Learning Pentest

Posted by Riino on

Outline

Computer network

  • HTTP

  • HTTPS

  • UDP/TCP

  • Proxy

  • ports and IP

nmap

  • Scan IP in selected scope

  • Scan IP randomly

  • Scan DNS address

  • Scan IP only

  • Scan UDP Service only

  • Check specific ports' status

  • Load scripts

  • Zenmap GUI

  • Nmap Cheat Sheet

Burp Suite

Request
Forward
Response
Response
Drop
Send
Send
Send
Request
Request
Request
Send
APP
Brup_Suite_Intercept
Server
N
Brup_Suite_Comparer
Brup_Suite_Decoder
Brup_Suite_Intruder
Brup_Suite_Scanner
Brup_Suite_Spider
Brup_Suite_Repeater
Brup_Suite_Sequencer

Practice

  • nmap practice

  • brup practice

  • google hacking practice

  • firece & thehavester learning

  • SQLmap learning

  • netcat learning

Vulnerability Knowledge

Unsecure mechanism

Login; Logout; CAPTCHA ; Directory; Local File Vulnerability; Remote file Vulnerability ; File Inclusion Vulnerability

Session Management Testing

HTTP Only scenario; Secure Cookies; Session Fixation; CSRF; Bypass anti-CSRF;

Input Validation Testing

CSS Attacks

  • Reflected
  • Stored
  • DOM-based

SQL injection

  • In-band SQL injection

    • Error-based

    • Union-based

  • Blind SQL injection

    • Boolean-based

    • Time-based

  • Out-of-band (OOB) SQL injection

  • Automation

    • Commix
  • Command Injection

  • XML/XPATH Injection

  • PHP Code Injection

CVE/CWE Cases

  • Druppal SQL injection CVE-2014-3704

  • SQLite Manager File Inclusion CVE-2007-1232

  • SQLite Manager XSS CVE-2012-5105

  • Heartbleed CVE-2014-0160

  • HTML5 Insecure local storage CWE-922

  • ShellShock CVE-2014-6271

OWASP

MS-SDL

https://www.microsoft.com/en-us/securityengineering/sdl/practices

Pen-testing

Scan Services
Intercept Communication
Testing
Bypass firewall
Scann ports, hosts
Bypass client-side CA
Burp Suit CA
Domain target
Generate payload
vulnerability database

Mobile Testing

  • MobSF learning/code reading

  • Pithos

  • Frida

  • iOS Jailbreak knowledge

  • Android smali scirpt editing

  • iOS client-side server CA

  • android client-side server CA

  • Bypass proxy CA issue

Hacking

Generate payload using metasploit

OWASP Mobile 10

SSDLC

  • Development lifecycle

  • Requirement -> Architecture -> Test Planning -> Coding -> Testing(CICD)-> Release

  • SSDLC Framework

  • NIST 800-64

  • MS SDL

    • Provide Training

    • Define Security Requirements

    • Define Metrics and Compliance Reporting

    • Perform Threat Modeling (e.g. STRIDE)

    • ThreatDesired property
      SpoofingAuthenticity
      TamperingIntegrity
      RepudiationNon-repudiability
      Information disclosureConfidentiality
      Denial of ServiceAvailability
      Elevation of PrivilegeAuthorization
    • Establish Design Requirements

    • Define and Use Cryptography Standards

    • Risk of 3-rd Components Management

    • Use approved tools

    • Static Security Testing (SAST)

    • Dynamic Security Testing (DAST)

    • Penetration testing

    • Establish Standard Incident Response Process

  • OWASP CLASP

    image-20211207155425732

Anti-Sql injection in development

Anti-XSS

Anti-CSRF

Anti-Code injection

  • XPath
  • Json