Penetration Testing: Basic Guide For Beginners

Now, hackers come in all shapes, sizes and colors. Hacking is a very wide term. And by the first sentence, I'm not referring to the physical characters of the hackers, I'm talking about the field of specialization. Believe me, there is a lot of work to do on the Wireless domain that we had been working on so far (we have only touched wireless networks for the time being - you are a beginner), but wireless hacking is but a small island in the vast sea of hacking. A relatively large landmass is unarguably Penetration Testing, and a large name in this context is Metasploit. So here's a guide which will give you a good idea about what Penetration testing is, and if you're feeling to lazy, I've got it summarized here.

Difference between hacking, etithical hacking and penetration testing

Hacker: simply a person who invades or interferes with another system with the intent to cause harm, without having any permission from the system owner.

Ethical hacker: a professional hired by an organization to review its security posture from the eyes of the hacker. Ethical hackers test vulnerabilities of the systems.

Penetration tester: a professional who goes a step beyond the ethical hacker and provides an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, either known and unknown hardware or software flaws, or operational weaknesses. These professionals are largely involved in remediation. The whole process involves a written consent and rules of engagement from the client, which clearly spell what they can or cannot do, "This is basically our 'get out of jail free' card," Bavisi says.

I am strongly recommend you to read my latest article to know more about hacking: Beginners Guide: What is Hacking and How to Become a Social Engineer

What is a penetration test?

What is penetration testing? Penetration testing, often called “pentesting”,“pen testing”, or “security testing”, is the practice of attacking your own or your clients’ IT systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network. The person carrying out a penetration test is called a penetration tester or pentester.

• How legal is it?

Let’s make one thing crystal clear: Penetration testing requires that you get permission from the person who owns the system. Otherwise, you would be hacking the system, which is illegal in most countries – and trust me, you don’t look good in an orange jump suit (or maybe you do, still I don't recommend going to jail for it, buy one if you need it). In other words: The difference between penetration testing and hacking is whether you have the system owner’s permission. If you want to do a penetration test on someone else's system, it is highly recommended that you get written permission. Much better, get your virtual machine up and running, with your already acquired VMWare skills, and practice on your own system.

• What is a vulnerability?

A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. A vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities. (SQL injection is another topic I'd like to touch. Later maybe. I'm taking up too many tasks at hand at once.)

• What is security research?

Vulnerabilities are typically found by security researchers, which is a geeky term for smart people (how much we hackers love to call our self smart, especially the beginners who get too cocky) who like to find flaws in systems and break them.

• What is an exploit?

To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system. Exploits often deliver a payload to the target system to grant the attacker access to the system.

The Metasploit Project host the world’s largest public database of quality-assured exploits. Have a look at their exploit database – it’s right here on the site mentioned in the beginning of the article.

• What is a payload?

A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit. Just imagine an exploit that carries the payload in its backpack when it breaks into the system and then leaves the backpack there. Yes, it’s a corny description, but you get the picture.Metasploit’s most popular payload is called Meterpreter, which enables you to do all sorts of funky stuff on the target system. For example, you can upload and download files from the system, take screenshots, and collect password hashes. You can even take over the screen, mouse, and keyboard to fully control the computer. If you’re feeling particularly bad-ass, you can even turn on a laptop’s webcam and be a fly on the wall.I would say that a payload is what exploits the 'exploit' and gives you some control over the exploited victim. Meterpreter is THE exploit, cause it doesn't give you 'some' control, it gives you ALL of it (that's some way to put it, yes,but not completely true. It still is the best payload. Beginners/noobs really enjoy the GUI feature available in this payload)

Getting Started With Penetration Testing

I see a lot of advice given to people when they ask the question "How do I get into pentesting?"The answer usually goes like use metasploit / armitage and exploit vulnerable XP systems. This approach is incorrect. Not completely, since stuff that actually works is bound to be more interesting than boring theory, but it is definitely not gonna help you in the long run. To get into penetration testing and bug spotting you first need to know what you're looking for. Tools will only take you so far, personally I don't think you should automate your pentesting until you can do it manually.

Now for the basic definitions of the terms related to penetration testing, here are a few resources that you should see. While I'm condemning the method of directly moving on to using tools, ironically, that's what we are going to do from the next tutorial onward. So before we get started, here are a set of websites that you might want to check which will give you an idea of what manual work do the tools automate. This information will be valuable once you start Penetration Testing secure networks for big security firms. Automated tools are not gonna help there.

Important Resources

• Web Penetration Testing Lab

Web applications have become common targets for attackers. Attackers can leverage relatively simple vulnerabilities to gain access to confidential information most likely containing personally identifiable information.While traditional firewalls and other network security controls are an important layer of any Information Security Program, they can’t defend or alert against many of the attack vectors specific to web applications. It is critical for an organisation to ensure that its web applications are not susceptible to common types of attack.

Best Practice suggests that an organisation should perform a web application test in addition to regular security assessments in order to ensure the security of its web applications.In this article i will explain to you a lists of common vulnerable web applications to built your first web penetration testing lab in Kali Linux.

Read more here

• Sql Injection

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. 

SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

Read more here

• Metasploit

Metasploit is one of the most popular open source penetration testing frameworks available today. It offers tons of tools that range from scanning utilities to easy to launch exploits that include encoders used to bypass common security defenses. I’ll walk you through an example by compromising a Windows based authentication server that is not properly patched.

The easiest way to start using metasploit is to download a penetration testing arsenal that includes the metasploit framework such as Kali Linux. Kali Linux is an operating system designed for digital forensics and penetration testing . From Kali, you can run metasploit directly through command line, access a Metasploit GUI front end called Armitage or use Metasploit packages available in tools like the Social Engineering Toolset (SET). In my example, I’ll use the traditional command line.

Read more here

What to do next

Go ahead learning more tutorials, :)here is a list of all related posts from this blog.

• Look into the related articles from our course Become a Hacker.

• Here is 6 levels of pentesting, you should most probably go in this order.

Level 1: [METASPLOIT TUTORIAL] Hacking Windows XPLevel 2: Kali Linux Tutorial: Find Vulnerabilities for Any Website Using NiktoLevel 3: Kali Linux Tutorial: Hack Your Own Network and Beef Up Its SecurityLevel 4: Crack Online Passwords Using THC-Hydra in Kali LinuxLevel 5: Hack Wi-Fi WPA/WPA2 With Kali LinuxLevel 6: Hack Android Remotely Using Kali Linux

Setting Up BurpSuite Web Hacking Tool with Firefox and FoxyProxy

Burp Suite is an integration of various tools put together for performing security testing of Web applications. Burp Suite helps the penetration tester in the entire testing process from the mapping phase through to identifying vulnerabilities and exploiting them. This Burp Suite guide will help you to download and sett up BurpSuite web hacking tool with Firefox and FoxyProxy.

Web application vulnerabilities offer a large amount of risk to enterprise systems. Many web application vulnerabilities are a result of lack of input sanitization to the web application. In short, web applications leverage some form of input from the user and may process that information to serve content on the web application, or retrieve data from other parts of the system. If input isn’t properly sanitized, an attacker can send in an non-standard input to misuse the web application. 

In an effort to share techniques and knowledge learned over our time in the application security field, we'll be doing a series of blog posts on introducing people to Burp Suite. This first post will be an overview of how to get started with Burp and a browser for testing. We'll continue this series with other topics related to getting started in application security and testing web applications with Burp. Enjoy!

Everyone has their favorite security tools, but when it comes to mobile and web applications I’ve always found myself looking BurpSuite square in the eye. It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I’m just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you’re ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I’ll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we’ll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later

Knowledge of Firefox Add-ons and installation

The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.html and make a note of where you save it.

Install the FoxyProxy Standard add-on for Firefox from https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

Navigate to the directory you’ve downloaded BurpSuite to and double click the burpsuite_free_vx.x.jar file, in this example the file should be burpsuite_free_v1.5.jar

If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait. Soon you’ll see the loading splash screen followed by the program

                  

BurpSuite is a proxy, which means that you’ll be forwarding all of the web traffic from your browser through BurpSuite so that you can see each HTTP Request and Response and manipulate it to your heart’s content. First, let’s configure this thing.

Click on the Proxy tab located on the top row, and then click the options tab just below in the second row.

You’ll notice all of the proxy settings available here, but there’s a few we want to focus on to get started. First, Look at the Proxy Listener section and make sure that the checkbox under the “Running”  column is selected and that the interface reads 127.0.0.1:8080

Next, make sure that the checkboxes for “Intercept requests based on the following rules” and “Intercept Responses based on the following rules” are checked in the following sections.

This will ensure that you capture both HTTP Requests you send and the Responses from the server.

Now, let’s head into firefox and configure FoxyProxy to route traffic through Burp for analysis. Open up Firefox, and note the FoxyProxy icon next to the address bar.

         Left click on the icon to open the configuration screen.

   Your default screen will look something like this

We will want to add a new proxy by clicking the “Add New Proxy” button. This will open up a window and pop you right on the Proxy Details screen with the Radio button “Manual Proxy Configuration” Selected. This is exactly what we want.  All we have to do here is fill in the same settings we placed in Burpsuite. IP address equal to “127.0.0.1” and Port equal to “8080”

Next head over to the “General Tab” at the top and fill in the details. It’s best to call it something you recognize, like “BurpSuite”

Go ahead and click OK and now we can start using our proxy.

Once you save you may see a notice that you haven’t enabled any whitelisted URL patterns. This is one of the features in FoxyProxy that will allow you to use multiple proxy services based on specific URL patterns. We won’t get into that in this guide, so for now just ignore the message for the time being and click “Yes”.

You’ll now see your newly added Proxy on the list. Make sure the enabled column is checked and click close

Now, remember that icon from earlier next to the address bar? If you right click, you’ll be able to select “Use proxy BurpSuite for all URLs”. Make sure Burp is running and visit any website you like. We’ll go to Google for now, so just type http://www.google.com into the address bar and click Go. If it appears that Firefox is taking forever to connect, it’s likely because burp is capturing the request, if not, you may have to enable intercepting in Burp, so let’s go over that now.

Go to BurpSuite and select “Proxy” on the top row of tabs, and “Intercept” in the second row of tabs, both highlighted orange here.

You will notice that my request to Google has been captured by BurpSuite. If you don’t see this you want to make sure that the “Intercept is On” button appears as circled in orange. If it’s set to “Intercept is off” your traffic is likely going through Burp but you’re not watching each request.

Moving forward, you can click the “Forward” button and look at each request and response as it comes through. You will see a blank white screen if there are no more requests or responses to pass.

If we head back to the browser you may see this message if you’re using Google over HTTPS.

You can add an exception everytime this happens when you’re using a proxy, but that can get a little annoying. We can also set Firefox to trust the burp certificate so that we don’t get this error.

The Professional version of burp allows us to get the certificate pretty easily, but in the free version we have to do a little work.

Since we're already on a page using HTTPS we can click "Add Exception...". If you navigated away from the page, simply visit any https enabled website and go from there.

Next you'll see the add exception screen which will allow us to view the certificate. Go ahead and click the View... button.

Here, you'll see that you have a certificate your browser is warning you about. Since we know that the Portswigger CA is us, we can go ahead and install this into Firefox, but in order to do this we'll need to export the certificate and note the location. Some important things to note here:

Make sure you select "PortSwigger CA" under the details of the certificate viewer before clicking export.

Make sure you save as the X.509 .crt, .pem file tye.

Click Save, and note the location.

We have to make sure this certificate is installed in Firefox. Accomplishing this is as easy as going into the options of Firefox and selecting "View Certificates" under "Advanced" in the Firefox Options pane.

On the next screen we just want to select import.

Select the certificate you exported earlier from the noted location and click OK. You will be prompted to select the type of trust for the certificate. You'll want to select "Trust this CA to identify websites"

If done correctly you should be able to find the "Portswigger CA" Certificate name under the "Authorities" tab.

Now, you should be able to navigate to any SSL site in burp without being prompted to trust the certificate. 

The next tweak we want to make is to disable Google Safebrowsing. Safebrowsing is obviously enabled for a reason but it can cause unwanted traffic during tests so we will disable it. 

• Firefox button > Options > Options (or Tools > Options) > Security

And unchecking both "Block Reported attack sites" and "Block reported web forgeries".

I certainly hope this guide has been helpful in getting you up and running easily with BurpSuite. We'll be posting some additional tidbits in the near future on using Burp effectively.

Top Ten Popular Hacking Tools - 2015

Here is the top ten hacking or penetration testing tools listed by the popularity in 2014-2015. Hacking tools are developed by some really good coders out there to ease out many complex tasks which have to be done manually and took painstakingly great deal of time and effort.All these tools provided at free of cost,are tried hands on and are being actively developed by community,and if not,their alternatives are provided.To summarize it up, these are the top ten popular hacker tools.

1 - Metasploit 

Metasploit has become over the years the best framework to conduct penetration testing on network systems and IT infrastructure. The Metasploit Project, or better known as simply '' is a hugely popular pentesting or hacking tool that is used by cyber security professionals and ethical hackers. Metasploit is essentially a computer security project that supplies information about known security vulnerabilities and helps to formulate penetration testing and IDS testing.

Metasploit is in fact a sub-project of the Metasploit Framework. This hacker tool and framework is best known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Recommended to read: Introduction to using Metasploit in Kali Linux

2 - Burp Suite

Burp Suite is one of the best tools available for web application testing. Its wide variety of features helps us perform various tasks, from intercepting a request and modifying it on the fly, to scanning a web application for vulnerabilities, to brute forcing login forms, to performing a check for the randomness of session tokens and many other functions. In this article we will be doing a complete walkthrough of Burp Suite discussing all its major features.

Burp Suite has several features that can help the penetration tester or ethical hacker. Two commonly used applications used within this tool include the 'Burp Suite Spider' which can enumerate and map out the various pages and parameters of a web site by examining cookies and initiates connections with these web applications, and the 'Intruder' which performs automated attacks on web applications.

Burp Suite is an excellent web hacking tool that many pentesters use to test the vulnerability of websites and web applications. Burp suite works by using detailed knowledge of the application that has been targeted within the HTTP protocol. The tool works through an algorithm that is configurable and that can generate malicious attacking HTTP requests that a hacker would use. Burp Suite is particularly useful for discovering vulnerabilities such as SQL injections and cross-site scripting.

Recommended to read: Setting Up BurpSuite Web Hacking Tool with Firefox and FoxyProxy

3 - Kali Linux

Although not really a 'hacking tool' this is very popular Linux Distro for hackers. Kali Linux contains 300 hacker tools list within a stable enviornment and was re-launched several years back from the previous BackTrack project. The Linux Distrobution is very well supported and has an excellent community.

Recommended to read: An Introduction To Hacker’s OS: Kali Linux And Setup Tutorial

4 - Angry IP Scanner

Angry IP Scanner, also known as 'ipscan' is a freely available (open-source and cross-platform) hacking network scanner that is both fast and easy to use. The main purpose of this hacking tool is to scan IP addresses and ports to find open doors and ports. Worth noting that Angry IP Scanner also has a bunch of othere uses as well. Common users of this hacking tool includes network administrators and system engineers.

5 - Snort

Snort is an awesome hacking and network tool that can be configured in one of three modes: it can either be used as a sniffer, packet logger, or within network intrusion detection. In the (more commonly used) sniffer mode, this hackers program will read (sniff) network packets and display them on a GUI. In the packet logger mode, Snort will audit and log packets to the disk. In intrusion detection mode, Snort monitors network traffic and analyzes it against a rule set defined by the user.

Recommended to read: Snort OpenAppID Introduction And Configuration Guide

6 - Cain & Abel

Cain &Abel is a password recovery tool that is mostly used for Microsoft Operating Systems. This popular hacking tool allows the user to seek the recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks. Cain, as it is often referred to, can also record VoIP conversations, decode hashed scrambled passwords, recover wireless network keys and more! If you need a solid password cracking platform then look no further, Cain is certainly your friend.

7 - THC Hydra

Although often considered as yet another password cracker, THC Hydra is hugely popular and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH.

Recommended to read: How to Crack Online Passwords Using THC-Hydra in Kali Linux

8 - Ettercap

Ettercap has a huge following and is widely used by cybersecurity professionals. Ettercap works by placing the users network interface into promiscuous mode and by ARP poisoning the target machines, i.e. facilitating a 'Main In The Middle' or MITM attack. Once successfull Ettercap (and the hacker) can deploy various attacks on the victims. A popular feature about Ettercap is its' ability to support various plugins.

Recommended to read: Man In The Middle Attack Using Ettercap In Kali Linux

9 - John The Ripper

John the Ripper is a popular password cracking pentesting tool that is most commonly used to perform dictionary attacks. John the Ripper takes text string samples (from a text file, referred to as a wordlist, containing popular and complex words found in a dictionary or real passwords cracked before), encrypting it in the same way as the password being cracked (including both the encryption algorithm and key), and comparing the output to the encrypted string. This tool can also be used to perform a variety of alterations to dictionary attacks.In addition, John also offers a bunch of brute force options using frequency tables to try plain texts containing more frequently used characters.

10 - Wapiti

Wapiti has a very loyal following. As a pentesting tool (or framework) Wapiti is able to scan and detect hundreds of possible vulnerabilities. Essentially this Multi Purpose Hacker Tools can audit the security of web applications by performing "black-box" scans, i.e. it does not study the source code of the application but will scan the HTML pages of the application seeking scripts and forms where it can inject data.

Recommended article to learn hacking: How To Become A Hacker - Complete Guide For Beginners 2015