Posts tagged Penetration Testing

Two methodologies for physical penetration testing using social engineering

1

below are Two methodologies for which describes how to conduct physical penetration testing using-social-engineering.

http://whitepapers.hackerjournals.com/wp-content/uploads/2010/07/Two-methodologies-for-physical-penetration-testing-using-social-engineering.pdf

 

Detecting and exploiting XSS injections using XSSer Tool

3

what is XSSer

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

we will test this tool on the http://testasp.vulnweb.com/ vulnerable site.

how to use this too

  1. root@punter:/pentest/web# $ svn co https://xsser.svn.sourceforge.net/svnroot/xsser xsser
  2. root@punter:/pentest/web# cd xsser
  3. root@punter:/pentest/web/xsser# python XSSer.py -u “http://testasp.vulnweb.com” -g “Search.asp?tfSearch=” –proxy “http://127.0.0.1:8118″ –referer “666.666.666.666” –user-agent “correct audit” –Fuzz -s
  4. below are the results

see the above results which is marked with blue and the attack URl we will test the results manually to confirm the XSS vulnerability chk the below screenshot

This Tool Works Perfectly finding XSS using the Automation Process

SAP Penetration Testing Video and Slides by Mariano Nunez Di Croce

5

SAP stands for Systems, Applications and Products in Data Processing, and is the world’s fourth largest software enterprise. SAP is headquartered out of Germany and is best known for its Enterprise Resource Planning (ERP) software which has deployments in over 41,000 companies around the world. Mariano’s presentation is very in-depth and starts with basics of a SAP installation and slowly builds on the various security vulnerabilities which exist and then moves on to how to exploit them while pentesting. He also discusses the open source tool Sapyto, which he maintains and distributes.

Detail Video on Testing SAP Applications

http://www.securitytube.net/SAP-Pene…%29-video.aspx

Slides from Mariano’s Blackhat presentation
http://www.blackhat.com/presentation…ing-slides.pdf

Python tools for penetration testers

2

Stumbled upon a  website  which tells about various python tools required for every Vulnerability research, reverse engineering and  penetration testing.

http://dirk-loss.de/python-tools.htm

Learning Penetration Testing skills in Today’s Chaotic World

0
In my previous post i was talking about vulnerable web applications for Beginners today we will see how can we Learn Penetration Testing skills in Today’s Chaotic World below are the few Hacking and Vulnerable Labs/Live CD’s to test ur Penetration Testing skills.

1)http://www.netwars.info/

Netwars is the ultimate online game: an adventure across the Internet. You can play as an analyst, a penetration tester, a defender, or any combination. You earn points by finding keys, moving to higher levels, capturing services such as a website, overcoming obstacles (attack techniques) and protecting resources (defensive techniques). You can see the other players’ scores and your own points scored, live, or on an overall scoreboard.

2)http://www.overthewire.org/wargames/

OverTheWire community can help you to learn and practice security concepts in the form of funfilled games.

3)http://sourceforge.net/projects/lampsecurity/

LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.

4)De-ICE live CDS

These live CDS Intended to provide legal targets in which to practice and learn PenTest skills, these LiveCDs are real servers that contain real-world challenges. Designed by professional penetration testers,each disk provides a learning opportunity to explore the world of penetration testing.
register and downlaod these Live Cd’s from http://heorot.net/forums

de-ice.net-1.100-1.1.iso
de-ice.net-1.110-1.0.iso
de-ice.net-2.100-1.1.iso
hackerdemia-1.1.0.iso
pWnOS.tar.gz

5) http://p0wnlabs.com/

p0wnlabs is your place to hack, experiment and learn by doing.

Join up and you get access to online hacking challenges, exercises and virtual lab environments stocked with hacking challenges for your mind:

  • Map a system
  • Find it’s vulnerabilities
  • 0wn it
  • Try out new hacking tools
  • Learn new hacking tricks
  • Hone your skills
Important:dont try these Live CD’s on production envirnoments make sure u try out in Vmware,If you know any other Live Cd’s or projects please comment i will update the post
Go to Top