Web Penetration Testing. Radhi ShatobЧитать онлайн книгу.
The Kali Linux Virtual box 64-bit ova file is a readymade Virtual Machine, after finishing the downloading the file:
Right click the .ova file and open with Virtual box.
Setup name for the new Kali and the CPU, RAM then click import.
Depending in your host RAM give the Kali VM RAM, for example if your host max RAM is 8G , then give Kali 4G and if your host is 16G then give Kali 8G which the recommended configuration to run Kali smoothly without problems.
Note: Those who are familiar with previous versions of Kali Linux will find Kali version 2020 is different as no more default root access and sudo command must be used to run any privileged commands.
Start the new Kali Machine and login as
User: kali
Password: kali
Update Kali machine
Open Terminal and type #sudo apt-get update#sudo apt-get upgrade (depending on the internet speed the upgrade may take long time to finish)Metasploitable Linux Virtual Machine
Metasploitable is a vulnerable Linux distro made by Rapid7. This OS contains several vulnerabilities. It is designed for penetration testers to try and hack. Rapid 7 offer this software for free for the Penetration testers community. They just need to register with Rapid 7 and then download the Metasplotable virtual machine. This is going to be one of the victims machines that we will try to hack.
You can download Metasploitable from the following link: https://information.rapid7.com/metasploitable-download.html
to install Metasploitable in Virtual Box
In Virtual BOX click on New
Give it a Name, Type= Linux, Version= Ubuntu 64k
Next and give it 512 M Ram or 1 G ram then Next
Choose “Use an existing virtual hard disk file “
Go to the Metasploitable file location and choose “.vmdk “ file
OWASP Broken Web Apps virtual machine
OWASP Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:
Learning about web application security
Testing manual assessment techniques
Testing automated tools
Testing source code analysis tools
Observing web attacks
Testing WAFs and similar code technologies
You can download OWASP Broken Web Apps VM from the following page https://sourceforge.net/projects/owaspbwa/files/1.2/
Download OWASP_Broken_Web_Apps_VM_1.2.ova
Right click the OWASP_Broken_Web_Apps_VM_1.2.ova and open with Virtual box then import the virtual machine.
Put the OWASP VM in the NAT network
Start the OWASP VM and login=root and password=owaspbwa
Go to Kali machine and open the web browser and enter the OWASP IP address in your LAB environment.
You should get the OWASP web page
Windows Virtual machines
The below procedures explain installation of different Windows virtual machine to use in penetration testing exercises. In this book we only need Windows 10 virtual machine. However, Microsoft made many of its operating systems available as virtual machines for testing purposes with 180 days license key.
We will also install a normal windows 10 machine as a victim, we will be running our attacks against this machine.
Microsoft has released several windows virtual machines that can be downloaded from the following link (make sure you select windows 10 stable and VirtualBox)
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms
download Win10.0va file
right click the file and choose open with Virtual box.
Agree on import setting
For Windows Server 2012 R download 180 days evaluation copy from Microsoft Site
Chapter 2: Introduction to Penetration Testing
What is a Penetration Testing (Pen-test)?
Penetration testing is the attack simulation on an IT system with the intention of finding security weaknesses to determine how the systems react to these attacks.
Wikipedia definition of Penetration testing “Pentest is an attack on computer system with the intention of finding security weaknesses, potentially gaining access to its functionality and Data”.
CISSP definition of Penetration testing “Pentest can determine how system react to an attack, whether or not systems defenses can be breached, and what information can be acquired from the system
Cyber Security Tests and Audits
In a Cyber security point of view, we can classify the cyber security tests and audits into three parts:
Security Audits: checklist of best practices.
Vulnerability Assessments: Identifying the security holes.
Penetration Tests.
Security Audits
Computer security audits is a manual or systematic measurable technical assessment and security audits that include:
Checking systems configuration for best practices.
Interviewing staff to determine the level of security awareness of the staff.
Reviewing application and operating systems access controls.
Analysis of physical access to the systems.
Security Audits should be performed with administrative privilege.
Security Audits best practice’s
Security Audits best practices can be found through the information security stranded and controls published by many organizations around the word, below a list of well-known information security organizations that published and keep updated information security best practices, controls, check lists and tools to help organizations accomplish best cyber defense.
Here is a list of some of these organization with links to their website to obtain security controls documents and tools as all these organization offer documents and tools for free except ISO which charge fee for their standard