The answer usually goes like use metasploit / armitage and exploit vulnerable XP systems. This approach is incorrect. Not completely, since stuff that actually works is bound to be more interesting than boring theory, but it is definitely not gonna help you in the long run. To get into penetration testing and bug spotting you first need to know what you're looking for. Tools will only take you so far, personally I don't think you should automate your pentesting until you can do it manually. Now for the basic definitions of the terms related to penetration testing, here is the article you should be seeing this article which introduces you to basic penetration testing. Other than that, here are a few resources that you should see. While I'm condemning the method of directly moving on to using tools, ironically, that's what we are going to do from the next tutorial onward. So before we get started, here are a set of websites that you might want to check which will give you an idea of what manual work do the tools automate. This information will be valuable once you start Penetration Testing secure networks for big security firms. Automated tools are not gonna help there.
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
Cross-Site Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.
Testing for Local File Inclusion
File Inclusion vulnerability allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:
- Code execution on the web server
- Denial of Service (DoS)
- Sensitive Information Disclosure
Other useful links
And yeah, I promise the next post will be more interesting. :) And you'll be hacking your virtual vulnerable XP machine using Metasploit and do a lot of funny things with meterpreter payload.
Here's the link to the new post in which we hack a vulnerable XP machine using Metasploit. It will also get your hacking lab up and running.