the server room.
-> Name of the vistor
-> Company of the visitor
-> Company icard scanned copy.
-> Adhar Card/dl etc
-> Name of Person who is bringing the visitor
-> Company he belongs to
-> ICard number
-> Devices they are carrying
-> Hand over your phone in switched off mode to the gatekeeper
-> Locker Keys will be given back to you.
Within the working space physical security checklist
– Clean Desk policy
– After meeting and after all the chats and plans making, before you leave the office discussion room you have to clear the white board or glass on which you have wrote anything about the task to be executed.
– You have to shredder any document before throwing it in dustbin.
Dumpster Diving : Process in which where hacker sneak into the grabage of any home or organisations and look for something important.
– Make sure people in organisation not write any kind of information on sticky notes and on their desk with marker or pen.
Serious Security Checklist
1. There must be fire extinguisher in all the rooms and places in the organisation.
2. There must an AMC with the fire departmnet company.
3. There must be biometric authentication on server room.
4. There must be cameras inside the server room.
5. Electricity room and generater room should be at seprate locations.
ISO 27001 : Physical Security Control List
Watch Here Red Team Breach: https://www.youtube.com/watch?v=pL9q2lOZ1Fw
Database Penetration Testing
1. Authentication Bypass
2. Union Based SQL Injection
3. Blind Based SQL Injection
4. Error Based SQL Injection
5. Time Based SQL Injection
6. Double Query SQL Injection
7. Stacked Query SQL Injection
8. Head Based SQL Injection
9. Second Order SQL Injection
10. Boolean Based SQL Injection
11. XPath Injection
12. LDAP Injection
MS-SQL MYSQL : 5.0.45 Communicaty Edition
My-SQL : 3306
Step 1: Scan the system with nmap and identify the database port and its version.
nmap -A Traget IP
Step 2: Scanning Version : mysql_version
Step 3: info
Step 4: Set RHOSTS <IP address>
Step 5: run
Step 6:use auxiliary/scanner/mysql/mysql_login
Step 7: set USER_FILE root/Desktop/usernames.lst
Step 8: set PASS_FILE root/Desktop/passwords.lst
Step 9: run
VOIP Pentesting : Voice Over Internet Protocol.
ITs a process in which we try to sniff the voice packets and conversations with in the organisation in which certain VOIP devices are being used for internal communication.
Aviya : The most trusted brand in VOIP communication*
Put call through VOIP –> Target
Attacker : Intercept via Cain n Abel having SIP intercept facility.
Is to encrypt the packets coming out from devices.