-->

Pentester_Academy_External_Security_Testing__Part_1

Pentester_Academy_External_Security_Testing__Part_1

############################################################
# Pentester Academy External Security Testing Walk-Through #
############################################################

##########
# VMWare #
##########
- For this workshop you'll involve the latest version of VMWare Workstation (Windows), Fusion (Mac), or Player.

- Influenza A virus subtype H5N1 30-day lawsuit of Workstation eleven tin move downloaded from here:
- https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/11_0

- Influenza A virus subtype H5N1 30-day lawsuit of Fusion seven tin move downloaded from here:
- https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_fusion/7_0

- The newest version of VMWare Player tin move downloaded from here:
- https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/7_0

- Although you lot tin instruct the VM to run inwards VirtualBox, I volition non move supporting this configuration for this class.


################################
# Download the virtual machine #
################################
https://s3.amazonaws.com/StrategicSec-VMs/Strategicsec-Ubuntu-VPN-163.zip
username: strategicsec
password: strategicsec


############################################
# Identifying External Security Mechanisms #
############################################

Performing an external penetration attempt out today is significantly harder than it was years ago.

There are hence many external safety mechanisms such every bit charge balancers, contrary proxies, intrusion prevention systems, together with spider web application firewalls.

Ok, let's produce this!

###########################
# Target IP Determination #
###########################
cd /home/strategicsec/toolz
perl blindcrawl.pl -d motorola.com

-- Take each IP address together with expect ip upwards here:
http://www.networksolutions.com/whois/index.jsp

cd /toolz/fierce2
tearing -dns motorola.com
cd ..

Zone Transfer fails on around domains, merely hither is an instance of 1 that works:
dig axfr heartinternet.co.uk  @ns.heartinternet.co.uk


cd /toolz/
./ipcrawl 148.87.1.1 148.87.1.254                (DNS forwards lookup against an IP range)


sudo nmap -sL 148.87.1.0-255
sudo nmap -sL 148.87.1.0-255 | grep oracle

###########################
# Load Balancer Detection #
###########################

Here are around options to purpose for identifying charge balancers:
    - http://toolbar.netcraft.com/site_report/
    - Firefox LiveHTTP Headers (https://addons.mozilla.org/en-Us/firefox/addon/live-http-headers/)

Here is an example:
http://toolbar.netcraft.com/site_report/?url=citigroup.com

We establish out that they are using a Citrix Netscaler Load Balancer.
192.193.103.222         Citrix Netscaler
192.193.219.58 


Here are around command-line options to purpose for identifying charge balancers:

dig google.com

cd /toolz
./lbd-0.1.sh motorola.com


halberd microsoft.com
halberd motorola.com
halberd oracle.com

##################################
# Intrusion Prevention Detection #
##################################


osstmm-afd -P HTTP -t www.strategicsec.com -v

truthful cat /etc/xinetd.d/ssltest

truthful cat /home/strategicsec/toolz/ssl_proxy.sh

service xinetd status

osstmm-afd -P HTTP -t 127.0.0.1 -p 8888 -v

****** If you lot are getting your IP blocked you lot tin purpose a service similar AceVPN to give you lot multiple IPs to launches your tests from. ******

######################################
# Web Application Firewall Detection #
######################################

cd /toolz/wafw00f
python wafw00f.py http://www.oracle.com
python wafw00f.py http://www.strategicsec.com


cd /toolz/
sudo nmap -p fourscore --script http-waf-detect.nse oracle.com

sudo nmap -p fourscore --script http-waf-detect.nse imperva.com

################################################
# third Party Scanning, together with scanning via proxies #
################################################

https://www.shodan.io

        Create a FREE trouble organisation human relationship together with login

        net:129.188.8.0/24

cd /home/strategicsec/toolz/
perl proxyfinder-0.3.pl multiproxy iii proxies.txt    <-- This takes a long fourth dimension to run, merely provides a practiced listing of proxies

sudo vi /etc/proxychains.conf                  <--- Make certain that concluding describe of the file is: ocks4  127.0.0.1 9050
----------------------------------------------------------------------
vi /toolz/fix-proxychains-dns.sh

#!/bin/bash
# This script is called past times proxychains to resolve DNS names
# DNS server used to resolve names
# Reference: http://carnal0wnage.attackresearch.com/2013/09/changing-proxychains-hardcoded-dns.html
DNS_SERVER=4.2.2.2

if [ $# = 0 ] ; then
echo " usage:"
echo " proxyresolv <hostname> "
exit
fi

export LD_PRELOAD=libproxychains.so.3
dig $1 @$DNS_SERVER +tcp | awk '/A.+[0-9]+\.[0-9]+\.[0-9]/{print $5;}'
-----------------------------------------------------------------------
sudo ntpdate pool.ntp.org

tor-resolve strategicsec.com

proxychains nmap -sT -p80 204.244.123.113

proxychains nmap -sT -PN -n -sV -p 21,22,23,25,80,110,139,443,445,1433,1521,3306,3389,8080,10000 204.244.123.113
Blogger
Disqus
Pilih Sistem Komentar

No comments

Advertiser