|Preview: Penetration Testing in Linux|
Dear PenTest Readers,
We would like to proudly present you the newest issue of PenTest. We hope that you will find many interesting articles inside the magazine and that you will have time to read all of them.
We are really counting on your feedback here!
In this issue we discuss the tools and methods that you can find useful while doing penetration tests in Linux system. We will show you tools specifically for wireless assessments and show you how to crack WPA/WPA2-PSK via Pixie-dust attack. You will find articles about looking for vulnerabilities in Cloud base Security Providers framework, using USB Rubber Ducky with Simple Ducky Payload Generator and many more.
Enjoy your reading,
Anna Kondzierska & PenTest Team
Table of Contents
Wireless Penetration Testing Tools for Linux
by Gerard Johansen
Wireless networks permeate all facets of how we interface with technology. From accessing the internet at our favorite coffee shop, to countless conference rooms in the business world to our own homes, we are constantly interfacing with wireless networks. Adding to this ubiquity is the rapidly approaching Internet of Things. This explosion in wireless networking has made it easier for people to communicate and control those devices that make everyday tasks more efficient. Underneath this increased functionality are some glaring vulnerabilities. Credentials passed in clear text, users connecting to a fake access point, or brute force attacks that are able to identify the wireless password all represent a significant risk.
Linux Penetration Testing
by Mayur Agnihotri
The Internet has become fraught with danger in the last few years, bad guys (cyber-criminals) try to damage, intercept, steal, or alter your data. Linux is so popular because it is a robust OS, and has many advanced security features. Linux is the preferred OS for those who demand secure networks; however, because Linux is open source, vulnerabilities can be easily exploited for malicious intent. If you used Linux host on the Internet you may hold a different point of view though. To check what services are currently running on your Linux system.
Kali Linux Rubber Ducky
by Sam Vega
In this edition of Pentest Magazine, I decided to write my article on Kali, USB Rubber Ducky, and the Simple Ducky Payload Generator. I will take it a step further by utilizing msfvenom to create a custom exe to spawn a reverse shell and use a custom ducky script to deliver the payload. Why write an article on this topic? A few weeks back, I was surfing Pluralsight and I stumbled upon a video by Troy Hunt and USB Rubber Ducky. He was discussing possible payloads that can be delivered through the evil HID. As of late, I have been pondering on ways to educate SMBs on different techniques a simple payload can be executed in order to infiltrate their business undetected.
What is hardering? And why i need it?
by Junior Carreiro
There are various methods for performing hardening of a system. These methods can range from a door that closes the Firewall, even disabling certain information that a web server may expose to the internet. We need to use a hardening process to ensure that our environmental safety is at a maximum; this because it greatly reduces the risk of having an exposure to breaches. However, we always have to remember to keep a good level of adjustments between security, functionality, and usability.
Netcat with – Hacking Backdoors
by Dhamu Harker
I will cover some of the uses of netcat, known as the “TCP/IP Swiss army knife”. Netcat is a very powerful and versatile tool that can be used in diagnosing network problems or in penetration testing.
Cracking WPA2 via Pixie dust attack
by Jose Rodriguez
In this article, a technique known as a pixie-dust attack will be demonstrated, where an attacker could, in a relatively short amount of time crack the WPA/2 PSK. The attack consist of cracking the WPS PIN by attempting to associate it with the access point, and getting cryptographic information to later crack the PSK, and gain access.
Linux Security – Best practise
by Ragul Balakrishan
Due to the increased reliance on powerful networked computers to help run businesses and keep track of our personal information, entire industries have been formed around the practice of networking and computer security. Enterprises have solicited the knowledge and skills of security experts to properly audit systems and tailor solutions to fit the operating requirements of their organizations.
Weak points MDDoS protection
by Tomasz Krupa
DDoS attacks have become increasingly powerful over the last few years. Around one and a half years ago (early 2014), security holes in NTP protocol (Network Time Protocol) have been exploited in order to conduct amplification attacks of previously unseen magnitude.
Mass Distributed Denial of Service has also become very popular- mostly due to ease of execution (Read: does not take much imagination), availability of tools (for a few dollars tools such as booters or stressers can perform attacks), and finally, widespread botnets networks.