Working with Linux CLI #2

Working with Linux Command Line Interface #2
https://msslinux.blogspot.com/2020/07/working-with-linux-cli-2.html

Login: student
 pass: ******

 [student@hostX Desktop]$ su
  Password: ******

 [root@hostX ~]# exit
 [student@hostX ~]$ exit

Linux Command Syntax/Pattern/structure:
===============================

Ideally every command has three parts. At first Command which is mandatory and last one is argument. Some commands works without arguments and for some commands arguments are mandatory. There is another part found for some commands tat is options.

  # command [optoin (-)] argument

 ex # ping -c 6 172.25.10.135   //'ping'(command) '-c 6'(option) '172.25.10.135' (argument)
    # date  //no option no argument
    # cal


[student@hostX Desktop]$ cd
[student@hostX ~]$ ls      ;list of files and dir.
[student@hostX ~]$ ls -l
[student@hostX ~]$ ls -li  ; Files and directory inode
[student@hostX ~]$ ls -la  ; details list with hidden files and dir
[student@hostX ~]$ ls -lh  ; human readable
[student@hostX ~]$ ls -laih ; all


here let's discus about different options of 'ls' command:

 -l = list  (to show long and details list as option)
 -i = inode (unique indexing number for every file)
 -a = all   (will show all files including hidden files of current directory )
 -h = human readble (will show file size in Kilo, Mega, Giga instead of bytes)


Continued in next post Working with Linux CLI #3

Working with Linux CLI #1

Working with Linux Command Line Interface #1
https://msslinux.blogspot.com/2020/07/working-with-linux-cli-1.html

Very Introductory orientation of Linux Command Line based on Red Hat Enterprise  Linux 8 (RHEL8). Throughout the series  of tutorial learner will get familiar with Linux CLI from zero to hero. No prior knowledge is required.


Linux Command Line Interface Orientation:
===============================
[student@hostX Desktop] $
[root@hostX    Desktop] #
  1         2               3         4

  1: user id
  2: host name
3: user's current location
4: user types (root: #, regular user: $)

Linux User's Types:
===============
 => root user: Administrator (#)
 => system user: service (mail/ftp/games/daemon)-cannot login
 => regular user: student, guest, sam,bob ($)


Working with Linux Shells & Terminal:
=============================
 User -> Keyboard -> Terminal/Application -> Shell -> Kernel -> Hardware
           Screen <- Terminal <- Shell <- Kernel <- Hardware

Which Shells are in use and which shells are available in current system:

[student@hostX Desktop] $ echo $SHELL
[student@hostX Desktop] $ chsh -l
 /bin/sh
 /bin/bash
 /usr/bin/sh
 /usr/bin/bash


Continued in next post Working with Linux CLI #2

WHAT IS FIRMWARE? AND WHAT IS KERNEL?

WHAT IS FIRMWARE? AND WHAT IS KERNEL?
https://msslinux.blogspot.com/2020/07/what-is-firmware-and-what-is-kernel.html
Firmware is software that typically exists on a microchip device. Your PC's BIOS is one example.
The simple (Basic Input Output System, BIOS) program that runs every time you turn on your PC scans/communicates with your CPU, RAM, video card, hard drives,
 floppy drives, USB controller, etc. Since the program is stored (and run) on a chip, it's called "firm"ware, whereas "soft"ware is loaded from
 a flexible source (a hard drive) and typically run on a general purpose processor (your computer's CPU).

A kernel is a (mid-level) piece of software that interfaces between applications and the PC's hardware.
 It's not as low-level as firmware (which often runs ON the hardware, itself); nor is it a high-level program like a user program (word processor,
spreadsheet app, browser, etc). Unlike firmware, the kernel is software, as it gets loaded into memory when a PC boots from
the hard drive (it's one of the first things to get loaded and executed).

Synchronize-time-with-ntp-in-linux

How to synchronize time with ntp Server  in linux:
https://msslinux.blogspot.com/2019/03/sync-with-ntp-server-linux.html

ntpdate ntp-server   // ntp-server -name or IP of NTP Server
AS example:

sudo ntpdate 1.ro.pool.ntp.org

You can check the NTP server status by following command:
sudo ntpdate -qu 1.ro.pool.ntp.org

The Network Time Protocol (NTP) is a protocol used to synchronize computer system clock automatically over a networks. The machine can have the system clock use Coordinated Universal Time (UTC) rather than local time.
The most common method to sync system time over a network in Linux desktops or servers is by executing the ntpdate command which can set your system time from an NTP time server. In this case, the ntpd daemon must be stopped on the machine where the ntpdate command is issued.

Note:
In most Linux systems, by default the ntpdate command is not installed . To install it, execute the following commands.

$ sudo apt-get install ntpdate    [On Debian/Ubuntu]
$ sudo yum  install ntpdate       [On CentOS/RHEL]
$ sudo dnf install ntpdate        [On Fedora 22+]

VAPT-7 (Test Cases)

Test Cases for VAPT:

https://msslinux.blogspot.com/2018/04/vapt-6-test-cases.html

Penetration testing sample test cases (test scenarios):

Remember this is not functional testing. In Pentest your goal is to find security holes in the system. Below are some generic test cases and not necessarily applicable for all applications.
1) Check if the web application is able to identify spam attacks on contact forms used on the website.
2) Proxy server – Check if network traffic is monitored by proxy appliances. Proxy server makes it difficult for hackers to get internal details of the network thus protecting the system from external attacks.
3) Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked. Many email clients come with inbuilt spam filters which need to be configured as per your needs. These configuration rules can be applied to email headers, subject or body.
4) Firewall – Make sure entire network or computers are protected with Firewall. A Firewall can be a software or hardware to block unauthorized access to a system. A Firewall can prevent sending data outside the network without your permission.
5) Try to exploit all servers, desktop systems, printers and network devices.
6) Verify that all usernames and passwords are encrypted and transferred over secured connection like https.
7) Verify information stored in website cookies. It should not be in readable format.
8) Verify previously found vulnerabilities to check if the fix is working.
9) Verify if there is no open port in the network.
11) Verify all telephone devices.
12) Verify WIFI network security.
13) Verify all HTTP methods. PUT and Delete methods should not be enabled on a web server.
14) Verify if the password meets the required standards. The password should be at least 8 characters long containing at least one number and one special character.
15) Username should not be like “admin” or “administrator”.
16) Application login page should be locked upon few unsuccessful login attempts.
17) Error messages should be generic and should not mention specific error details like “Invalid username” or “Invalid password”.
19) Verify if special characters, HTML tags and scripts are handled properly as an input value.
20) Internal system details should not be revealed in any of the error or alert messages.
21) Custom error messages should be displayed to end user in case of web page crash.
22) Verify use of registry entries. Sensitive information should not be kept in the registry.
23) All files must be scanned before uploading to the server.
24) Sensitive data should not be passed in URLs while communicating with different internal modules of the web application.
25) There should not be any hardcoded username or password in the system.
26) Verify all input fields with long input string with and without spaces.
27) Verify if reset password functionality is secure.
28) Verify application for SQL Injection.
29) Verify application for Cross Site Scripting.
31) Important input validations should be done at server side instead of JavaScript checks at the client side.
32) Critical resources in the system should be available to authorized persons and services only.
33) All access logs should be maintained with proper access permissions.
34) Verify user session ends upon log off.
35) Verify that directory browsing is disabled on the server.
36) Verify that all applications and database versions are up to date.
37) Verify URL manipulation to check if a web application is not showing any unwanted information.
38) Verify memory leak and buffer overflow.
39) Verify if incoming network traffic is scanned to find Trojan attacks.
40) Verify if the system is safe from Brute Force Attacks – a trial and error method to find sensitive information like passwords.
41) Verify if system or network is secured from DoS (denial-of-service) attacks. Hacker can target network or a single computer with continuous requests due to which resources on target system gets overloaded resulting in the denial of service for legit requests.
42) Verify application for HTML script injection attacks.
43) Verify against COM & ActiveX attacks.
44) Verify against spoofing attacks. Spoofing can be of multiple types – IP address spoofing, Email ID spoofing, ARP spoofing, Referrer spoofing, Caller ID spoofing, Poisoning of file-sharing networks, GPS spoofing.
45) Check for uncontrolled format string attack – a security attack that can cause the application to crash or execute the harmful script on it.
46) Verify XML injection attack – used to alter the intended logic of the application.
47) Verify against canonicalization attacks.
48) Verify if the error pages are displaying any information that can be helpful for a hacker to enter into the system.
49) Verify if any critical data like the password is stored in secret files on the system.
50) Verify if the application is returning more data than it is required.
These are just the basic test scenarios to get started with Pentest. There are hundreds of advanced penetration methods which can be done either manually or with the help of automation tools.
Further reading:
Pen Testing Standards –

• PCI DSS (Payment Card Industry Data Security Standard)
• OWASP (Open Web Application Security Project)
• ISO/IEC 27002, OSSTMM (The Open Source Security Testing Methodology Manual)

Certifications –

• GPEN
• Associate Security Tester (AST)
• Senior Security Tester (SST)
• Certified Penetration Tester (CPT)

Finally, as a penetration tester, you should collect and log all vulnerabilities in the system. Don’t ignore any scenario considering that it won’t be executed by end users.
If you are a penetration tester, please help our readers with your experience, tips, and sample test cases on how to perform penetration testing effectively.

VAPT-6 (Web Application Security Testing)

Web Application Security Testing Techniques:

Introduction to Web App Security Testing:
Owing to the huge amount of data stored in web applications and increase in the number of transactions on the web, proper Security Testing of Web Applications is becoming very important day-by-day.
In this article, we will learn in detail about the key terms used in Website Security Testing and its testing approach. 

What is Security Testing?

Security Testing is the process which checks whether the confidential data stays confidential or not (i.e. it is not exposed to individuals/ entities for which it is not meant for) and the users can perform only those tasks that they are authorized to perform (E.g. a user should not be able to deny the functionality of the website to other users or a user should not be able to change the functionality of the web application in an unintended way etc).

Some Key Terms Used in Security Testing

Before we proceed further, it will be useful to familiarize ourselves with few terms that are frequently used in web application Security Testing:
What is “Vulnerability”?
This is the weakness in the web application. The cause of such “weakness” can be due to the bugs in the application, an injection (SQL/ script code) or the presence of viruses.
What is “URL Manipulation”?
Some web applications communicate additional information between the client (browser) and the server in the URL. Changing some information in the URL may sometimes lead to unintended behavior by the server and this termed as URL Manipulation.
What is “SQL injection”?
This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server.
What is “XSS (Cross Site Scripting)”?
When a user inserts HTML/ client-side script in the user interface of a web application, this insertion is visible to other users and it is termed as XSS.
What is “Spoofing”?
The creation of hoax look-alike websites or emails is called Spoofing.

Security Testing Approach

In order to perform a useful security test of a web application, the security tester should have good knowledge about the HTTP protocol.
It is important to have an understanding of how the client (browser) and the server communicate using HTTP.
Additionally, the tester should at least know the basics of SQL injection and XSS.
Hopefully, the number of security defects present in the web application will not be high. However, being capable of describing all the security defects accurately with all the required details will definitely help.
Here are some methods for Web Security testing:

#1. Password Cracking

The security testing on a web application can be kicked off by “password cracking”. In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same. List of common usernames and passwords are available along with open source password crackers. If the web application does not enforce a complex password (E.g. with alphabets, number and special characters or with at least a required number of characters), it may not take very long to crack the username and password.
If a username or password is stored in cookies without encrypting, an attacker can use different methods to steal the cookies and the information stored in the cookies like username and password.

#2. URL Manipulation through HTTP GET methods

A tester should check whether the application passes important information in the query string or not. This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed through the parameters in the query string. The tester can modify a parameter value in the query string to check if the server accepts it.
Via HTTP GET request user information is passed to the server for authentication or fetching data. The attacker can manipulate every input variable passed from this GET request to a server in order to get the required information or to corrupt the data. In such conditions, any unusual behavior by application or web server is the doorway for the attacker to get into an application.

#3. SQL Injection

The next factor that should be checked is SQL injection. Entering a single quote (‘) in any textbox should be rejected by the application. Instead, if the tester encounters a database error, it means that the user input is inserted in some query which is then executed by an application. In such a case, the application is vulnerable to SQL injection.
SQL injection attacks are very critical as an attacker can get vital information from the server database. To check SQL injection entry points into your web application, find out the code from your codebase where direct MySQL queries are executed on the database by accepting some user inputs.
If the user input data is crafted in SQL queries to query the database, an attacker can inject SQL statements or part of the SQL statements as user inputs to extract vital information from a database. Even if an attacker is successful to crash the application, from the SQL query error shown on a browser, the attacker can get the information they are looking for.
Special characters from user inputs should be handled/escaped properly in such cases.

#4. Cross Site Scripting (XSS)

A tester should additionally check the web application for XSS (Cross-site scripting). Any HTML E.g. <HTML> or any script E.g. <SCRIPT> should not be accepted by the application. If it is, then the application can be prone to an attack by Cross Site Scripting.
The attacker can use this method to execute malicious script or URL on the victim’s browser. Using cross-site scripting, an attacker can use scripts like JavaScript to steal user cookies and information stored in the cookies.
Many web applications get some useful information and pass this information in some variables from different pages.
E.g.: http://www.examplesite.com/index.php?userid=123&query=xyz
The attacker can easily pass some malicious input or <script> as a ‘&query’ parameter which can explore important user/server data on the browser.
Important: During Security testing, the tester should be very careful as not to modify any of the following:

•  Configuration of the application or the server
•  Services running on the server
•  Existing user or customer data hosted by the application

Additionally, a security test should be avoided in a production system.

Conclusion

The purpose of a security test is to discover the vulnerabilities of the web application so that the developers can remove these vulnerabilities from the application and make the web application and data safe from any unauthorized action.

VAPT-5 (Steps to Do)

Manual Penetration Test:

It’s difficult to find all vulnerabilities using automated tools. There are some vulnerabilities which can be identified by manual scan only. Penetration testers can perform better attacks on application based on their skills and knowledge of the system being penetrated. The methods like social engineering can be done by humans only. Manual checking includes design, business logic as well as code verification.
Penetration Test Process:
Let’s discuss the actual process followed by test agencies or penetration testers. Identifying vulnerabilities present in the system is the first important step in this process. Corrective action is taken on these vulnerability and same penetration tests are repeated until the system is negative to all those tests.

We can categorize this process in following methods:

1) Data collection: Various methods including Google search are used to get target system data. One can also use the web page source code analysis technique to get more info about the system, software and plugin versions. There are many free tools and services available in the market which can give you information like database or table names, DB versions, software versions, hardware used and various third-party plugins used in the target system.
2) Vulnerability Assessment: Based on the data collected in the first step one can find the security weakness in the target system. This helps penetration testers to launch attacks using identified entry points in the system.
3) Actual Exploit: This is a crucial step. It requires special skills and techniques to launch an attack on the target system. Experienced penetration testers can use their skills to launch an attack on the system.
4) Result analysis and report preparation: After completion of penetration tests detailed reports are prepared for taking corrective actions. All identified vulnerabilities and recommended corrective methods are listed in these reports. You can customize vulnerability report format (HTML, XML, MS Word or PDF) as per your organization needs.