Penetration Test with Linux Kali

I recommend you to install Linux Kali (It is an OS for cyber security test. There area lot of tools for cyber security) for penetration test. You can use Oracle virtual box or hyper-v feature of Windows.
I installed Oracle virtual box and I had some problems. See http://www.myiteducation.org/2018/10/hyper-v.html for the solution.

I installed Kali Linux VMware Images which I download from Kali Linux website. (I did not install at the beginning. I install the image directly. Think this image as a backup. The username is root and the password is toor)

Then, open the terminal and update your Kali by typing
apt-get update : It gets updates.
apt-get upgrade :The new packages will be downloaded. Some questions may be asked when you run this command. Read the description and click on YES or NO.

Collecting Data for the Penetration Test:

This part is important. IT person should aware the company workers for the following items. 

Social Engineering: Getting data from people. There is no rule for that. 
For example:
Someone can call the company via phone or email to ask important data. 
Someone can act a tech person who comes from internet provider company to enter to server room.
The website can be fake and it can steal your login credentials. (Phishing: It comes from Password + Fishing) SET can be used for it.

LINUX KALI APPS:
SET (Social Engineering Toolkit): It is a tool of Kali.
You can clone a website and steal users' info. Just search "social engineer" on Linux Kali. Everything is clear and explained on command line. I also recommend you to watch a Youtube video. You can also export the results. If you close SET, the fake website will die.

theharvester: Open theharvester by searching it on Kali.
Ex: theharvester -d myiteducation.org -l 200 -b google
-d : target domain name
-l : the number of the list
-b :in which searching engine, you can type google, bing, all.

dirbuster: Find Directories in Websites. You can search by a wordlist.

Commands:
Ping: You can see the website IP address; by pinging on terminal or command window. The IP address of the website will be show up on the terminal.

Whois: Type whois myiteducation.org on Kali command and see the details of the website.

traceroute: You can see the details of network package when it is send such every host address.
nslookup: see the dns server
dig: to see dns server with details
whatweb: it gives main details about a website Ex: whatweb myiteducation.org

Other ways to collect data:

  • from who.is website or similar websites
  • Archive websites such as archive.org and shodan.io
  • Searching Engine: Google, Bing
  • Google Hacking Database (GHDB): You will find search terms for files containing usernames, vulnerable servers, and even files containing passwords.
  • Social Network: Facebook, Twitter, Instagram, Linkedin, pipl.com
  • robtex.com: You can find data of a domain.

Password Cracking:

We can use Brute Force to crack password. (trial and error method) There are a lot of word-lists. We will use those wordlists. You can't use wordlists for username and password at the same time. Also, we can use Crunch to create a wordlist.
Some password cracking Kali tools are:
  • John The Ripper
  • Hashcat
  • Aircrack: It is being used to crack wifi password. 
  • Cain & Abel
  • Hydra
  • Medusa: https://www.youtube.com/watch?v=nbH_BSGVt9M
I recommend you to watch some YouTube videos related them.
Pay attention to lowercase/uppercase letters. Also, you can drag the file tools' commands screen.
You can download word list from internet.

Nmap (Network map) or Zenmap: 

To see which ports are open and the other details of a network. Zenmap is graphical user interface (GUI) of nmap.


Scan a single IP:  nmap 192.168.1.1

Scan a host: nmap www.testhostname.com

Scan a range of IPs: nmap 192.168.1.1-20
Scan a subnet: nmap 192.168.1.0/24

Scan targets from a text file: nmap -iL list-of-ips.txt

Scan a single Port: nmap -p 22 192.168.1.1
Scan a range of ports: nmap -p 1-100 192.168.1.1
Scan 100 most common ports (Fast): nmap -F 192.168.1.1
Scan all 65535 ports: nmap -p- 192.168.1.1

To export result as text document: nmap -oN cikti.txt 192.168.1.1
[ nmap -oN ( If you put O upper, it won't work) cikti.txt (file in adi. Direkt home folder inin icine atiyor.) 192.168.1.1 ( IP address)]

nmap -oN Downloads/cikti.txt 192.168.1.1  => File i Downloads in icinde olusturur. Uppercase or lowercase is important at Command line. If you type "downloads" instead of "Downloads"; it doesn't work.
nmap -sS -A -Pn -oA sonuc 192.168.1.1
-sS: Syn scan (taramasi) -A: version & operating system bilgisi  -Pn: Ping atma  -oA: save the scan result in 3 different format

nmap --script ftp-vsftpd-backdoor -p 21 192.168.1.1
--script: Nmap scriptlerini kullanmamizi saglar. -p 21: Port 21 de scripti calistirir.

nmap -sS -sV -Pn -top-ports 10 192.168.1.1:
-sS: Syn scan (taramasi) -sV: version bilgisi  -Pn: Ping atma  -top-ports 10: scan top 10 port

I recommend you to check online for more commands.
https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
https://www.networkcomputing.com/networking/nmap-tutorial-common-commands/page/0/1
Port Scanning Techniques and Algorithms (ACK, SYN, FIN Scan)

DVWA Tool

You can do following things by using DVWA. To install DVWA: https://www.youtube.com/watch?v=Zh7WCKVuz1c

1- Blind SQL Injection

First you need find there is a SQL or not!

2- XSS (Cross Site Scripting)

https://www.youtube.com/watch?v=M_nIIcKTxGk
Payload is the key. A payload is the malicious script you send hoping that it will be executed. There are 3 types XSS.
  • Reflected XSS: You can test it by writing <script>alert(1)</script> or <svg onload = prompt(1)> If 1 shows up, it means there is security gap. (security hole)
  • Stored / Persistent XSS: DVWA is a tool for it!
  • Dom XSS: 

3- CSRF (Cross Site Request Forgery) 

You can 

4- Other: Command Execution, File Upload... etc.

Hping3:

hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies.

Netcat (nc):

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.


ARP Poisining, MITM via Ettercap:

You can steal the login credentials!
ARP spoofing is an attack against an Ethernet or Wi-Fi network to get between the router and the target user. In an ARP spoofing attack, messages meant for the target are sent to the attacker instead, allowing the attacker to spy on, deny service to, or man-in-the-middle a target. One of the most popular tools for performing this attack is Ettercap, which comes preinstalled on Kali Linux.


Metasploit:

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

Other Tools: 

  • Hash & MD5 Decrypter:  https://www.youtube.com/watch?v=cczlpiiu42M There is also rainbow table which shows string and string's hash together. If the rainbow table is used, it will be faster to crack hash.
  • Wireshark: Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development. You can also collect packet and find the password for non-SSL website including firewall, iboss devices http pages. 
  • Virustotal: Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. https://www.virustotal.com

Graphical tool for testing Web application security

  • Burp Suite
  • Netsparker Cloud

To find security gap in network:

  • OpenVAS:
  • Nessus: Not free. It can be installed on Win10.  You can use this software to find security gap and do your other parts with Kali.
  • Qualys:
  • Network Scanner:
  • Nexpose:

To find security gap on websites:

  • Nikto: You can use it for XSS, SQL Injection.
  • Wpscan :  It is for WordPress websites. You can use Username Enumeration, Password Bruteforce, Wordpress Version Enumeration, and Plugin, Theme Vulnerability Enumeration
  • Joomscan: It is for Joomla websites.
  • Netsparker
  • Acunetix

Preparing Backdoor:

A backdoor is a method, often secret, of bypassing normal authentication or encryption in a computer system, a product, or an embedded device. In turkish; sizma

Tomcat, Kevgir, Metasploitable2 are important terms.

Comments

  1. http://www.cozumpark.com/forums/thread/492.aspx

    This website is for Turkish guys.

    ReplyDelete
  2. Astonishing online journal, Which you have shared here about penetration test. This article is educational and I got a kick out of the chance to watch it. Much obliged to you. oracle fusion scm

    ReplyDelete

Post a Comment

Popular posts from this blog

Synology DiskStation Quick Installation

iBoss Tips&Problems

Sonicwall; Open a port and how to use sonicwall wizard