Hi. I’m Prateek Gianchandani.
Om Mani Padme Hum
In the previous articles in this series, we looked at all the plugins available in w3af and looked at their applications in different scenarios. In this article, we will look at some of the other tools present in w3af which allow us to send Manual Requests, perform Fuzzing, Encode and Decode requests and responses, use a Proxy to intercept and modify requests and responses, and allow us to perform a comparison between different HTTP requests and responses. We will also look at how we can write our own w3af scripts to automate the task of Web Application Penetration Testing. We will then look at the various profiles present in w3af.
Read on →
In the previous article w3af walkthrough and tutorial part 2 - Discovery and Audit plugins we looked at the various discovery and audit plugins used by w3af to identify vulnerabilities in a web application. We also looked at how we can exploit these vulnerabilities by using the exploit plugins present in w3af. In this article, we will look at the remaining plugins present in w3af which are bruteforce, grep, mangle, output, auth and evasion plugins and look at their applications in web application penetration testing.
Read on →
In the previous article w3af walkthrough and tutorial Part 1 we looked at how to use the w3af console. We also learnt about the different plugins in w3af and how they interact with each other to perform various tasks. In this article we will look at how to use the discovery and audit plugins in w3af to perform a vulnerability scan of the web applications and consequently exploit the vulnerabilities present. We will also look at the various techniques used by w3af to identify these vulnerabilities. In this article we will be working with the w3af GUI version.
Read on →
w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the features that w3af has to offer and discuss how to use them for Web application Penetration testing. In the first part of this series we will be working with w3af console and getting ourselves familiar with the commands. We will also be looking at the different types of plugins that w3af has to offer and discuss how to use them for optimal performance.
Read on →
Topics related to Internet censorship have been over much debate in the last few years. The main purpose of such
internet censorship acts is to deny access to certain information on the internet. This information can be censored
throughout the world, or in some cases could be limited to certain countries. Some countries even have their own censorship
policies. One of the many examples of such acts is the very famous SOPA (Stop Online Piracy Act), which had provisions to protect the
publication of copyright intellectual property on the internet. There are many ways to censor information on the
internet like IP address blocking, DNS Filtering, URL Filtering etc.
Read on →
Anonymous systems are used to allow users to surf the web, communicate with servers anonymously. Some of the popular Anonymity service providers are TOR, GTunnel etc. The basic idea is to hide the identity of the user. However it is important to ensure that the efficiency of the anonymous system in not decreased in the process which could depend on numerous factors like latency, degree of anonymity etc. The communication between the sender and the receiver happens through a set of routers, often referred to as a mix or node, whose job is to hide the relation between the incoming and the outgoing packets through it by using various techniques like using encryption, adding delays, adding cover traffic etc. In Timing analysis attacks we assume that the attacker has access to a particular set of mixes, i.e the attacker is a part of the network.
Read on →
In the first part of this article we looked at some of the common authentication types used in Web Applications these days and discussed their pros and cons. In this article we take it one step further and discuss some of the advanced authentication methods used these days. We will also discuss the various techniques for bypassing web based authentication, and discuss the steps needed to avoid such kinds of vulnerabilities.
Read on →
Authentication is the process of validating something as authentic. When a client makes a request to a web server for accessing a resource, sometimes the web server has to verify the user’s identity. For that the user will have to supply some credentials and the web server validates it. All subsequent decisions are then taken on the basis of the credentials supplied by the client. This process is called Authentication. Once the user is authenticated, the web server sets up the appropriate permissions for the user on it’s resources. Whenever the user tries to access a resource, the server will check if the user has appropriate permissions to access the resource or not. This process is called Authorization.In this article we will look at some of the common types of authentication used these days, discuss the vulnerabilities in them, and then move on to some attacks against these authentication types.
Read on →
Wireless networks have become very common in today’s world, people are used to be connected to wireless networks in office, home, coffee shops etc. In order to facilitate the process of connecting to the wireless network, most of the operating systems often remember the previous networks connected to (often stored in Preferred Networks List) and send continuous probes looking for these networks. Once the network is found, the system automatically connects to the network. If more than one of the probed networks is found, it connects to the network with the highest signal strength (though it may vary sometimes on the operating system used).Since these clients send continuous probes, any hacker within the radio frequency range can listen passively and see the networks the client is probing for. Because of the vulnerabilities in the implementation of the algorithms for connecting to previous networks, it is possible for an attacker to set up a custom station (Access point) and have the victim connect to it. Once the victim is connected to the Fake AP the attacker has IP-level connectivity to the victim and can launch a bunch of attacks against the victim.
Read on →
This article will talk about the maintaining access step in a penetration test. After an attacker has broken into the system and got access, escalated privileges etc, it is important for him to maintain his authority on the system so that he can access it at a later time. The exploited system could be a web server (directly accessible from the internet), or a system running inside a network with NAT, hence not directly accessible from the internet. The system could also be running in a network with a firewall that monitors incoming and outgoing packets, having filters set for different types of packets, protocols etc. There could be a number of different scenarios, and it is important from the attacker’s perspective to maintain his access on the compromised host. In this article we will discuss all these cases, take up different real world scenarios and see all the different methods of bypassing those restrictions.
Read on →
DNS is a naming system for computers that converts human readable domain names e.g. (infosecinstitute.com) into computer readable Ip-addresses. However some security vulnerabilites exist due to misconfigured DNS nameservers that can lead to information disclosure about the domain. This forms an important step of the Information stage during a Penetration test or Vulnerability assessment. In this article we will look at the following areas..
- DNS Basics
- Resource records and the Zone file
- DNS Lookup and Reverse DNS Lookup
- Understanding Wildcard Entries
- DNS Zone transfer
- DNS Bruteforcing
Read on →