Targets in a Pentest Lab
Problems with Learning to Hack
No legitimate targets online to practice against.
it is impossible for a person to create a pentest scenario that they can learn from
The only way to learn is to practice against scenarios created by others
Real-World Scenarios
Learning to hack using real-world servers is risky
Production labs are expensive and availability to the labs is often limited
unless you have the money to throw at the problem, you will need to develop a personal lab
Turn-Key Scenarios
The disadvantage to turn-key pentest scenarios is that they only imitate real-world servers but may not do so faithfully
Despite the disadvantages, turn-key scenarios are the preferred method to learning how to conduct a penetration test.
What Is a LiveCD?
De-ICE
LiveCDs are real servers that contain real-world challenges
Available since January 2007
The challenge is to discover what applications are misconfigured or exploitable and to obtain unauthorized access to the root account
A list of possible vulnerabilities
Bad/weak passwords
Unnecessary services
ftp
telnet
rlogin
Unpatched services
Too much information available (contact info, and so forth)
Poor system configuration
Poor/no encryption methodology
Elevated user privileges
No Internet Protocol (IP) Security filtering
Incorrect firewall rules (plug in and forget?)
Clear-text passwords
Username/password embedded in software
No alarm monitoring
Well-known exploits are not included in the De-ICE challenges
Hackerdemia
designed to be a training platform where various hacker tools could be used and learned
Developed on the Slax Linux
Open Web Application (OWASP)
www.owasp.org
One of the OWASP projects is WebGoat
categories of Web-based attack vectors within WebGoat
Code quality
Unvalidated parameters
Broken access control
Broken authentication and session management
Cross-site scripting (XSS)
Buffer overflows
Injection flaws
Insecure storage
Denial of service (DoS)
Insecure configuration management
Web services
AJAX security