i Setting up a penetration testing environment – All things in moderation

Setting up a penetration testing environment

The very first thing you need to do before you could pentest a website that is set up your own platform and install additional tools. Why we need to do that? Because everything has its own meaning.

For my penetration test, I used to have two different platforms. The first is Windows Virtual Machine, and another is Linux Box. Of course, we need to install all need tools and create snapshot that could help you revert at anytime. Believe me, that is lifesaver one day.

Here is some tools I recommended:

  • Nexpose: http://www.rapid7.com/products/nexpose
  • Nessus: http://www.tenable.com/products/nessus
    There are industry standard vulnerable scanners.
  • Burp Suite: http://portswigger.net/burp/
    Web Application Scanner and Manual Web App Testing. For this tool, because that is paid tool so you can get OWASPs ZAP scanner (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) instead. This product also has the same features  but it isn’t as good as Burp Suite, you know.
  • IBM AppScan: http://www-03.ibm.com/software/products/en/appscan
    HP Web Inspect: http://www8.hp.com/us/en/software-solutions/software.html?compURI=1341991
    They are Automated Web Application Scanners. We can use it for enterprise web assessments.

Now, we will set up our visual machines. First, we start with Linux box. After all, I recommend you guys install Kali Linux for many reasons. To understand why you could search on the Internet about it.
You can download the Kali from http://www.kali.org/downloads/. The second thing, you need to  download the VMware image (http://www.offensive-security.com/kali-llnux-vmware-arm-imagedownload/) and download VMPlayer/VirtualBox. After that, we have to config this environment by some following command.

  1. Update System
    – apt-get update
    – apt-get dist-upgrade
  2. Set up Metasploit
    – service postgresql start
    – service Metasploit start
  3. Turn on Logging for Metasploit
    – echo “spool/root/msf_console.log” >/root/.msf4/msfconsole.rc
    We save the log at root/msf_console.log. This option help us log every command and result from Metasploits CLI, it also help us do bulk attacks/queries or if our client need that logs.
  4. Install Discover Scripts ( or so-called Backtrack Scripts )
    We use it for passive enumeration
  5. Install Smbexec
    We use this tool to grab hashes out of the Domain Controller and reverse shells.
  6. Install Veil
    Veil will be used to create python based Meterpreter executable.
  7. Install Windows Credential Editor (WCE) or Mimikatz
    This will be used to pull passwords from memory.
  8. Download Custom Password Lists
    We use password list for cracking hashes.
  9. Install BypassUAC
    We will use it to bypass UAC in post exploitation sections.
  10. Install BeFF
    That is for XSS attack.
  11. Install Fuzzing List ( SecLists )
    We use it with Burp to fuzz parameters.
  12. Install some Firefox Addons
    For example:  Web Developer Add-on, Tamper Data, Foxy Proxy, User Agent Switcher.
  13. Install Peepingtom
    This will take snapshots of webpages.
  14. Install Nmap Script
    The banner-plus.nse will be used for quicker scanning and smarter identification.
  15. Install PowerSploit
    We use it for post exploitation.
  16. Install Responder
    To gain NTLM challenge/response hashes.
  17. Install Social Engineering Toolkit
    This is use for social engineering campains.

The second thing we will config Windows Virtual Machine. With Windows, we install these tools below:

  1. Nexpose/Nessus
  2. Nmap
  3. Cain and Abel
    Cain and Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
  4. Burp Suite Pro
  5. HxD (Hex Editor)
  6. Evade (Used for AV Evasion)
  7. Hyperion (Used for AV Evasion)
  8. Metasploit
  9. oclHashcat
    We use it for password recovery.
  10. Evil Foca
    The tool is capable of carrying out various attacks such as:

    • MITM over IPv4 networks with ARP Spoofing and DHCP ACK Injection.
    • MITM on IPv6 networks with Neighbor Advertisement Spoofing, SLAAC attack, fake DHCPv6.
    • DoS (Denial of Service) on IPv4 networks with ARP Spoofing.
    • DoS (Denial of Service) on IPv6 networks with SLAAC DoS.
    • DNS Hijacking.
  11. Nishang
    Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.
  12. PowerSploit
    This is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests.

For this article, I think it is enough standard tools for us. We can use it to pentest any website but you need to keep it always up to date. In the next post, I will introduce you guys what is scan a network.

Leave a Reply