Devices - Penetration Testing Like a Hacker. - SecNiche Security Labs

More documents

Recommendations

Info

HOW-TOFigure 4. Offsec Exploit Archive Searchinjection vulnerability. Thus, SQL injection plays animportant part in any pen testing routine.SQL Inject Me 0.4.5: This add-on comes from aleading information security firm-<strong>Security</strong> Compass.This add-on will test a website for SQL injectionvulnerabilities by substituting HTML form values withcrafted database escape strings that are used in anSQL injection attack. Although this extension will nottry to expose the security of a website, it’ll look fordatabase error messages in the page. Hence, just like aweb vulnerability scanner, this extension will enumeratethe possible entry points without intruding into thesystem. (Add-on Link: https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/).• To use this add-on you need to go to Tools > SQLInject ME > Open SQL Inject Me Sidebar.• Once you’re at a login page or on a HTML form,you can test this add-on by clicking the ‘Test allforms with all attacks’ buttons in the sidebar to testthat particular page (see Figure 5).Cross-site scriptingCross-site scripting (XSS): XSS vulnerability is usuallyfound in web applications. In this attack, a malicioususer crafts a URL of a vulnerable website in such a waythat when the malicious code is executed then client’ssession cookie is sent to the malicious user. This enableshim to steal sensitive information from client’s account.The crafted malicious link can easily embedded a HTMLdocument inside a frame using inline HTML frame tagFigure 6. XSS Me Test Results…. Recently websites like Bing.com(MAPS), Google Appspot, Forbes, EC Council andSamba Web Administration Tool (SWAT) were exposedof the XSS vulnerability.XSS Me 0.4.4: This tool works in the same way asSQL Inject Me. This add-on detects reflected XSSvulnerabilities and points out the possible entry pointsfor an attack. This add-on shows the resulting HTMLpage as vulnerable only when JavaScript value (document.vulnerable=true). XSS Me comes from SecCom <strong>Labs</strong>.(Add-on Link: https://addons.mozilla.org/en-US/firefox/addon/xss-me/).Access VulnerabilityAccess Vulnerability: Web servers can sometimes beaffected by file access vulnerability where a malicioususer uses a mere web browser to get unauthorizedaccess to the files stored on the server. This vulnerabilitydoesn’t allow the malicious user to delete, modify orcreate a file; the user can only read or copy the file fromthe computer. The malicious user gets access to thefile by specifically requesting its name by using a nonstandardURL for bypassing the file access controls ofthe server.Access Me 0.2.4: Web applications affected by accessvulnerability are tested with four different methods.File access requests are sent by using sessionFigure 5. Offsec Exploit Archive SearchFigure 7. Access Me Test Summary05/2011 (5) SeptemberPage 44http://pentestmag.com
Figure 8. User Agent Switcher Menuremoved method, HTTP HEAD verb (retrieve whateverinformation in the form of an entity without returning amessage-body in the response), SECCOM verb, and acombination of session and HEAD/SECCOM. (Add-onLink: https://addons.mozilla.org/en-US/firefox/addon/access-me/).User AgentUser Agent: User agentis basically a clientside application likeweb browser or searchengine crawlers. Useragents strings store information like type of application,OS, and software version. This user agent string isdetected by websites for adjusting the page designlayout. Hence, user agent spoofing is done by webscrapers and spam bots for forcing certain server sidecontents to show up by hiding the browser’s identity. Forexample, Android browser uses HTML rendering engine– WebKit (KHTML) and so Android browser pretends tobe Safari.User Agent Switcher 0.7.3: This add-on by ChrisPederick helps change your browser’s user agent stringto Internet Explorer, Search Robots (Googlebot 2.1,Msnbot 1.1, and Yahoo Slup) or iPhone 3.0. To accessUser Agent Switcher go to Tools > Default User Agent.(Add-on Link: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/).HackbarHackbar: Hackbar 1.6.1 is a simple but powerfulpenetration and security audit tool. Basically you put alink in the hackbar and then you have to select varioussuitable options from the drop down menu and thenFigure 10. Tamper Data Log Windowjust execute the edited URL. Hackbar is capable ofencrypting a text or link to its MD5, SHA-1, SHA-256or ROT13 hash format. Hackbar also has an encoderdecoderwhich can perform Base64/URL/HEX encodingand decoding. SQL and XSS options of this add-on willhelp you add statements into your URL, like for exampleclicking on Union Select Statement under SQL will givethe output: UNION SELECT 1,2,3,4,5,6,7,8,9,10. Theother amusing uses are viz., string reverse, insertion ofLorem Ipsum text, fibonacci series and more. (Add-onLink: https://addons.mozilla.org/en-US/firefox/addon/hackbar/).Tamper DataTamper Data 11.0.1: Tamper data can effectively beused for testing web based applications. This add-onwill allow you to intercept the HTTP(S) traffic betweenyour computer and the Internet. You can track andmodify HTTP(S) headers, POST and GET requestparameters. (Add-on Link: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/).• Once you install Tamper Data, go to Tools >Tamper Data. This will open a log window. ClickStart Tamper from the top menu to start tamperingwith the HTTP(S) requests. The log will startshowing you all the subsequent requests after youstart tampering. To see details of a request youneed to select the item and double click it to seedetails of a request header.Figure 9. HackbarFigure 11. Tamper with request05/2011 (5) SeptemberPage 45http://pentestmag.com
Page 2 and 3: EDITOR’S NOTE05/2011 (05)Editor:
Page 4 and 5: POINT OF VIEWIsn’t Social Enginee
Page 6 and 7: POINT OF VIEWTrust Pentesting Team.
Page 8 and 9: FOCUSBreaking Downthe i* {Devices}P
Page 10: FOCUSListing 1. IPhone applications
Page 19 and 20: AndroidManifest.xml. An important p
Page 21 and 22: Smartphone running the version of A
Page 23 and 24: Simplied User ExperienceThe user in
Page 26 and 27: FOCUSAttacking the MobileInfrastruc
Page 28 and 29: FOCUSAt any rate, I think these ent
Page 30 and 31: FOCUSToneLoc and LoadUseful For a P
Page 32 and 33: FOCUSoperate in a degraded state; f
Page 34 and 35: FOCUSInside AndroidApplicationsBy t
Page 36 and 37: (NEW) STANDARDSNew PenetrationTesti
Page 38 and 39: (NEW) STANDARDSof Hatforce. Before
Page 40: (NEW) STANDARDSReferences• [1] So
Page 43: name, IP address and server locatio
Page 47: Say Hello toRed TeamTesng!Security

Devices - Penetration Testing Like a Hacker. - SecNiche Security Labs

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?