*Book Review, Penetration Testing with BackBox: Stefan Umit Uygur (Author)

Chapter 3 : Vulnerability Assessment and Management

Backbox’s OpenVAS isn’t working for some reasons, so i use Kali linux for vulnerability assessment practice with OpenVAS. I set up OpenVAS following this instruduction, http://www.hackingtutorials.org/scanning-tutorials/installing-openvas-kali-linux/. If you haven’t added new user, the default will be ‘admin’ and password will be the long characters and numbers that showed up on ‘openvas-setup’

01.png02

Based on the OpenVAS scanning result, you can see  the severity and search more vulnerability on CVE or NIST or other reference. Sometimes the results are false positive, so you can try to exploit that false positive vulnerability and see whether it’s working as a legitimate vulnerability or not.

Chapter 4 : Exploitations

Once we learned how to gather information and vulnerability of target system from information gathering and vulnerability assessment steps (sniffing, scanning). Next step is exploitation, which means you will use this information (vulnerabilities) ,that we found earlier, to manipulate /exploit the target. There are various different ways when it comes to attack/exploit like SQL injection, XSS attack, DDoS, fuzzing etc. In this chapter, the author described ‘SQL injection’.

SQL injection is inserting SQL query as a input data from the client(attacker) to the application. I assume lot of people is familiar inputting (ID: ‘or 1=1– and PW :anything ) as a SQL query.

For testing enviroment, I download and upznip DVWA-master from www.dvwa.co.uk/ and turn on apache2 and Mysql service after deleting password on config.inc.php file.

03

This VM ware’s IP(Victim) is ‘192.168.247.131’ and I test whether the apache is running well by typing localhost and localhost/DVWA-master/. (sometimes you need to unzip DVWA-master file on /var/www or /var/www/html , it depends on which Kali or OS version you are using)

Once the victim environment is setup, you can go to Backbox vm(attacker) and start sqlmap on terminal. Since the DVWA website is requesting for authentication, you might want to capture the login cookie value with burp suite or cookies manager and put the PHPSESSID value with sqlmap command.

“sqlmap -u “http://192.168.247.131/DVWA-master/vulnerabilities/sqli/?id=1&Submit=Submit#” –cookie=”security=low; PHPSESSID=gc9747lh3krqd65554vnjj85e5″ –string=”Surname” –dbs”

04.png05.png

*Book Review, Penetration Testing with BackBox: Stefan Umit Uygur (Author)

Advertisements