Welcome to my new column, dear reader.
Penetration testing(also known as Pentesting, PT, Ethical Hacking, Whitehat Hacking) can be defined as a legal and authorized attempt to locate and successfully exploit computer systems for the purpose of checking the system for possible vulnerabilities and conduct strategies to counter it and make the system more secure. The concept is probing the vulnerabilities as well as providing proof of concept(PoC) to demonstrate the attack. Proper penetration always ends with recommendations to fix or address the issue that were discovered during the test. It is advisable to conduct penetration testing on your system specially web server or websites to help secure the computer or networks against future attacks. The general idea is to find security issues by using the same techniques or tools used by attacker. These finding then be mitigated before a real attacker exploits them.
In the software industry, everything is getting easier, easier to use, easier to handle. The keywords are Plug and Play.
Now everyone can get on the Internet, your grandfather, your mother, and even your 4 years old sister. There is no need to be smart, no need to know anything about computers, and no need to have a brain. With more and more people on the net or using new technologies, more and more want to play around and learn about other systems by getting into to know how it works and creating new solution or extending it's capabilities for the better which formerly called "Hacking".
In basic penetration testing there are 3 major steps to succeed, also similar to hitting on a girl:
- Get a list of all visible targets
- Check if there is an easy way of scoring
- Try gettin' into it!
Some basic script you want to learn to assist with the scenario describe above, here's a simple script which can be used to hide your system in a given subnet. The script will generate a random number between 1 and 254. This number is to be used as the final octet in the IP address and it will automatically apply the IP address to the machine. To start, open your favorite editor and enter:
#!/bin/sh
echo "Setting up the machine, this might take a moment"
ifconfig eth0 down
ifconfig eth0 192.168.1.$((($RANDOM %254) + 1)) up
echo "You may now close this window and begin the attack... Good luck!"
Save the file eg. ip_gen.sh and you need the file to be executable when you run it, simply issue this command:
# chmod +x ip_gen.sh
To run the script, type the following command in your terminal:
# ./ip_gen.sh
If you want to do it the elite way, try writing your own elite script or integrate your script and add it as module in metasploit framework. Some possibilities to check includes:
- Check the rpcinfo which services are available
- Check malicious service that runs on run level for *nix platform using sysv-rc-conf
- Use Kali linux or Backtrack to test their security. It it's open, either get in or social engineer the admin by telling him bugs (lame!)
- Check with the 31337 SATAN!@# or malicous War3z
- Try some sendmail bugs
You can also use chkrootkit as additional checking for possible backdoor describe in here.
If the above ways sound too hard for you, do it the easy way.
Social engineer the administrators!
Image by fouroclockproject |
0 comments:
Post a Comment