Difference: CisLab52014 (1 vs. 7)

Revision 72014-03-18 - JimSkon

Line: 1 to 1
 
META TOPICPARENT name="ComputerInformationSecurity2014"

Lab 5 - Introduction to penetration testing using Kali Linux

Overview

Line: 33 to 33
 
  1. How can Google be used to access someone's web cam?
  2. Google Hacking Database (GHDB) http://www.exploit-db.com/google-dorks/ . What is the point of this site? How can it be used?
  3. What is HTTrack? Use it to download at least two different websites.
Deleted:
<
<
  1. Fimap - Use it to look for vulnerabilities on you virtual machines (medispliotable, Windows 7, Windows 2008 Server). What did you find on each? (Kali Linux ( Tutorial Fimap Scan Website ),
  2. thc-ssl-dos - use it to attack medispliotable and Windows 2008 Server. Can you get to the system while it is being attacked? ONLY TARGET your own systems.
  3. Scapy - use scapy to generate at least 6 of the packets shown. Capture the output with WireShark , and confirm it's operation.
 

Step 3 - Web Vulnerability assessment

Revision 62014-03-18 - JimSkon

Line: 1 to 1
 
META TOPICPARENT name="ComputerInformationSecurity2014"

Lab 5 - Introduction to penetration testing using Kali Linux

Overview

Line: 33 to 33
 
  1. How can Google be used to access someone's web cam?
  2. Google Hacking Database (GHDB) http://www.exploit-db.com/google-dorks/ . What is the point of this site? How can it be used?
  3. What is HTTrack? Use it to download at least two different websites.
Changed:
<
<
  1. Fimap - Use it to look for vulnerabilities on you virtual machines (medispliotable, Windows 7, Windows 2008 Server). What did you find on each?
>
>
  1. Fimap - Use it to look for vulnerabilities on you virtual machines (medispliotable, Windows 7, Windows 2008 Server). What did you find on each? (Kali Linux ( Tutorial Fimap Scan Website ),
 
  1. thc-ssl-dos - use it to attack medispliotable and Windows 2008 Server. Can you get to the system while it is being attacked? ONLY TARGET your own systems.
  2. Scapy - use scapy to generate at least 6 of the packets shown. Capture the output with WireShark , and confirm it's operation.

Revision 52014-03-07 - JimSkon

Line: 1 to 1
 
META TOPICPARENT name="ComputerInformationSecurity2014"

Lab 5 - Introduction to penetration testing using Kali Linux

Overview

Line: 51 to 51
 
  1. Now try USCAN as above. Do some research, and explain the meaning and value of what you find.
  2. Finally try the same with FUZZ. What is FUZZ testing? What weaknesses did you find on the servers?
Added:
>
>

Step 4 - Vulnerability Assessment - Choose your own

In Chapter 3 of the Kali Text, there are write-ups on the following Vulnerability Assessment Tools:
  1. Skipfish
  2. ProxyStrike
  3. Vega
  4. Owasp-Zap
  5. Websploit

Select two of the tools. Work through the steps for using the tool, and try it out on the Windows 2008 server, Metasploitable, cs.mvnu.edu, shc.edu.bz servers. Write up your work in each, and include screens shots to demonstrate the operation.

 
META FILEATTACHMENT attachment="Web_Penetration_Testing_with_Kali_Linux.pdf" attr="" comment="Web Penetration Testing with Kali" date="1393740991" name="Web_Penetration_Testing_with_Kali_Linux.pdf" path="Web_Penetration_Testing_with_Kali_Linux.pdf" size="21193721" user="JimSkon" version="1"

Revision 42014-03-06 - JimSkon

Line: 1 to 1
 
META TOPICPARENT name="ComputerInformationSecurity2014"

Lab 5 - Introduction to penetration testing using Kali Linux

Overview

Line: 7 to 7
 

Readings

  1. Introduction to Kali
Changed:
<
<
  1. Web_Penetration_Testing_with_Kali_Linux.pdf: Web Penetration Testing with Kali
For this Lab read chapter 1 from Web Penetration Testing with Kali.
>
>
  1. Web_Penetration_Testing_with_Kali_Linux.pdf: Web Penetration Testing with Kali, Chapters 1-3
 

Step 1 - Install and setup Kali

Added:
>
>
For this Step read chapter 1 from Web Penetration Testing with Kali.
 Kali Linux is available here or from your instructor as a ready to run VM.

  1. Copy the decompressed Kali directory into you vmware folder
Line: 22 to 22
 
  1. Kali does no seem to set networking automatically. Open a terminal in Kali, type "dhclient -v eth0"
  2. Try to ping Google DNS: 8.8.8.8
Changed:
<
<

Step 2 - Reconnaissance

>
>

Step 2 - Basic Reconnaissance

For this Step read chapter 2 from Web Penetration Testing with Kali.

 
  1. View the Robots.txt at http://www.belize.gov.bz/robots.txt. Try several others. What do you learn from this?
  2. Use the way back machine to view old versions of SHJC and MVNU web sites. Try a few others.
  3. Use ARIN.NET to look up MVNU and 2 other organizations. What did you find out?
Line: 34 to 37
 
  1. thc-ssl-dos - use it to attack medispliotable and Windows 2008 Server. Can you get to the system while it is being attacked? ONLY TARGET your own systems.
  2. Scapy - use scapy to generate at least 6 of the packets shown. Capture the output with WireShark , and confirm it's operation.
Added:
>
>

Step 3 - Web Vulnerability assessment

For this Step read chapter 3 from Web Penetration Testing with Kali.

Read: http://www.geekyshows.com/2013/08/how-to-use-webshag-gui-in-kali-linux.html

Webshag - Webshag is a multi-threaded, multi-platform tool used to audit web servers.

  1. Review "how-to-use-webshag-gui-in-kali-linux.html" to see how to set up Webshag to work (instructions on setting up conf file)
  2. Try a PSCAN on you Windows 2008 server, Metasploitable, cs.mvnu.edu, shc.edu.bz. What is this doing? How is this information useful for possible exploiters?
  3. Try SPIDER exactly as in #2 above. Again, what is this doing? How is this information useful for possible exploiters?
  4. Now try USCAN as above. Do some research, and explain the meaning and value of what you find.
  5. Finally try the same with FUZZ. What is FUZZ testing? What weaknesses did you find on the servers?
 
META FILEATTACHMENT attachment="Web_Penetration_Testing_with_Kali_Linux.pdf" attr="" comment="Web Penetration Testing with Kali" date="1393740991" name="Web_Penetration_Testing_with_Kali_Linux.pdf" path="Web_Penetration_Testing_with_Kali_Linux.pdf" size="21193721" user="JimSkon" version="1"

Revision 32014-03-05 - JimSkon

Line: 1 to 1
 
META TOPICPARENT name="ComputerInformationSecurity2014"

Lab 5 - Introduction to penetration testing using Kali Linux

Overview

Line: 25 to 25
 

Step 2 - Reconnaissance

  1. View the Robots.txt at http://www.belize.gov.bz/robots.txt. Try several others. What do you learn from this?
  2. Use the way back machine to view old versions of SHJC and MVNU web sites. Try a few others.
Changed:
<
<
  1. Use ARIN.NET to look up MVNU and 2 other organizations.
>
>
  1. Use ARIN.NET to look up MVNU and 2 other organizations. What did you find out?
  2. Review the EDGAR site: http://www.sec.gov/edgar.shtml. What use might this site be to a hacker?
  3. How can Google be used to access someone's web cam?
  4. Google Hacking Database (GHDB) http://www.exploit-db.com/google-dorks/ . What is the point of this site? How can it be used?
  5. What is HTTrack? Use it to download at least two different websites.
  6. Fimap - Use it to look for vulnerabilities on you virtual machines (medispliotable, Windows 7, Windows 2008 Server). What did you find on each?
  7. thc-ssl-dos - use it to attack medispliotable and Windows 2008 Server. Can you get to the system while it is being attacked? ONLY TARGET your own systems.
  8. Scapy - use scapy to generate at least 6 of the packets shown. Capture the output with WireShark , and confirm it's operation.
 
META FILEATTACHMENT attachment="Web_Penetration_Testing_with_Kali_Linux.pdf" attr="" comment="Web Penetration Testing with Kali" date="1393740991" name="Web_Penetration_Testing_with_Kali_Linux.pdf" path="Web_Penetration_Testing_with_Kali_Linux.pdf" size="21193721" user="JimSkon" version="1"

Revision 22014-03-02 - JimSkon

Line: 1 to 1
 
META TOPICPARENT name="ComputerInformationSecurity2014"

Lab 5 - Introduction to penetration testing using Kali Linux

Overview

The goal of this lab is to begin to explore Kali, a Linux system used to probe and test systems for vulnerabilities.

Added:
>
>

Readings

  1. Introduction to Kali
  2. Web_Penetration_Testing_with_Kali_Linux.pdf: Web Penetration Testing with Kali
For this Lab read chapter 1 from Web Penetration Testing with Kali.
 

Step 1- Install and setup Kali

Kali Linux is available here or from your instructor as a ready to run VM.

Changed:
<
<
You can login with username: root, password: toor.
>
>
  1. Copy the decompressed Kali directory into you vmware folder
  2. Start VMWare Workstation 10.
  3. Browse to the VM, and open it. You should set the network to "NAT"
  4. Start the Kati system VM.
  5. Login with user root, password toor.
  6. Kali does no seem to set networking automatically. Open a terminal in Kali, type "dhclient -v eth0"
  7. Try to ping Google DNS: 8.8.8.8
 
Changed:
<
<
Review basic iformation on Kali here
>
>

Step 2 - Reconnaissance

  1. View the Robots.txt at http://www.belize.gov.bz/robots.txt. Try several others. What do you learn from this?
  2. Use the way back machine to view old versions of SHJC and MVNU web sites. Try a few others.
  3. Use ARIN.NET to look up MVNU and 2 other organizations.
 
META FILEATTACHMENT attachment="Web_Penetration_Testing_with_Kali_Linux.pdf" attr="" comment="Web Penetration Testing with Kali" date="1393740991" name="Web_Penetration_Testing_with_Kali_Linux.pdf" path="Web_Penetration_Testing_with_Kali_Linux.pdf" size="21193721" user="JimSkon" version="1"

Revision 12014-03-02 - JimSkon

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="ComputerInformationSecurity2014"

Lab 5 - Introduction to penetration testing using Kali Linux

Overview

The goal of this lab is to begin to explore Kali, a Linux system used to probe and test systems for vulnerabilities.

Step 1- Install and setup Kali

Kali Linux is available here or from your instructor as a ready to run VM.

You can login with username: root, password: toor.

Review basic iformation on Kali here

META FILEATTACHMENT attachment="Web_Penetration_Testing_with_Kali_Linux.pdf" attr="" comment="Web Penetration Testing with Kali" date="1393740991" name="Web_Penetration_Testing_with_Kali_Linux.pdf" path="Web_Penetration_Testing_with_Kali_Linux.pdf" size="21193721" user="JimSkon" version="1"
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback