Vulnerability Assessment and Penetration Testing How to VAPT
Vulnerability Assessment and Penetration Testing How to VAPT:-In this cyberpoint9 tutorial we are going to describe about the concept and meaning of VAPT in ethical hacking cyber programming. And also we will describe that how can we use ethical hacking for our safety.This is the free ethical hacking tutorials: course for Beginners And why we use ethical hacking to make more interactive and secure for our daily life. Best Online Tutorial for ethical hacking.When ever we want to learn any thing the things become more earlier is somebody/tutorial/study material taught us through Examples. Here we have tried to describe each and every concept of Ethickal and Cyber Security in the light of cyberpoint9.com best Hindi Short tutorial using simple and best possible example. These examples are so simple that even a beginner who had never even heard about hacking and Cyber law can easily learn and understand How the Ethical Hacking works in our today’s Technical Field. This is the best tutorial/Study Material very beneficial for beginners as well as Professional. The Complete Ethical Hacking Course:Beginner to Advanced for Every One!
INTRODUCTION TO VAPT(Vulnerability Assessment and Penetration Testing )
Let us First understand what does these 4 words mean –
Vulnerability : These are the loopholes, mistakes, security holes, security misconfiguration which leads a attacker to know that this target is weak.
Assessment : Assessment simply means Analysis and to examine the Vulnerability which helps a Attacker to mitigate and develop its attacking procedure and strategy.
Penetration : This means to attack and exploit a Vulnerable System which leads by the Vulnerability Assessment Report of the Target.
Testing : Testing means applying different different attacking processes which can lead to a successful attempt of the Attack.
The Term VAPT are two Different Processes, VA and PT.
VA : To just scan for loopholes and weak security points. In this phase we just scan for the devices, web application, server, network, website and database. We generate a report on the performed scan.
PT : To gain access into the scanned vulnerabilities. We just try to hack into the services, devices, web application, servers and databases via the scanned vulnerabilities.
Bug Bounty – https://www.bugcrowd.com/bug-bounty-list/
INTRODUCTION TO WEB SECURITY STANDARDS – OWASP TOP 10
OWASP stands for Open Web Application Security Program, is a no-profit organization and a community which focuses on the Security of the Web Application Vulnerabilities. It is a Web Application Security Standard Now which every organization follows.
All Full List of OWASP TOP 10-
It is a list generated by OWASP Organization which carries all the TOP 10 vulnerabilities of Web Applications worldwide. The list of Top 10 Vulnerabilities updates in every 2-3 Years which contains all the most common Vulnerabilities founding out in the Web Applications and the Attackers are Exploiting them. So, on the basis of those Top 10 Attacks, they create a list known as OWASP TOP 10.
OWASP TOP 10 – 2013
Injection is a attack vector in which a attacker insert some SQL queries in the input method of the Web Application which helps in extracting the juicy data of the Website from the Database. Types of Injections are basically – Union Based, Blind Based, Stacked Query Based, Error Based, Lightweight Directory Access Protocol (LDAP)Injections etc.
A2-Broken Authentication and Session Management
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.
A3-Cross-Site Scripting (XSS)
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
A4-Insecure Direct Object References
A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.
Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date.
A6-Sensitive Data Exposure
Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser.
A7-Missing Function Level Access Control
Most web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access functionality without proper authorization
A8-Cross-Site Request Forgery (CSRF)
A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
A9-Using Components with Known Vulnerabilities
Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts.
A10-Unvalidated Redirects and Forwards
Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
INTRODUCTION TO DBMS
A database is a place in the back-end where all the data and information will be stored.
DBMS(DATABASE MANAGEMENT SYSTEM)
DBMS stands for Database Management System is a program which manages the data incoming or outgoing, organizes it and provides ways for the data to be modified or extracted by users.The DBMS can Create, Insert, Modify, Delete and perform other operations on the Tables and Columns the Database we are operating on.
Databases stores data in the Forms of Tables, Columns and Rows.
Tables contains some columns having data and columns contains the rows having data.
Eg. Employee Record
Employee Name, ID , Contact number, email, address etc.
Name | EID | MOBILE NUMBER | EMAIL | ADDRESS |
sairam |12 | 898776566| | email@example.com| Bangalore|
SQL – Structured Query Language.
Basics of SQL
SQL is the language in which a Database can communicate by creating , modifying or inserting any type of data. Structured Query Language works on the basis of queries.
Queries are the commands used for creating, manipulating and deleting the data in the database.
SOME OF THE SQL QUERIES
= SELECT – extracts data from a database
= UPDATE – updates data in a database
= DELETE – deletes data from a database
= INSERT INTO – inserts new data into a database
= CREATE DATABASE – creates a new database
= ALTER DATABASE – modifies a database
= CREATE TABLE – creates a new table
= ALTER TABLE – modifies a table
= DROP TABLE – deletes a table
= SELECT * from trainees – Select everything from table name “trainees”
= WHERE – Showing the location of the data of the table,column etc.
= table_name : Table’s Name
= column_name : Column’s Name
= database() : Database’s Name
= version() : Database’s Version
Database = Cyberpoint9
Table = Trainees
Columns = Name, Address, Age, Contact Details
To Insert data in member table of Cyberpoint9 database
INSERT INTO `Trainees` (`Name`, `Address`, `Age`, `ContactDet`) VALUES (‘Sairam ‘, ‘Banglore’, ’23’, ‘998897363’);
LVS SETUP AND CONFIGURATION :Linux Virtual Server (LVS)
LVS stands for Linux Virtual Server (LVS) VAPT Simulator. It is a vulnerable web application created in html, php, css, SQL and JS which have all the major vulnerabilities practicals to let the user understand that what is the attack vector in this.
We have to host lvs in our localhost XAMPP server.
Setup and Configuration
Copy zip file into C:\xampp\htdocs
Right click the zip file, click on extract here
start xampp server, start apache and mysql
Open the browser, goto 127.0.0.1/lvs
It will show you a message “Click here to create the Database”.
After Clicking, your Database have been created in “127.00.0.1/phpmyadmin” which will lists out all the Databases.
Go through the Instruction Page of LVS and then start learning through it.
SQL INJECTION AUTHENTICATION BYPASS
Attack Vector :
To log in as an administrator, when you are just a simple user not administrator.
To log into someone’s account without the need of any username and password.
= OR GATE
= TAUTOLOGY CONDITION , WHERE ALL THE THREE VALUES ARE 1.
1 –> true
0 –> false
OR GATE : if any of the value is true or 1, the answer will always be true or 1
A | B | Resultant
0 | 0 | 0
1 | 0 | 1
0 | 1 | 1
1 | 1 | 1
1 : True – Administrator
1’or’1’=’1 : True – Administrator
x’or’x’=’x : True – Administrator
Database portal scenario of authentication
Username : 1’or’1’=’1
Password : 1’or’1’=’1 Administrator Access
Username : admin’or’1’or’1’=’1
Password : admin’or’1’or’1’=’1 Administrator Access