1.1 Intro
Welcome to the VHL Penetration testing course! In this course we will be preparing you to perform ethical hacking and penetration tests on networks, computer systems, services and web applications. Throughout this course we will cover many tools and techniques that can be employed to discover, assess and resolve security issues and vulnerabilities. As the skills level and experience of VHL students varies from absolute beginners to seasoned practitioners seeking opportunities to sharpen their skills, every topic in the courseware is covered from the very basics assuming no additional knowledge beyond that listed in the course pre-requisites. After finishing the courseware, you will be able to proceed to practice the tools and techniques in our online penetration testing labs. The penetration testing labs simulate a variety of vulnerable machines ranging from Windows, Linux and Android systems to network appliances. Every machine in the lab is specifically designed to contribute to your learning in its own unique way.
Throughout the course we will be primarily focusing on the technical side of penetration testing. This means that you will learn how to work with a specialist toolkit to identify vulnerabilities in systems, services and configurations. Once all the vulnerabilities have been identified you will then use this information to work with exploits that take advantage of those vulnerabilities exactly as real attackers do. With this knowledge under your belt you will be able to detect potential security issues, solve or mitigate them and apply countermeasures against real attackers. The key principle here is that you can’t fix anything properly unless you first know how it works. Therefore, in order to understand how systems are vulnerable we will analyse code, exploit real vulnerabilities and practice a lot of different scenarios. In effect, you will break something and then you will learn how to fix it.
Course Topics
Let’s briefly walk through the courseware to get an idea of the topics we will be covering.
Chapter 1: Penetration Testing: The basics
In the first chapter we will be looking at what penetration testing exactly is. We will look at the different phases of a penetration test, the tasks involved in these phases and the professional opportunities available in this field of information security.
Chapter 2: Getting ready to access the labs
In chapter 2 we will be preparing ourselves to access the online labs using a Virtual Machine with a penetration testing OS and VPN client installed. If you’re not using one of the VHL prepared and pre-installed machines, we will walk you through the process of setting up the VM, installing the VPN client and finally accessing the labs. After setting up the VM and lab access we will look at how to reset lab machines to their original state and the requirements to apply for the VHL certificate of completion. We will also look at some rules, restrictions and legal issues that we have to agree on and finally some information about the lab subnets, machine keys and the lab dashboard.
Chapter 3: Information Gathering
In this chapter we will be covering passive and active information gathering techniques. We will learn how to discover live hosts (devices) on a network, how to scan for open ports with a network discovery and security auditing tool called Nmap and how to enumerate (i.e. list) the protocols and services to be found there. Passive information gathering techniques focus on gathering information from publicly available sources without connecting to the target whereas active information gathering is all about scanning the target hosts, networks, services and web applications.
Chapter 4: Vulnerability Assessments
In Chapter 4 we will learn how to identify vulnerabilities in target systems. We will use different sources to find vulnerabilities and exploits and look at some Nmap scripts (i.e. script files to automate a wide variety of networking tasks) to test for those vulnerabilities. Finally, we will be installing an automated vulnerability scanner called OpenVAS and learn how to use it.
Chapter 5: Exploitation
In Chapter 5 we will be covering subjects related to exploiting known vulnerabilities. We’ll start by looking at a few online resources from where exploit code and scripts can be downloaded. Then we will learn how to analyse the exploit code by looking at an Apache James server exploit line by line. This will help us understand what the exploit code actually does when it is executed and how to modify target-specific parameters, such as target IP, port and payload. In the chapters that follow we will see how to compile exploits (converting code into an executable) for Windows and Linux, how to deal with compilation errors and, finally, how to transfer exploits to the target host. In the last part of this chapter we will demonstrate all these techniques by exploiting a few vulnerabilities.
Chapter 6: Privilege Escalation
This chapter is focused on both local enumeration techniques in order to obtain necessary systems information and on privilege escalation techniques for both Windows and Linux. Privilege escalation is the process of increasing the level of user privileges on a certain host to the highest permission level – i.e. to that of a root shell on a Linux system or a domain administrator or system shell on Windows.
Chapter 7: Web Applications
Chapter 7 covers the basics of web application penetration testing. We’ll learn about common vulnerabilities such as SQL injection, Remote Code Execution and Local/Remote File Inclusion vulnerabilities. We will also take a more detailed look at file upload vulnerabilities, how to work with web shells and how to convert them into command line shells.
Chapter 8: Password Attacks
In this chapter we will learn how to attack authentication mechanisms using password attacks. Authentication is the process of proving that you are the person you claim to be. A combination of a user id with a password is one of the most common methods used for authentication and in this chapter, we will learn how to use various tools and techniques to break it.
Chapter 9: Networking & Shells
In Chapter 9, Networking & Shells, we’ll cover the basics of working with reverse- and bind shells. We’ll learn how to initiate reverse shells using various programming and scripting languages (such as Bash, PHP, Python and Perl) and how to intercept these shells with utility a called Netcat. We will also look at how to upgrade non-interactive shells to interactive shells and how to convert regular reverse shells to Meterpreter shells. Meterpreter is a special type of payload contained in the Metasploit Framework.
Chapter 10: Metasploit
This chapter explores the fundamentals of the popular penetration testing tool, the Metasploit Framework. We will start with basic Metasploit command line usage and from there you will learn not only how to find exploits and how to configure them, but also how to execute them against a target and perform some post exploitation. This chapter also covers everything you need to know about the Meterpreter tool.
Chapter 11: Attacking management interfaces
In this chapter we will discuss management interfaces and how they can be attacked.
So far, we have looked at the course topics. Before we move forward with the practical part of the course, let’s have a look at some general penetration testing concepts.