Posts tagged Penetration Testing
below are Two methodologies for which describes how to conduct physical penetration testing using-social-engineering.
what is XSSer
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.
we will test this tool on the http://testasp.vulnweb.com/ vulnerable site.
how to use this too
- root@punter:/pentest/web# $ svn co https://xsser.svn.sourceforge.net/svnroot/xsser xsser
- root@punter:/pentest/web# cd xsser
- root@punter:/pentest/web/xsser# python XSSer.py -u “http://testasp.vulnweb.com” -g “Search.asp?tfSearch=” –proxy “http://127.0.0.1:8118″ –referer “666.666.666.666” –user-agent “correct audit” –Fuzz -s
- below are the results
see the above results which is marked with blue and the attack URl we will test the results manually to confirm the XSS vulnerability chk the below screenshot
This Tool Works Perfectly finding XSS using the Automation Process
SAP stands for Systems, Applications and Products in Data Processing, and is the world’s fourth largest software enterprise. SAP is headquartered out of Germany and is best known for its Enterprise Resource Planning (ERP) software which has deployments in over 41,000 companies around the world. Mariano’s presentation is very in-depth and starts with basics of a SAP installation and slowly builds on the various security vulnerabilities which exist and then moves on to how to exploit them while pentesting. He also discusses the open source tool Sapyto, which he maintains and distributes.
Detail Video on Testing SAP Applications
Slides from Mariano’s Blackhat presentation
Stumbled upon a website which tells about various python tools required for every Vulnerability research, reverse engineering and penetration testing.
Netwars is the ultimate online game: an adventure across the Internet. You can play as an analyst, a penetration tester, a defender, or any combination. You earn points by finding keys, moving to higher levels, capturing services such as a website, overcoming obstacles (attack techniques) and protecting resources (defensive techniques). You can see the other playersâ€™ scores and your own points scored, live, or on an overall scoreboard.
OverTheWire community can help you to learn and practice security concepts in the form of funfilled games.
LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
4)De-ICE live CDS
register and downlaod these Live Cd’s from http://heorot.net/forums
p0wnlabs is your place to hack, experiment and learn by doing.
Join up and you get access to online hacking challenges, exercises and virtual lab environments stocked with hacking challenges for your mind:
- Map a system
- Find it’s vulnerabilities
- 0wn it
- Try out new hacking tools
- Learn new hacking tricks
- Hone your skills