|Scene from Disney's Aladdin - Image From Fransisca's Portfolio|
I have been doing an external web assessment for work and let me tell you, I have a lot to learn. Luckily for us, there are a ton of resources out there to help someone learn how to do this!
First assumption to throw out the window: it has to be a complicated hack to gain access :)
So how to start? Well there are tons of 'exploitable' systems out there which can be used. Metasploitable seem like a great one to learn from and it even has some tutorial/howtos on the left to which you can throw against your new vulnerable image. I will probably start here (taking notes as I go!). There is also a free tool from McAfee Foundstone called Hacme Shipping which "demonstrate common web application hacking techniques such as SQL Injection, Cross Site Scripting and Escalation of Privileges as well as Authentication and Authorization flaws and how they are manifested in the code". This sounds impressive, but it requires a bit more setup than Metasploitable (which is a VM). However, there is a guide to setting it all up courtesy of pingtrip.com
OK, we got the victim, now what tools do we use to analyze and hopefully pwn our poor little web services? OWASP has a Security Framework on top of a web browser called Mantra, which looks pretty slick. Like Backtrack, it has Information Gathering tools, editors (which means you can edit inline), tools for pentesting, etc, except its focus is on web based offense/defense. You can get a list of all the tools here. Heck Mantra is actually in Backtrack 5.... so Backtrack would be a good bet!
In addition, I found some other fun websites which may prove useful later on:
- SQLcourse.com - exactly what it sounds like, even has an SQL interpreter
- exploit-db.com - again exactly what is sounds like....
- HTML Code/Text Obfuscator - why not use it with JS as well?
Anyone have any additional hints/pointers/sites/tutorials? I would love to hear them!
P.S. I am working on a Powershell script which will grab a ton of artifacts in Vista/XP (read Temp Internet Files, AutoRun registry settings, Temp directories) where badness generally resides. I sent it to my team for a pass to make sure it works and make any adjustments/comments, then I plan on sharing to the community. I am sure it isn't the best tool, but its flexible and can be added upon as needed. If anything it shows how kickass and powerful Powershell can be.