Lab 5 - Introduction to penetration testing using Kali Linux
Overview
The goal of this lab is to begin to explore Kali, a Linux system used to probe and test systems for vulnerabilities.
Readings
- Introduction to Kali
- Web_Penetration_Testing_with_Kali_Linux.pdf: Web Penetration Testing with Kali, Chapters 1-3
Step 1 - Install and setup Kali
For this Step read chapter 1 from
Web Penetration Testing with Kali.
Kali Linux is available
here or from your instructor as a ready to run VM.
- Copy the decompressed Kali directory into you vmware folder
- Start VMWare Workstation 10.
- Browse to the VM, and open it. You should set the network to "NAT"
- Start the Kati system VM.
- Login with user root, password toor.
- Kali does no seem to set networking automatically. Open a terminal in Kali, type "dhclient -v eth0"
- Try to ping Google DNS: 8.8.8.8
Step 2 - Basic Reconnaissance
For this Step read chapter 2 from
Web Penetration Testing with Kali.
- View the Robots.txt at http://www.belize.gov.bz/robots.txt. Try several others. What do you learn from this?
- Use the way back machine to view old versions of SHJC and MVNU web sites. Try a few others.
- Use ARIN.NET to look up MVNU and 2 other organizations. What did you find out?
- Review the EDGAR site: http://www.sec.gov/edgar.shtml. What use might this site be to a hacker?
- How can Google be used to access someone's web cam?
- Google Hacking Database (GHDB) http://www.exploit-db.com/google-dorks/ . What is the point of this site? How can it be used?
- What is HTTrack? Use it to download at least two different websites.
- Fimap - Use it to look for vulnerabilities on you virtual machines (medispliotable, Windows 7, Windows 2008 Server). What did you find on each?
- thc-ssl-dos - use it to attack medispliotable and Windows 2008 Server. Can you get to the system while it is being attacked? ONLY TARGET your own systems.
- Scapy - use scapy to generate at least 6 of the packets shown. Capture the output with WireShark , and confirm it's operation.
Step 3 - Web Vulnerability assessment
For this Step read chapter 3 from
Web Penetration Testing with Kali.
Read:
http://www.geekyshows.com/2013/08/how-to-use-webshag-gui-in-kali-linux.html
Webshag - Webshag is a multi-threaded, multi-platform tool used to audit web servers.
- Review "how-to-use-webshag-gui-in-kali-linux.html" to see how to set up Webshag to work (instructions on setting up conf file)
- Try a PSCAN on you Windows 2008 server, Metasploitable, cs.mvnu.edu, shc.edu.bz. What is this doing? How is this information useful for possible exploiters?
- Try SPIDER exactly as in #2 above. Again, what is this doing? How is this information useful for possible exploiters?
- Now try USCAN as above. Do some research, and explain the meaning and value of what you find.
- Finally try the same with FUZZ. What is FUZZ testing? What weaknesses did you find on the servers?
Topic revision: r4 - 2014-03-06 -
JimSkon