Ethical Hacking and Penetration Testing Guide by RAFAY BALOCH
Now that you know the basics and structure of how a penetration
testing report is written, I would urge you to spend some time
reviewing the following penetration testing sample reports.
■ http://www.offensive-security.com/penetration-testing-samplereport.
pdf
■ http://www.niiconsulting.com/services/securityassessment/
NII_Sample_PT_Report.pdf
■ http://pentestreports.com/
Conclusion
In this chapter, we talked about basic terminologies that you will
encounter on a daily basis as a penetration tester. We discussed about
the types of penetration tests and the different penetration testing
methodologies. We then talked about what makes a good penetration
testing report. We also looked at how a penetration test report should
be laid out in order to provide the target audience the necessary
information.
Chapter 2
Linux Basics
In order to become a good ethical hacker or penetration tester,
you need to be conversant with Linux, which is by far one of the
most powerful operating systems. Linux is really good for
ethical hacking and penetration testing because it is compatible
with a wide variety of related tools and software, whereas other
operating systems such as Mac and Windows support fewer of
these software and tools. In this chapter, I will teach you some
of the very basics of operating a Linux OS. If you are already
familiar with Linux basics, you can skip this chapter.
One of the most common questions asked in many forums is
“Which Linux distro should I use?” As there are tons of Linux
distros such as Ubuntu, Fedora, Knoppix, and BackTrack you
can use any Linux distro you want as all work in a similar
manner. However, I suggest you use BackTrack if you really
wish to dig deeper into this subject because it is all
encompassing from a penetration tester’s perspective.
Major Linux Operating Systems
Before talking about BackTrack, let’s take a look at some of the
Linux-based distros that you will encounter very often:
-Redhat Linux—Used mostly for administration purpose.
-Debian Linux—Designed for using only in open source
software.
-Ubuntu Linux—Designed mostly for personal use.
-Mac OS X—Used in all Apple computers. Solaris—Used in many commercial environments.
-BackTrack Linux—Used mostly for penetration testing.
File Structure inside of Linux
On a Linux system, most everything is a file, and if it is not a file,
then it is a process.
Here is a general diagram for file structure in Linux.
There are certain exceptions in a Linux file system
Directories—Files that are lists of other files.
Special file—The mechanism used for inout and output. /dev
are special files.
Links—A system to make file or directory visible in multiple
parts of the systems.
Sockets—A special file type, similar to TCP/IP sockets
providing inter-process networking.
Pipes—More or less like sockets; they form a way for process
to communicate with each other with out using network socket.
File types in a long list:
Subdirectories of the root directory:
Although there are already a lot of good security features built into
Linux-based systems, based upon the need for proper permissions, I
will go over the ways to assign permissions and show you some
examples where modification may be necessary. Wrong file
permission may open a door for attackers in your system.
Group Permission
-Owner—The Owner permissions apply only the owner of the
file or directory; they will not impact the actions of other users.
-Group—The Group permissions apply only to the group that
has been assigned to the file or directory; they will not affect the
actions of other users.
-All User/Other—The All Users permissions apply to all other
users on the system; this is the permission group that you want
to watch the most.
Each file or directory has three basic permission types:
Read—The Read permission refers to a user’s capability to read
the contents of the file.
Write—The Write permissions refer to a user’s capability to
write or modify a file or directory.
Execute—The Execute permission affects a user’s capability to
execute a file or view the contents of a directory.
Let’s see how it works.
File permission is in following format.
Owner Group Other/all
.root@Net:~# ls -al
We will talk about aforementioned command later on in this chapter.
.rwxr-xr-x 1 net tut 77 Oct 24 11:51 auto run
.drwx------ 2 ali tut 4096 Oct 25 2012 cache
File auto run permission
.—No special permissions
.rwx—Owner (net) having read, write, and execute permission
while group (tut) having read and execute and other also having
same permission.
File cahe permission
d—Represent directory
rwx—Owner (ali) having read, write, and execute permission
while group (tut) and other/all does not have any permission for
accessing or reading this file.
Linux Advance/Special Permission
l—The file or directory is a symbolic link
s—This indicated the setuid/setgid permissions. Represented as
a s in the read portion of the owner or group permissions.
t—This indicates the sticky bit permissions. Represented as a t
in the executable portion of the all users permissions
i—chatter Making file unchangeable
There are two more which mostly used by devices.
c—Character device
b—Block device (i.e., hdd)
Let’s go through some examples
Link Permission
root@net:~#ln -s new /root/link
root@net:~#ls -al
lrwxrwxrwx 1 ali ali 3 Mar 18 08:09 link -> new
link is created for a file name called new (link is symbolic
for
file name new)
Suid & Guid Permission
.setuid (SUID)—This is used to grant root level access or
permissions to users
When an executable is given setuid permissions, normal users can
execute the file with root level or owner privileges. Setuid is
commonly used to assign temporarily privileges to a user to
accomplish a certain task. For example, changing a user’s password
would require higher privileges, and in this case, setuid can be used.
setgid (SGID)—This is similar to setuid, the only difference
being that it’s used in the context of a group, whereas setuid is
used in the context of a user.
root@net:~#chmod u+s new
root@net:~#ls -al
-rwSr--r-- 1 ali ali 13 Mar 18 07:54 new
Capital S shows Suid for this file.
root@net:~#chmod g+s guid-demo
root@net:~#ls -al
-rw-r-Sr-- 1 ali ali 0 Mar 18 09:13 guid-demo
Capital S shows Guid for guid-demo file and capital S is in group
section.
Stickybit Permission
This is another type of permission; it is mostly used on directories to
prevent anyone other than the “root” or the “owner” from deleting the
contents.
root@net:~#chmod +t new
root@net:~#ls -al
-rw-r--r-T 1 ali ali 13 Mar 18 07:54 new
Capital T shows that stickybit has been set for other user (only owner
or root user can delete files)
Chatter Permission
root@net:~#lsattr
---------------- ./new
root@net:~#chattr +i new
root@net:~#lsattr
----i----------- ./new
Small i shows that this file is unchangeable and lsattr is a command
to check if there is chattr on file.
Before we end up with file permission, let’s have little look about
numerical file permission.
r = 4
w = 2
x = 1
The sum of those aforementioned values manipulates the file
permission accordingly, that is,
root@net:~# ls -al
-rw-r--r-- 1 ali ali 13 Mar 18 07:54 new
Here other user only having “read” permission so what we are going
to do is to change it into read and write but not execute.
root@net:~#chmod 646 new
root@net:~#ls -al
-rw-r--rw- 1 root root 13 Mar 18 07:54 new
Let’s explore a bit more into it, we want read + write permission so 4
+ 2 = 6 that’s mean read and write.
Hope it is clear now how to set permission on a file and what it
does.
Most Common and Important Commands
Cron is a utility that helps us create schedule to perform a certain
task/command. As we know that /etc having configuration files for
most of the services same as for cron.
We will just go through a quick review of how does it work and
how do we set it up.
The following is the hierarchy for it.
It’s pretty simple and easy to understand; aforementioned hierarchy is self-explanatory. First * represent min 0-59
Second * represent hour 0-23
Third * represent day of month 1-31
Forth * represent month 1-12
Fifth * represent day of week 0-6
.jpg)
0 Comments