Tag Archives: penetration testing

get into the penetration testing field

Do you want to get into the penetration testing field?. if yes, we are going to discuss how you can stop being a script-kiddies and become a good penetration tester. If you are reading this article, you are on a good way to become an expert in penetration testing.

The way has never been easy but you can reach it if others reached it. But depend on the energy and effort you are going to put into it.

Then, before we continue with this article, let us see first what penetration testing really is. because some are having confusion about penetration testing and Ethical hacking.

Also you should read this article, how to become an ethical hacker

What is penetration testing?

Penetration testing is a type of security testing that is used to test the security of an application. It is conducted to find a security risk that might be present in a system.

When a system is not secure, then it’s easy for an attacker to get into it. Security is normally an accidental error that occurs while developing a system.

why is penetration testing important?

You must understand that penetration testing is very important to assured the system or network security. Also, penetration testing normally must evaluate the system’s ability in order to be protected.

Also, penetration testing must assure that only external or internal authorized users can access the system.

Then, penetration testing is important because:

  • It provides evidence to suggest why it is important to increase investment in security aspect of technology
  • also, it estimates the volume of the attack
  • It supports avoid black hat attack and also protects the original data.
  • helps also to detect the weakness of the system

Attention: penetration testing is not only to know the list of tools used to test and to know how to use them. But a real penetration tester must be able to proceed rigorously and detect the weaknesses of a system. They must be able to identify the technology behind them and test every single door that might be open to attackers.

Also, this is important to inform yourself about the law and what you are allowed to do or not. According to your country, the computer laws are not the same. First, check laws about privacy and surveillance: Nine eyes countries, Five eyes, and Fourteen Eyes. Always check if what you’re doing is legal. Even when it’s not offensive, information gathering can also be illegal!

The penetration tester not only discovers vulnerabilities that could be used by attackers. But also must be able to exploit those vulnerabilities, to assess what attackers might gain after a successful exploitation

How is penetration testing Beneficial?

While the practice of penetration testing is growing in popularity, it comes with the benefit.

Identify and resolve system vulnerabilities: penetration testing is that penetration testers put themselves in a hacker’s position. By staying on the pulse of the cybersecurity world and regularly approaching IT systems from a cybercriminal’s perspective, penetration testers can identify a wide range of vulnerabilities and weaknesses in the system.

Gain valuable insights into digital systems: Reports from penetration testing can provide a valuable details about the network or system, its weak points, and how to strengthen it.

Establish trust with your clientele: A cyberattack or data breach negatively affects the confidence and loyalty of your customers, vendors, and partners.

Protection from financial damage: A simple breach of security system may cause millions of dollars of damage. Penetration testing can protect the organization from such damages.

some vocabulary related to penetration testing

Penetration tester: Is an ethical hacker who practices security, tests applications and systems to prevent intrusions or find vulnerabilities.

Reverse engineering: Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon.

Social engineering: In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information.

Security researcher: Someone who practices pen testing and browses the web to find phishing/fake websites, infected servers, bugs, or vulnerabilities. They can work for a company as a security consultant and are most like a Blue team.

Penetration tester skills required

A penetration tester need to know how to modify existing exploits to get them to work in specific networks for testing purposes. But no single tester can possibly be an expert across all domains, but they need to be active learners and develop real-world experiences.

Understanding of secure web communications and technologies

You need an understanding of web technologies. Web applications are a well-accepted portion of just about every assessment we do these days, and everybody needs to understand them. Our assessors need to know how web applications are built, how to identify input fields, and how to gather the information that can lead to exploiting the functionality of the web application.

You might like also Top 6 best OS for penetration testing

Ability to Script or Programming

Learning programming is the very first way to start learning about security. There’s a lot of languages, most people start with Python, which’s the easiest and the most popular one. PHP and Go are the less popular to write security-related stuff, but any of these can still be used in such context. Bash and PowerShell are mostly about scripting and writing simple CLI applications.

Programming language

You might like also 6 most common mistake that every beginner should avoid for the best result

Content Management Systems

First, a CMS is computer software used to manage the creation and modification of digital content. Digging into the functionalities and security of CMS’s will open your door to a better understanding of how you can manage when in front of one below:

  • WordPress
  • Joomla
  • Drupal
  • SPIP

Steps of Penetration Testing

Before the tester starts the vulnerability analysis of a system there are some crucial steps that he must follow. each step is important in order to elaborate a good report after finish the work.

  • Planning and preparation
  • Reconnaissance
  • Discovery
  • Analyzing information and risks
  • Active Intrusion Attempts
  • Final Analysis
  • Report Preparation

You can also read more about penetration method

Penetration testing tools

The Kali Linux penetration testing platform contains a vast array of tools and utilities. From information gathering to final reporting, Kali Linux enables security and IT professionals to assess the security of their systems.

Also, check this for more information about kali linux tools

Additional resources

Also, here are some of other additional resources’ that will help you in your jorney of becoming a pentester.

Notice: These resources are not only that you can use. But know that there are many resources over the internet and also books that can help you.

Zphisher best termux hacking tool for phishing

Zphisher is an advanced phishing toolkit it is an upgraded version of Shellphish. It also has the main source code from Shellphish but ZPhisher is upgraded. Also, has removed some unnecessary codes from Shellphish.

Also, it is a beginner’s friendly, automated phishing tool with 30+ templates.

What are the features of Zphisher?

Then, it’s time to see Zphisher features.

  • Latest and updated login pages.
  • Mask URL Support
  • Beginners friendly
  • Docker support
  • Multiple tunneling options (Localhost, Ngrok )

What are Zphisher dependencies?

Notice: All the dependencies will be installed automatically when you run Zphisher for the first time.

  • Php
  • Wget
  • Curl
  • Git

You may also like to know how to install Tool-X best termux hacking tool

Zphisher supported Platforms

You may want also to know Zphiser is supported by which platforms. the good news is that it’s available on many platforms. Then, know that in this article we are talking about Zphisher on termux.

You may like also how to install onex best termux hacking tool

How to install Zphisher on Termux?

Then, if you are reading this article I’m sure that you have Termux installed on your device, and if not don’t worry. Because we wrote a starter guide on how to hack with your smartphone using Termux.

Also, if you are among those who think Termux is the same as Linux don’t hesitate to read this guide what is the difference between Termux to Linux.

Then, let us continue you may find that installing Zphisher can be done in few minutes.

apt update 
apt install git php curl openssh -y 
git clone https://github.com/htr-tech/zphisher
cd zphisher  
chmod +x zphisher.sh 
bash zphisher.sh

Then, after you finish to install Zphishing you are ready to use that amazing termux tool.

What can you do to be safe from phishing attacks?

Also, as now you know that it’s possible to hack using Zphisher let us see how to prevent phishing attacks.

  • Avoid clicking on any suspicious link.
  • Make sure you check the link if is driving to original website.

Also, for more information about this attack, I suggest reading how hackers hack Facebook and how to prevent them.

Legal disclaimer

Usage of Zphisher for attacking targets without prior mutual consent is illegal. Also, It’s the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

Man in the middle attack & how to prevent it

What is Man in the middle attack

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

The goal of an attack is to steal personal information, such as login credentials, account details, and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites, and other websites where logging in is required.

Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers, or an illicit password change.

Additionally, a man in the middle attack requires three players. There’s the victim is trying to communicate, and the man-in-the-middle, who is intercepting the victim’s communications. Critical to the scenario is that the victim isn’t aware of the MITM.

How does a Man In The Middle Attack work?

Let’s say you received an email that appeared to be from your bank, asking you to log in to your account to confirm your contact information. Then, you click on a link in the email received and are taken to what appears to be your bank’s website, where you log in and perform the requested task.

In such a scenario, the man in the middle (MITM) sent you the email, making it appear to be legitimate.

This attack also involves phishing, getting you to click on the email appearing to come from your bank.

Also, he created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login credentials after clicking the link in the email. And the time you log in, you are not logging into your bank account, but you are handing over your credentials to the attacker.

Man In The Middle attack progression

Man In The Middle attacks come in two forms, one that involves physical proximity to the intended target, and another that involves malicious software, or malware.

Successful MITM execution has two distinct phases: interception and decryption.

Interception

The first step intercepts user traffic through the attacker’s network before it reaches its intended destination.

The most common (and simplest) way of doing this is a passive attack in which an attacker makes free, malicious WiFi hotspots available to the public. Typically named in a way that corresponds to their location, they aren’t password protected. Once a victim connects to such a hotspot, the attacker gains full visibility to any online data exchange.

When an attacker wishing to take a more active approach to interception, he may launch one of the following attacks:

You may also like How to use john the ripper password cracker

  • IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website.
  • ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker.
  • DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.

Decryption

After an interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this:

  • HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumbprint associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The attacker is then able to access any data entered by the victim before it’s passed to the application.
  • SSL BEAST (browser exploit against SSL/TLS) targets a TLS version 1.0 vulnerability in SSL. Here, the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by a web application. Then the app’s cipher block chaining (CBC) is compromised so as to decrypt its cookies and authentication tokens.
  • SSL hijacking occurs when an attacker passes forged authentication keys to both the user and the application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session.
  • SSL stripping downgrades an HTTPS connection to HTTP by intercepting the TLS authentication sent from the application to the user. The attacker sends an unencrypted version of the application’s site to the user while maintaining the secured session with the application. Meanwhile, the user’s entire session is visible to the attacker.

You may also like How hackers hack Facebook Accounts, and How to prevent them

Man in the middle attack prevention

Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications.

Also, with the amount of tools readily available to cybercriminals for carrying out Man In The Middle attacks, it makes sense to take steps to help protect your devices, your data.

  • make sure you always visit website with the HTTPS
  • Be wary of potential phishing emails from attackers asking you to update your password or any other login credentials. Instead of clicking on the link provided in the email, manually type the website address into your browser.
  • Never connect to public WIFI routers directly, if possible a VPN encrypts your internet connection on public hotspots to protect the private data you send and receive while using public WIFI, like passwords or credit card information.
  • Avoiding WIFI connections that aren’t password protected.

For website operators, secure communication protocols, including TLS and HTTPS, help mitigate spoofing attacks by robustly encrypting and authenticating transmitted data. Doing so prevents the interception of site traffic and blocks the decryption of sensitive data, such as authentication tokens.