|Preview Playing with web scanners 02 2017|
Dear PenTest Readers,
We would like to proudly present to you the newest issue of PenTest. We hope that you will find many interesting articles inside the magazine and that you will have time to read all of them.
We are really counting on your feedback here!
In this issue we will focus on web scanners. Step by step you will learn how to set up and detect vulnerabilities with following scanners: Vega, w3af, the ZAP Project, Acunetix, Burp Suite, Arachni and Nessus. Not only will you receive practical guides, but also you will learn the differences between those scanners, their advantages and disadvantages. Some authors wrote articles with basic content and instructions, while some of them went straight into hands-on examples, so no matter what your current level is you will find something interesting inside.
Last four articles of the magazine are related to topics other than web scanners. First of them is a walk-through on how to exploit David Golunski’s PHPMailer. Next you will find out all about the secrets of Wi-Fi Credentials, for example how and why can anyone fetch personal information, encryption and decryption of stored data, interpreting XML files directly, and many more. Third and fourth articles are step by step tutorials. One of them is about how to create shellcode for Linux x64, and second will show you how to set up Nginx with HTTP2 support on Ubuntu 16.04.
We would also want to thank you for all your support. We appreciate it a lot. If you like this publication you can share it and tell your friends about it! every comment means a lot to us. Again special thanks to the Beta testers and Proofreaders who helped with this issue. Without your assistance there would not be a PenTest Magazine.
Enjoy your reading,
Table of contents:
How to detect vulnerabilities using Vega web scanner
by Washington Umpierres de Almeida Junior
The choice of appropriate tools for analyzing vulnerabilities in the web environment by Cyber Security professionals takes into consideration several aspects. Particularly, I consider the tools that meet high standards of efficiency, such as those that match the Web Application Security Scanner Functional Specification developed by NIST, that stands for National Institute of Standards and Technology, a North American institution widely recognized due to the high level of its technical studies and researches, whose publications have accreditation by several institutes of quality around the world, such as INMETRO in case of Brazil, the National Institute of Metrology, Standardization and Industrial Quality, a Brazilian federal autarchy linked to the Ministry of Development, Industry and Foreign Commerce. According to the NIST SP 500-269 document, a web application security scanner is an automated program designed to examine web applications for security vulnerabilities.
In this article, I present the Vega web scanner, a sophisticated tool for web scanning, multiplatform, which has been developed by Subgraph and that I consider one of the best scanners in its category.
Using w3af for sqli scan
by Junior Carreiro
The w3af project, created and maintained by Andres Riancho, differs somewhat from the others as Nikto and Arachni, by performing functions that go beyond an audit or a scan of vulnerabilities in web applications. As the project description says, the w3af is a Web Application Attack and Audit Framework and tries to exploit the vulnerabilities that are found in the application. Another interesting function is the ability to create scripts that can be customized according to the needs of each one and even placed in crontab to run periodically.
Playing with web scanners- The ZAP Project
by Mauricio Harley
For the initial article of 2017, I bring to you ZAP (Zed Attack Proxy), a quite complete and versatile web scanner aimed at two objectives: being easy to use and still very powerful. ZAP is one of the two Web Scanner projects hosted on OWASP.
Acunetix Web Vulnerability Scanner
by Mohamed Magdy
With the uptake of cloud computing and the advancements in browser technology, web applications and web services have become a core component of many business processes, and therefore, a lucrative target for attackers. Over 70% of websites and web applications, however, contain vulnerabilities that could lead to the theft of sensitive corporate data, credit cards, customer information and Personally Identifiable Information (PII). Now is the time for organizations to make web application security not only a priority, but a fundamental requirement. Acunetix is one of the most popular scanners in the web application area and it is very powerful and effective when you need to know the flaws in your website and web applications.
How to detect vulnerabilities using Burp Suite
by Nishant Chougule
Automated web application scanners find serious vulnerabilities that can exploit the web applications further. This article demonstrates right from the basic tutorial of intercepting the web requests to automating the web scanner, through advanced Burp Suite testing using extenders. The article is more focused on how to detect the vulnerabilities using various techniques, such as intruder, active, passive scanner and extensions.
Step by step guide to ARACHNI Framework
by Jitendra Kumar
Web application security/vulnerability scanner is an automated tool used for a web application to find bugs/security flaws/vulnerabilities such as SQL Injection, Cross-site Scripting, Authentication and Authorization flaws, Path Traversal and Misconfiguration, etc. A vulnerability scanner helps a security expert to find all possible security flaws in an application by performing scanning based on a predefined set of rules or signatures. It also increases the level of efficiency to perform security analysis on a web application. This article will be focused on the Arachni Web Application Security Scanner, which is an Open Source tool.
Step By Step setting up and scanning with Nessus
A brief walk-through of the PHPMailer Vulnerability and Exploit
by Jason Bernier
A recent vulnerability and subsequent exploit for PHPMailer was released by David Golunkski. This will be a general walk-through on how to use the exploit. The exploit takes advantage of a vulnerability within the PHPMailer’s software that doesn’t perform proper sanitization on a mail form.
The secrets of Wi-Fi Credentials
by Michael Haephrati
This article covers and teaches the following issues:
• Personal information – how and why is it stored and how can anyone fetch it. To do so, two examples are provided:
– Wi-Fi credentials
– Skype account information
• Encryption and Decryption of stored data
• Interpreting XML files directly or with a “helper” class
• Logging using easy to read color, proper Console window resizing and logging to a file
• Obtaining the current resolution of the Desktop screen
• Detecting UAC (User Account Control) level of an application. Checking whether a user is running as Administrator or no
Creating shellcode for linux x64
by David Velázquez
When you are talking about shellcode, you become immersed in assembly programming and features like how to avoid null characters and reduce the size of the shellcode. A shellcode is a set of assembly instructions that allows the execution of sentences directly in the processor without the use of any kind of interpreter. The main use of a shellcode is in exploit and malware development, because it can be injected in every application and take it over. Because this is not an article about how to learn assembly programming, you need to have some basics in this programming language.
How to Set Up Nginx with HTTP2 Support on Ubuntu 16.04
by Bhadreshsinh Gohil
In this tutorial, you will learn a way to use NGINX with HTTP-2 protocol support on Ubuntu 16.04. By using nginx over HTTP-2, we are going to get additional speed and accuracy on our internet server.