pentester_academy_external_security_testing__part_1
############################################################
# Pentester Academy External Security Testing Walk-Through #
############################################################
My good friend Vivek Ramachandran asked me to do a set a videos for Pentester Academy.
Vivek is a such a dear friend so I couldn't say no. I sincerely hope that you guys find this valuable.
If you want to follow along with me you can use this Pastebin for all of the download links for the slides, the virtual machine, and the list of all of the commands I will be covering today.
Here are the slides I am using today:
https://ift.tt/2O4w2ZI
##########
# VMWare #
##########
- For this workshop you'll need the latest version of VMWare Workstation (Windows), Fusion (Mac), or Player.
- A 30-day trial of Workstation 11 can be downloaded from here:
- https://ift.tt/1tK6Xld
- A 30-day trial of Fusion 7 can be downloaded from here:
- https://ift.tt/1lAkLQB
- The newest version of VMWare Player can be downloaded from here:
- https://ift.tt/1yMA5fS
- Although you can get the VM to run in VirtualBox, I will not be supporting this configuration for this class.
################################
# Download the virtual machine #
################################
https://ift.tt/1uXNhiP
username: strategicsec
password: strategicsec
############################################
# Identifying External Security Mechanisms #
############################################
Performing an external penetration test today is significantly harder than it was years ago.
There are so many external security mechanisms such as load balancers, reverse proxies, intrusion prevention systems, and web application firewalls.
Ok, let's do this!
###########################
# Target IP Determination #
###########################
cd /home/strategicsec/toolz
perl blindcrawl.pl -d motorola.com
-- Take each IP address and look ip up here:
https://ift.tt/wZYDu0
cd ~/toolz/fierce2
fierce -dns motorola.com
cd ..
Zone Transfer fails on most domains, but here is an example of one that works:
dig axfr heartinternet.co.uk @ns.heartinternet.co.uk
cd ~/toolz/
./ipcrawl 148.87.1.1 148.87.1.254 (DNS forward lookup against an IP range)
sudo nmap -sL 148.87.1.0-255
sudo nmap -sL 148.87.1.0-255 | grep oracle
###########################
# Load Balancer Detection #
###########################
Here are some options to use for identifying load balancers:
- https://ift.tt/1OtmCWh
- Firefox LiveHTTP Headers (https://ift.tt/2oVE3oK)
Here is an example:
https://ift.tt/2O09RDJ
We found out that they are using a Citrix Netscaler Load Balancer.
192.193.103.222 Citrix Netscaler
192.193.219.58
Here are some command-line options to use for identifying load balancers:
dig google.com
cd ~/toolz
./lbd-0.1.sh motorola.com
halberd microsoft.com
halberd motorola.com
halberd oracle.com
##################################
# Intrusion Prevention Detection #
##################################
osstmm-afd -P HTTP -t www.strategicsec.com -v
cat /etc/xinetd.d/ssltest
cat /home/strategicsec/toolz/ssl_proxy.sh
service xinetd status
osstmm-afd -P HTTP -t 127.0.0.1 -p 8888 -v
****** If you are getting your IP blocked you can use a service like AceVPN to give you multiple IPs to launches your tests from. ******
######################################
# Web Application Firewall Detection #
######################################
cd ~/toolz/wafw00f
python wafw00f.py http://www.oracle.com
python wafw00f.py https://ift.tt/JZLILf
cd ~/toolz/
sudo nmap -p 80 --script http-waf-detect.nse oracle.com
sudo nmap -p 80 --script http-waf-detect.nse imperva.com
################################################
# 3rd Party Scanning, and scanning via proxies #
################################################
https://www.shodan.io
Create a FREE account and login
net:129.188.8.0/24
cd /home/strategicsec/toolz/
perl proxyfinder-0.3.pl multiproxy 3 proxies.txt <-- This takes a long time to run, but provides a good list of proxies
sudo vi /etc/proxychains.conf <--- Make sure that last line of the file is: ocks4 127.0.0.1 9050
----------------------------------------------------------------------
vi ~/toolz/fix-proxychains-dns.sh
#!/bin/bash
# This script is called by proxychains to resolve DNS names
# DNS server used to resolve names
# Reference: https://ift.tt/17nkAO5
DNS_SERVER=4.2.2.2
if [ $# = 0 ] ; then
echo " usage:"
echo " proxyresolv <hostname> "
exit
fi
export LD_PRELOAD=libproxychains.so.3
dig $1 @$DNS_SERVER +tcp | awk '/A.+[0-9]+\.[0-9]+\.[0-9]/{print $5;}'
-----------------------------------------------------------------------
sudo ntpdate pool.ntp.org
tor-resolve strategicsec.com
proxychains nmap -sT -p80 204.244.123.113
proxychains nmap -sT -PN -n -sV -p 21,22,23,25,80,110,139,443,445,1433,1521,3306,3389,8080,10000 204.244.123.113
from BITCOIN NEWS https://ift.tt/2oSqPZV
via Bitcoin News Update
Sunday, September 9, 2018
pentester_academy_external_security_testing__part_1
Date - September 09, 2018
Bitcoin News
Share this
Related Articles :
Paling Dilihat
-
from BITCOIN NEWS http://bit.ly/2BAgGb6 via Bitcoin News Update
-
This is a paid press release, which contains forward looking statements, and should be treated as advertising or promotional material. Bitco...
-
A Canadian online drug dealer, snared by an undercover police agent on the dark web, is pleading to be allowed to keep half of the 288 bitc...