The very first thing you need to do before you could pentest a website that is set up your own platform and install additional tools. Why we need to do that? Because everything has its own meaning.
For my penetration test, I used to have two different platforms. The first is Windows Virtual Machine, and another is Linux Box. Of course, we need to install all need tools and create snapshot that could help you revert at anytime. Believe me, that is lifesaver one day.
Here is some tools I recommended:
- Nexpose: http://www.rapid7.com/products/nexpose
- Nessus: http://www.tenable.com/products/nessus
There are industry standard vulnerable scanners.
- Burp Suite: http://portswigger.net/burp/
Web Application Scanner and Manual Web App Testing. For this tool, because that is paid tool so you can get OWASPs ZAP scanner (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) instead. This product also has the same features but it isn’t as good as Burp Suite, you know.
- IBM AppScan: http://www-03.ibm.com/software/products/en/appscan
HP Web Inspect: http://www8.hp.com/us/en/software-solutions/software.html?compURI=1341991
They are Automated Web Application Scanners. We can use it for enterprise web assessments.
Now, we will set up our visual machines. First, we start with Linux box. After all, I recommend you guys install Kali Linux for many reasons. To understand why you could search on the Internet about it.
You can download the Kali from http://www.kali.org/downloads/. The second thing, you need to download the VMware image (http://www.offensive-security.com/kali-llnux-vmware-arm-imagedownload/) and download VMPlayer/VirtualBox. After that, we have to config this environment by some following command.
- Update System
– apt-get update
– apt-get dist-upgrade
- Set up Metasploit
– service postgresql start
– service Metasploit start
- Turn on Logging for Metasploit
– echo “spool/root/msf_console.log” >/root/.msf4/msfconsole.rc
We save the log at root/msf_console.log. This option help us log every command and result from Metasploits CLI, it also help us do bulk attacks/queries or if our client need that logs.
- Install Discover Scripts ( or so-called Backtrack Scripts )
We use it for passive enumeration
- Install Smbexec
We use this tool to grab hashes out of the Domain Controller and reverse shells.
- Install Veil
Veil will be used to create python based Meterpreter executable.
- Install Windows Credential Editor (WCE) or Mimikatz
This will be used to pull passwords from memory.
- Download Custom Password Lists
We use password list for cracking hashes.
- Install BypassUAC
We will use it to bypass UAC in post exploitation sections.
- Install BeFF
That is for XSS attack.
- Install Fuzzing List ( SecLists )
We use it with Burp to fuzz parameters.
- Install some Firefox Addons
For example: Web Developer Add-on, Tamper Data, Foxy Proxy, User Agent Switcher.
- Install Peepingtom
This will take snapshots of webpages.
- Install Nmap Script
The banner-plus.nse will be used for quicker scanning and smarter identification.
- Install PowerSploit
We use it for post exploitation.
- Install Responder
To gain NTLM challenge/response hashes.
- Install Social Engineering Toolkit
This is use for social engineering campains.
The second thing we will config Windows Virtual Machine. With Windows, we install these tools below:
- Cain and Abel
Cain and Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
- Burp Suite Pro
- HxD (Hex Editor)
- Evade (Used for AV Evasion)
- Hyperion (Used for AV Evasion)
We use it for password recovery.
- Evil Foca
The tool is capable of carrying out various attacks such as:
- MITM over IPv4 networks with ARP Spoofing and DHCP ACK Injection.
- MITM on IPv6 networks with Neighbor Advertisement Spoofing, SLAAC attack, fake DHCPv6.
- DoS (Denial of Service) on IPv4 networks with ARP Spoofing.
- DoS (Denial of Service) on IPv6 networks with SLAAC DoS.
- DNS Hijacking.
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.
This is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests.
For this article, I think it is enough standard tools for us. We can use it to pentest any website but you need to keep it always up to date. In the next post, I will introduce you guys what is scan a network.