Dear PenTest Readers,
We would like to present to you our newest issue, Notorious Netcat! This time we don’t have a main theme, instead we gathered amazing articles on various topics. We hope you’ll find them interesting and that you will have time to read them all.
We will start with answering an important question, what’s the difference between Vulnerability Assessment and Penetration Testing? You will learn more about both approaches, their differences and similarities. Next, we will read about an open source tool called dnscat2 and its capabilities. In another article, you will be provided with high-level tutorial about Netcat, which is one of the most important tools in a pentester’s toolbox. It this edition we will also take a closer look at WPScan, a well known vulnerability scanner, from a penetration tester approach. In the second part of the magazine you will learn how hackers chain vulnerabilities and make use of multiple web bugs to double the impact of their findings, find out if HTTPS is truly a secure solution, and learn more about SQL injection. Finally, an article about PHP will explain how command injection can be achieved through PHP object injection, and in the last article of the mag you can read about Buffer Overflow and how you can use it to take control of an operating system.
We want to thank you for all your support. We appreciate it a lot. If you like this publication you can share it and tell your friends about it! Every comment means a lot to us.
Enjoy your reading,
Table of contents
Vulnerability Assessment VS Penetration Testing
by Prashant BS
A vulnerability assessment answers the question: “What are our weaknesses and how do we fix them?” Penetration testing simply answers the question:“Can someone break-in and attain a specific thing?” Because of the approach differences, a vulnerability assessment is going to yield much more value for most companies than a penetration test.
Data Exfiltration via Encrypted DNS Tunnel using dnscat2
by Sheikh Rizan
The dnscat2 tool was written by Ron Bowes. It is an open source tool freely available on github. According to the author, it was written to route all traffic via DNS (Domain Name Service) in encrypted fashion. It was designed to evade Firewall and IPS/IDS systems and it is generally used as a pentest tool. This article will examine the install and configuration of dnscat2. I will also examine its network traffic to give you an understanding of how its data is encrypted.
by Prasenjit Kanti Paul
If you are a penetration tester, then Netcat is one of the most used tools of yours. For over 20 years, this tiny but powerful tool has been used by hackers for a wide-range of activities. It’s so powerful and useful, that many people within the hacking community refer to it as the “Swiss Army knife of hacking tools.”
Pentesting with WPScan
by Junior Carreiro
WordPress is today the largest blogging platform and website used on the internet and by being the largest, or being among the largest, it’s always the target of crackers. To help Penetration Testers and developers keep their applications secure, a team of researchers developed the WPScan.
Bypassing HTTPS protection, is it possible?
by Ankit Rai
Many application owners think of HTTPS as a complete security solution for their data in motion and be worry free after enabling HTTPS using a commercial SSL certificate; but they do not consider the fact that it is possible to bypass HTTPS security and gain access to their data moving from client to server, if they would not take other precautions required in addition to https. This article would focus on such precautions required and their impacts.
Before diving deep, this article will cover the required basics.
Multi-step, chained attacks making use of multiple vulnerabilities for web exploitation
by Eslam Mohamed Reda
Ever found trivial bugs in a web application that later turned out to be one step closer to a serious vulnerability? That’s exactly what I’m writing this, to show how hackers chain vulnerabilities and make use of multiple web bugs to double the impact of their findings. We will take a look at simple chained bugs and move to advanced ones to explore some critical multi-step attacks that were exploited and disclosed by some hackers.
PHP Object Injection
by Venkatesh Sivakumar (Pranav Venkat)
This article explains how command injection can be achieved through PHP object injection. For practical purposes, this article covers how to exploit PHP objection injection in a sample app and Xtreme Vulnerable Web Application (XVWA) hosted in Linux machine. At last it covers how to get access to the system shell via PHP objection injection.
SQL Injection Techniques for Web Application Testing
by Cory Miller
The Open Web Application Security Project (OWASP) releases the top ten vulnerabilities found in web applications every year. Some of the items on the list are, Cross-Site Scripting (XSS), SQL Injections, and Cross-Site Forgery(CSRF). These vulnerabilities continue to plague our web applications today. Applications often store user data and business information in a backend database. When an application is used in a way it was not intended to be, it could potentially allow an attacker to gain access to its database. As a penetration tester, it is important to understand how the web application communicates back to the database and what techniques can be used to test if it’s susceptible to a SQL injection attack.
Buffer Overflow: Taking control of an operating system
by Mohammad Ariful Islam
Buffer overflow is basically an application coding mistake that can lead to the crash of the program and sometimes it allows the ability to run arbitrary code into the operating system. Successful exploitation of this vulnerability could allow an attacker to gain access to the system.
Cybersecurity is first and foremost an exciting place for people who love problems and who like their scenery to change.
Interview with Stephen Brennan about cybersecurity and its role in our lives.
Making mistakes and learning from them is part of the hacking learning curve
Interview with Luis Ramírez about cybersecurity and its role in our lives.