Penetration Testing Practice
Seminar
PA211 Advanced Topics of Cyber Security
October 18, 2022
Ádám Ruman, Jan Vykopal
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz1
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz2
Agenda
‒ Response to the Exit Ticket from Last Week
‒ Solution of Homework 1
‒ Tools for Penetration Testing
‒ Penetration Testing Practice in a Team
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz3
Exit tickets from last week
̶ Q: How should we have approached this website vulnerability finding?
̶ A: Optimally, choose a methodology (OWASP) and follow its steps. An
excellent checklist excel table can be found here.
̶ Q: Do pentesting tools entirely replace manual checks?
̶ A: Some tools are just convenience wrappers; thus, I would count using them
as manual checking. If you mean autonomous tools, those are not complete
replacements. They can cover much ground, find common vulnerabilities, and
exploit them – they are a great starting point.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz4
Solution of Homework 1
̶ Presented only in class.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz5
Goals of this seminar
̶ Do the actual penetration testing.
̶ Share your findings with your team members.
̶ Store your findings in a shared document.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz6
Penetration Testing Practice
Start your sandbox using steps from the last week.
Update from last week:
It seems that an older version of VirtualBox at nymfe was a root cause of
instable virtual machines in sandboxes. VirtualBox has been updated to a
newer version. Please report us any issues.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz7
Tools for Penetration Testing
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz9
Tooling Overview
̶ Network Scanning Tools
̶ WEB
̶ Recon
̶ Enumeration and Crawling
̶ Vulnerability Scanning
̶ Proxying
̶ MSF
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz10
Network Scanning Tools
̶ Nmap, RustScan
̶ To find open ports, identify services, and scan vulnerabilities.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz11
WEB – Browsers
̶ Browser developer tools are the most available and basic web
penetration testing tools.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz12
WEB – Technology Reconnaissance
̶ WhatWeb
̶ Wappalyzer
̶ For enumerating web technologies.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz13
WEB – Crawling and Enumeration
̶ Gather and follow linked pages.
̶ OWASP ZAP
̶ Burp Suite Pro
̶ Enumerating pages with brute-force or wordlists:
̶ Fuff, dirb, Dirbuster, gobuster, Nikto
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz14
WEB – Vulnerability Scanning
̶ Nikto
̶ Burp Suite Pro
̶ OWASP ZAP
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz15
WEB – Proxies
̶ Intercepts web data between your browser and the website.
̶ Allows changing data and headers – thus bypassing browser and client-side
limitations.
̶ Other convenience features – repeating, encoder/decoder, HTTP history
registry.
̶ Scriptability.
̶ Burp (Community or Pro), OWASP ZAP
‒ FoxyProxy
‒ Convenience tool that saves
you the trouble of setting up
and changing proxies.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz16
WEB – Proxies: Convenience
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz17
Metasploit Framework
̶ The “Swiss army knife” of penetration testing:
̶ Vulnerability scanners.
̶ Exploits.
̶ Payloads.
̶ Post-exploitation tools.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz18
Penetration Testing Practice
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz19
Your task for today
̶ Work in a team, and share what you find with other team members.
̶ Refresh the rules of engagements and scope of the test (see last week).
̶ Next week: Report your results, including homework.
̶ From now on, we are here for consultations till the end of the seminar.
̶ Take a break any time you need.
̶ Feel free to leave when you are done.
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz20
Scoping matters – real-life example
̶ Police Presidium hired 3rd party to run penetration testing on their systems.
̶ Ministry of Interior was unaware of these tests and accused the 3rd party of
intruding on their systems and manipulating data.
̶ Source: https://denikn.cz/986275/zadrzeni-sefa-cermatu-inspekce-resiprolomeni-systemu-ministerstva-vnitra/
(paywall, in Czech)
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz21
How was it today?
And what is your progress?
Please fill in an anonymous exit ticket:
https://muni.cz/go/pa211-22-06
PA211 Advanced Topics of Cyber Security – Cybersecurity Laboratory – cybersec.fi.muni.cz23