Archive for category pentest

Quickly assess your PHP infrastructure security: PHPSecInfo

From their homepage: PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

Combine this tool with my  ‘Assault on PHP Applications’ blog entry and this recent ‘Web Security‘ article and you’ll be a fairly competent web pen-tester.

Pen Testing 101 Presentation

PaulDotCom has an excellent penetration testing presentation covering your primary 6 tools: nmap, nessus, hydra, pass-the-hash, metasploit, and cain & abel.  Check it out here: http://pauldotcom.com/TriplePlay-NetworkPenTestingTools.pdf

Successfully running De-Ice on a virtual machine….

I’ve seen several folks wondering how to setup the De-Ice pentest environments in a virtual machine.  It’s actually a fairly simple setup and I’ve included the steps needed below….

Here’s the config I used to get level 1(1.100) working:

  1. Configure the De-Ice VM Guest for Host Only networking
  2. Modify routing on host VM: “ifconfig 192.168.1.X vboxnet0” — X can be anything that’s not in use; vboxnet0 would be the name of the virtual interface – in this case I’m using Virtual Box.
  3. Modify host routing table: route -add host 192.168.1.100 vboxnet0 — – this is biggest problem for people; make sure your host is using the correct interface to find De-Ice

Here’s the config I used to get level 2 (2.100) working:

  1. Configure the De-Ice VM Guest for Host Only networking
  2. Modify routing on host VM: ifconfig 192.168.2.X vboxnet0
  3. Modify host routing table: route -add host 192.168.2.100 vboxnet0

Penentration Test Scenario’s

I’ve recently been trying to teach my young cousin the basics of computer security.  I started by having him get the Backtrack live-cd which is geared for penetration testing.

Once you have Backtrack running you need a dummy machine to test against.  People have packaged live-cd’s and virtual machines that are running some combination of the following:

  • Unpatched operating systems (Win XP SP1)
  • Unpatched applications (httpd, ftpd, etc)

You can find these ready to be exploited packages here:

Old softwares with bugs:
https://www.securinfos.info/old_softwares_vulnerable.php

Do you have an old disc of Windows 9x or Redhat 6.2 lying around?

  1. Install VirtualBox
  2. Create your own virtual machine with those old OS discs that are now collecting dust

Have fun & remember to keep this limited to dummy machines :-)