Upload
palani-samy
View
215
Download
0
Embed Size (px)
Citation preview
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 1/46
CHAPTER 1
INTRODUCTION
Web Based Penetration Testing provides a user friendly way of doing penetrationtesting on a system. It is web interface for many popular command line tools nicely arranged
and categorized to make the penetration testing more easily than before. It is a web based
application with PHP as the developing platform.
1.1 PURPOSE
The aim of the proect is to automate the penetration testing and reduce the time of
professional penetration testers in memorizing and typing various commands and its options
again and again while the course of penetration testing. This tool can also be used for
educational purpose. !s an IT Professional a student must know about the different types of
attacks" scanning networks" gathering information about a system and e#ploiting a remote
system etc. There are thousands of tools $most of them are command line tools% available for
these purposes. Installing these tools re&uires a deep knowledge and use of these tools also
re&uires e#perience with 'inu# () and command lines. )o" this web based framework can be
hosted on a server $which has all the dependencies installed% and can be used by students to
learn basics of penetration testing.
1.2 PROJECT SCOPE
*ser will be presented with a user friendly interface to the user with all the tools
categorized according to their functionalities.
)cans a network+system for different types of vulnerabilities" detects firewall" load
balancing" open ports" target location" web,server" outdated files etc.
-#plore different types of /) such as Wordpress" 0rupal" 1oomla by enumerating
users" directory listing" detecting service version etc.
-#tracts information related to 02) and IP !ddresses" e#tracts links and check
validity of links on a web page and much more.
Provides information about email accounts" *ser names and host,names+sub,domains
from different public search engines and P3P key server.
Provides an interface to use various 3oogle dorks such as search for configuration
files" )4' errors" log files" php info" back,up and old files etc for a website.
Helps in collecting various information about a domain such as domain popularity
with 3oogle" domain age" !le#a and 3oogle rank" number of back,links etc.
1
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 2/46
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 3/46
Web based penetration testing lab is web interface for many popular command line
tools nicely arranged and categorized to make the penetration testing more easier than before.
It is a web based application with PHP as the developing platform.
The 9ront,-nd tier has web pages which interacts with users to provide information
and functionality for different user roles. PHP is used for e#ecuting 'inu# commands on the
web pages. !pache is used as web server and 'inu# is used as working environment.
3
WEB BROWSER
WEB PAGES
Front End
HTML! CSS! JA"ASCRIPT#
9ig.5.: Product Perspective
L$n%& D$'tr$(%t$on
D)($*n B*')d OS Pr)+)r*(,)#
S)r-)r S$d) Sr$/t$n0
PHP
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 4/46
2.2 PRODUCT FUNCTIONALITIES
The various functionalities of the proposed system and their interaction are described
in brief in this section. *ser will be allowed to perform the following actions.
)cans a network+system for different types of vulnerabilities" detects firewall" load
balancing" open ports" target location" web,server" outdated files etc.
-#plore different types of cms such as Wordpress" 0rupal" 1oomla by enumerating
users" directory listing" detecting service version etc.
-#tracts information related to 02) and IP !ddresses" e#tracts links and check
validity of links on a web page and much more.
Provides information about email accounts" *ser names and host,names+sub,domains
from different public search engines and P3P key server.
Provides an interface to use various 3oogle dorks such as search for configuration
files" )4' errors" log files" php info" back,up and old files etc for a website.
Helps in collecting various information about a domain such as domain popularity
with 3oogle" domain age" !le#a and 3oogle rank" number of back,links etc.
3enerates and tests domain typos" investigate IP through various web tools" checks
whether a domain is in blacklist or not.
3enerates undetectable $bypasses most of the anti,virus products% metasploit payload
for windows" 'inu#" !pple ()" !ndroid () and for e#ploiting websites $!)P" PHP"1)P% and
much more.Helps in back,dooring e#e files" debian packages and pdf by asking user to upload file
and adding payload to the uploaded file.
Helps in generating PHP backdoor using weevely" a powerful framework to deface a
vulnerable website written in PHP.
.*sers can see tool description for each tools in the web page for help.
2.3 USER CHARACTERISTICS
The user must have the knowledge of basics of computer science. *ser must know
about the internet" Browser" (perating )ystem and other basic computer related concepts.
*ser must be willing to learn the basic of penetration testing. Previous e#perience with
penetration testing is not mandatory" however knowledge of concepts can help in
understanding the concepts of penetration testing by practical e#perience.
2. CONSTRAINTS
• 3*I is only in -nglish.
4
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 5/46
• )erver omputer must be running 'inu# with all the dependencies
installed.
• lient computer+*ser omputer can have any (perating )ystem
running.
• *ser;s () must be having a modern web browser with 1ava)cript
support.
CHAPTER 3
5
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 6/46
SYSTEM DESIGN
This hapter dealt with the fabrication of the web application with a module,wise
e#planation on the significant functions.
3.1 ARCHITECTURE O"ER"IEW
Web based penetration testing lab follows a simple web based structure for better
functionality with less complication.
The 9ront,-nd tier has web pages which interacts with users to provide information
and functionality.
PHP is used for interaction with (perating )ystem to e#ecute system commands and
to display the result on web page. 'inu# is used as the working environment.
*ser opens the web based penetration testing lab in a web browser and selects a
module" interface asks for re&uired information through HT/' forms. (nce the user submits
the information" it gets validated by PHP script and the commands related to the user;s &uery
gets e#ecuted by PHP with interaction with () or through PHP itself according to the user;s
&uery. (nce the e#ecution starts" results will be displayed line by line.
6
9ig.6.: !rchitecture 0iagram
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 7/46
3.2SYSTEM DESIGN
The section outlines the use cases for user interacting with each modules
separately. The main user in this proect is the people who wants to do penetration testing.
3.2.1 S*nn)r U') C*')
9ig. 6.5 )canner *se ase
• S*nn)r *ser can choose a sub,module in scanner module as per his+her
re&uirement
URL F%)r 0irectory check" file check" dynamic tests" static tests" web server
information" blind s&l inection etc.
N4*/ S*nn)r M)n% *ser scans a target for () 9ingerprinting" (pen TP and
*0P Ports" detecting service version etc.
• W)( S*nn)r *ser scans a target for dangerous files" ))' check" detecting load,
balancing" detecting application at a given port etc.
• W)( "%,n)r*($,$t5 S*nn)r *ser scans a target to perform various tests such as
directory check" file check" dynamic tests" static tests" stress tests etc
• P$n0 S6))/ *ser finds out which all hosts are alive in a network.
7
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 8/46
3.2.2 CMS7E&/,or)r U') C*')
9ig. 6.6 /),-#plorer *se ase
• CMS7E&/,or)r *ser can choose a sub,module in /),-#plorer module as
per his+her re&uirement
WordPr)'' S*n *ser scans a WordPress site to enumerate users" installed
plugins" installed Tim thumbs" detect /) version" etc.
• Joo4,* S*n *ser scans a 1oomla site to find venerability" gets geo,location"
detects 1oomla version running.
• Dr%/*, S*n *ser scans a 0rupal site to find venerability" enumerate
modules" gets geo,location" detects 1oomla version running.
• D)t)t CMS ")r'$on *ser performs blind elephant scan on the given target
in order to detect target;s /) <ersion.
3.2.3 N)t6or8 Too,' U') C*')
8
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 9/46
9ig. 6.7 2etwork Tools *se ase
• N)t6or8 Too,' *ser can choose a sub,module in 2etwork Tools module as
per his+her re&uirement.
• DNS 9%)r$)' *ser chooses to perform various types of 02) related en&uiry
on a host+domain.
• IP Too,' *ser chooses to perform various types of IP related en&uiry on a
host+domain such as reverse IP 'ook,up" port check etc.
• W)( Too,' *ser chooses to get HTTP Header information" dumps all the
links on a web page and check for the validity of links on a web page.
• N)t6or8 T)'t' *ser performs simple network tests such as ping test" Trace,
route etc.
3.2. In+or4*t$on G*t:)r$n0 U') C*')
9
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 10/46
9ig. 6.8 Information 3athering *se ase
• In+or4*t$on G*t:)r$n0 *ser can choose a sub,module in this module as per
his+her re&uirement.
• In+o G*t:)r$n0 *ser chooses to perform any of the following, retrieve
2etBI() state" 'ive host identification" -numerating all host,names which
Bing has inde#ed for IP address" search for possible email address etc
• T:) H*r-)'t)r *ser chooses to get information about e,mail accounts" user
names and host,names+sub,domains from different public sources like search
engines and P3P key server.
• Goo0,) H*8$n0 ! collection of 3oogle dorks very useful to gather
information about user;s target
3.2.; Do4*$n Too,' U') C*')
10
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 11/46
9ig. 6.= 0omain Tools *se ase
• Do4*$n Too,' *ser can choose a sub,module in this module as per his+her
re&uirement.
• Do4*$n In+o *ser chooses to perform any of the following, check domain
availability" check page rank by 3oogle" check domain age" get !le#a rank
and back links" find sub,domains" who,is look,up etc.
• Do4*$n Too, *ser chooses to perform any of the following, generate and
test domain typos" generate and show invalid domain type" Perform a whois
lookup on the domain name of host, investigates IP through various web
based tools etc.
3.2.< P*5,o*d G)n)r*tor U') C*')
11
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 12/46
9ig. 6.> Payload 3enerator *se ase
• P*5,o*d G)n)r*tor *ser can choose a sub,module in this module as per
his+her re&uirement.
• W$ndo6' OS *ser uses the interface to generate metasploit payload bypasses
most of the popular anti,virus products like !vast" /ac9ee" !vir etc.*ser
chooses to mention the size of payload.
• Ot:)r OS *ser uses this module to generate payload fr different operating
systems like 'inu# 0istributions" !pple ()?" !ndroid ().
• J*-* P*5,o*d *ser uses this module to generate a 1ava.ar payload which can
be used to affect any () as 1ava is platform independent. It can affect
windows+mac+'inu#+!ndroid () and all other platforms which support 1ava.
• W)( S:),, *ser uses this module to generate web shells for !)P" PHP" 1)P.
3.2.= E&/,o$t' U') C*')
12
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 13/46
9ig. 6.@ -#ploits *se ase
• E&/,o$t' *ser can choose a sub,module in this module as per his+her
re&uirement.
• P*8*0).d)( B*87door This tool generates a debian package encoded with
metasploit payload.
• B*87door$n0 )&) *ser uploads an e#e file and this tool inserts the chosen
payload in the original e#e file.• PDF B*87door *ser uploads a pdf file and this tool inserts the chosen
payload in the original P09 file. It can affect the system if opened with adobe
reader. !ffected )ystems areA !dobe P09 eader
3.3 USE CASE ANALYSIS
13
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 14/46
*se case diagrams are used to gather the re&uirements of a system including internal
and e#ternal influences. These re&uirements are mostly design re&uirements. )o when a
system is analyzed to gather its functionalities use cases are prepared and actors are
identified. The purpose of use case diagram is to capture the dynamic aspect of a system. But
this definition is too generic to describe the purpose. The purpose of use case diagram is to
capture the dynamic aspect of a system. But this definition is too generic to describe the
purpose. ! use case is a list of steps" typically defining interactions between a role $known in
*/' as an Cactor C% and a system" to achieve a goal. The actor can be a human or an e#ternal
system the purpose of use case diagrams can be as followsA
:. *sed to gather re&uirements of a system.
5. *sed to get an outside view of a system.
6. Identify e#ternal factors influencing the system.
7. Identify internal factors influencing the system.
8. )how the interacting among the re&uirements are actors.
*/' *se ase 0iagrams can be used to describe the functionality of a system in a
horizontal way. That is" rather than merely representing the details of individual features of
your system" *0s can be used to show all of its available functionality. It is important to
note" though" that *0s are fundamentally different from se&uence diagrams or flow charts
because they do not make any attempt to represent the order or number of times that the
systems actions and sub,actions should be e#ecuted.
*se ase 0iagrams are behavior diagrams used to describe a set of actions $usecases% that some system or systems $subect% should or can perform in collaboration with one
or more e#ternal of the system $actors%. -ach use case should provide some observable and
valuable result to the actors or other stakeholders of the system. *se case diagrams are in fact
twofold , they are both behavior diagrams $because they describe behavior of the system%"
and they are also structure diagrams , as a special case of class diagrams where classifiers are
restricted to be either actors or use cases related with association. The purpose of use case
diagram is to capture the dynamic aspect of a system.
14
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 15/46
*se case diagrams are considered for high level re&uirement analysis of a system. )o
when the re&uirements of a system are analyzed the functionalities are captured in use cases.
)o we can say that uses cases are nothing but the system functionalities written in an
organized manner. 2ow the second things which are relevant to the use cases are the actors.
!ctors can be defined as something that interacts with the system.
The purpose of use case diagram is to capture the dynamic aspect of a system. But
this definition is too generic to describe the purpose.
*se case diagrams are used to gather the re&uirements of a system including internal
and e#ternal influences. These re&uirements are mostly design re&uirements. )o when a
system is analyzed to gather its functionalities use cases are prepared and actors are
identified.
15
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 16/46
3. SE9UENCE DIAGRAM
The se&uence diagram is used primarily to show the interactions between obects in
the se&uential order that those interactions occur. /uch like the class diagram" developers
typically think se&uence diagrams were meant e#clusively for them. The main purpose of a
se&uence diagram is to define event se&uences that result in some desired outcome. The focus
is less on messages themselves and more on the order in which messages occurD nevertheless"
most se&uence diagrams will communicate what messages are sent between a systemEs
obects as well as the order in which they occur. The diagram conveys this information along
the horizontal and vertical dimensionsA the vertical dimension shows" top down" the time
16
9ig.6.F *se ase 0iagram for the overall )ystem
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 17/46
se&uence of messages+calls as they occur" and the horizontal dimension shows" left to right"
the obect instances that the messages are sent to.
! se&uence diagram shows obect interactions arranged in time se&uence. It depicts
the obects and classes involved in the scenario and the se&uence of messages e#changed
between the obects needed to carry out the functionality of the scenario. )e&uence diagrams
are typically associated with use case realizations in the 'ogical <iew of the system under
development. )e&uence diagrams are sometimes called event diagrams" event scenarios.
(bects calling methods on themselves use messages and add new activation bo#es on
top of any others to indicate a further level of processing. When an obect is destroyed
$removed from memory%" an ? is drawn on top of the lifeline" and the dashed line ceases to be drawn below it $this is not the case in the first e#ample though%. It should be the result of a
message" either from the obect itself" or another. If a caller sends a synchronous message" it
must wait until the message is done" such as invoking a subroutine. If a caller sends an
asynchronous message" it can continue processing and doesn;t have to wait for a response.
!synchronous calls are present in multi,threaded applications and in message,oriented
middleware. !ctivation bo#es" or method,call bo#es" are opa&ue rectangles drawn on top of
lifelines to represent that processes are being performed in response to the message
$-#ecution )pecifications in */'%. (bects calling methods on themselves use messages and
add new activation bo#es on top of any others to indicate a further level of processing.
! message sent from outside the diagram can be represented by a message originating
from a filled,in circle $found message in */'% or from a border of the se&uence diagram
$gate in */'%.
The se&uence diagram is used primarily to show the interactions between obects inthe se&uential order that those interactions occur. /uch like the class diagram" developers
typically think se&uence diagrams were meant e#clusively for them. However" an
organizationEs business staff can find se&uence diagrams useful to communicate how the
business currently works by showing how various business obects interact. Besides
documenting an organizationEs current affairs" a business,level se&uence diagram can be used
as a re&uirements document to communicate re&uirements for a future system
implementation. 0uring the re&uirements phase of a proect" analysts can take use cases to the
ne#t level by providing a more formal level of refinement.
17
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 18/46
)e&uence diagram is the most common kind of interaction diagram" which focuses on
the message interchange between a numbers of lifelines.
)e&uence diagram describes an interaction by focusing on the se&uence of messages
that are e#changed" along with their corresponding occurrence specifications on the lifelines.
The following nodes and edges are typically drawn in a */' se&uence diagramA
lifeline" e#ecution specification" message" combined fragment" interaction use" state invariant"
continuation" destruction occurrence.
*/' se&uence diagrams model the flow of logic within your system in a visual
manner" enabling you both to document and validate your logic" and are commonly used for
both analysis and design purposes. )e&uence diagrams are the most popular */' artefact
for dynamic modelling" which focuses on identifying the behaviour within your system
18
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 19/46
9ig.6.:G )e&uence 0iagram
19
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 20/46
3.; FLOW CHART DIAGRAM
! flow chart diagram is a graphical means of representing or presenting" describing"
or analyzing a process.
9ig.6.:: 9low hart 0iagram
20
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 21/46
3.< RE9UIREMENT SPECIFICATION
3.<.1 U')r R)>%$r)4)nt'
• ! system that is user,friendly and intuitive.
• The system allows easy access to information.
• The system provides help related to tools used in each module.
• The system categorizes the different tools in a module based on their
functionalities.
3.<.2 F%nt$on*, R)>%$r)4)nt'
•!nyone can use the system. egistration not re&uired.
• Web browser should allow pop,up.
• The system should be able to interact with ().
• The system should be able to provide an interface to retrieve user;s &uery
• The system should be able to display result.
• The system should conform to all the specification mentioned in the )oftware
e&uirement )pecification.
3.<.3 Non F%nt$on*, R)>%$r)4)nt'
• The system should be efficient" reliable" and secure throughout.
21
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 22/46
• The people with computer science background or interested in computer
science with basic internet and () knowledge should be able to use the new
system and the system should be robust.
• The system should be easily modified to suit the user" changing demands and
should be accessed on any operating system.
3.<. So+t6*r) R)>%$r)4)nt'
• Front EndInt)r+*)# HT/'" PHP" 1ava)cript
• W)( S)r-)r !pache
• D)-),o/4)nt Too, 2et beans
•
O/)r*t$n0 S5't)4 'inu#
3.<.; M$n$4%4 H*rd6*r) R)>%$r)4)nt'
Table 6.:A Hardware )pecifications
C,$)nt S$d) Pro)''or RAM S/*)
Internet -#plorer @ "
3oogle hrome"
/ozilla 9irefo# or
!ny modern web
browser
Intel Pentium 7 at :
3Hz
8:5 /B : 3B
S)r-)r S$d) Pro)''or RAM S/*)
'inu# 0istribution
with '!/P and all
the dependencies
installed.
H)5: ?eon 0ual ore
8:=G
6.G3Hz+:666/hz+7/
B '5 or above
8:5 /B and above 8 3B
22
.
.
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 23/46
CHAPTER
SYSTEM IMPLEMENTATION
)ystems 0esign will naturally lead to another stage where it becomes closer to the
actual deployment of the planned software. )ince the design is already there" developers have
an idea on how the software actually looks like. !ll they need is to put them all together to
realize the intended software. 3enerally implementation of the software is considered as the
actual creation of the software. )ince system design stage usually suggest that the interface"
data and actual output are created" the implementation stage brings them all together.
To implement a system successfully" a large number of inter,related tasks need to be
carried out in an appropriate se&uence. *tilizing a well,proven implementation methodology
and enlisting professional advice can help but often it is the number of tasks" poor planning
and inade&uate resourcing that causes problems with an implementation proect" rather than
any of the tasks being particularly difficult.
.1 MODULE IMPLEMENTATION
.1.1 S*nn)r
!s many as >G of web sites have vulnerabilities that could lead to the theft of
sensitive corporate data such as credit card information and customer lists.
Hackers are concentrating their efforts on web,based applications , shopping carts"
forms" login pages" dynamic content" etc. !ccessible 57+> from anywhere in the world"
insecure web applications provide easy access to back,end corporate databases.
23
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 24/46
Web application attacks" launched on port @G+776" go straight through the firewall"
past operating system and network level security" and right in to the heart of your application
and corporate data. Tailor,made web applications are often insufficiently tested" have
undiscovered vulnerabilities and are therefore easy prey for hackers.
)canner module of web based penetration testing lab consists of various tools to scan
a website or network for different possible vulnerabilities. These are the some of the features
of this modulesA
• !dvanced and in,depth )4' inection and ross site scripting testing
• !dvanced penetration testing tools" such as the nikto" nmap" #sser" fimap" fping"
uniscan etc
• Port scan a web server and runs security checks against network services running
on the server.
• 0etects target operating system" service version" scan for TP and *0P )ervices
etc.
• 3-T HTTP headers and display the transaction" )can web server for dangerous
9iles" (utdated <ersions... -tc.
• What Web )can" ))' heck" heck if domain uses load balancing" Web
!pplication 9irewall 0etection" 0etect !pplication at given port.
• Performs directory check" file check" static tests" dynamic tests" e#tract web
server information etc for a target *'.
• 0iscovers which hosts are up within a range of IP addresses$Ping,)weep%"
Identify hosts
.1.2 CMS7E&/,or)r Mod%,)
*sing the HT/'"1ava)cript"PHP web applications" this module is designed which
includes the necessary labels" te#t,bo#es" buttons" forms and other web components.
This module attempts to discover the version of a $known% web application by
comparing static files at known locations against recomputed hashes for versions of those
files in all all available releases" scans WordPress" 0rupal" 1oomla sites for vulnerabilities"
24
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 25/46
The various sub modules available in the /),-#plorer modules areA
WordPr)'' S*n
WordPress is the world;s leading content management system. This makes it a
popular target for attackers.
!nalysis of compromised WordPress installations" shows that e#ploitation most often
occurs due to simple configuration errors or through plug,ins and themes that have not had
security fi#es applied.
WordPress )ecurity )canner tests vulnerabilities of a WordPress installation. hecks
include application security" WordPress plug,ins" hosting environment and web server. These
are the some of the features of this modulesA
• 0etects <ersion (f WordPress.
• -numerate *sers.
• -numerate Installed Plug,ins.
• -numerate installed Tim thumbs.
• -numerate Installed Themes.
• WordPress Ping,back Port )canner
• 2on,Intrusive heck..etc.
Joo4,* S*n
1oomla is one of the most popular open source content management systems and is a
common target for attackers due its popularity and the wide variety of e#tensions that are
available. These 1oomla security scans will test a site for security issues" configuration errors
and poor reputation links so administrator can get to work mitigating the vulnerabilities
before getting hacked.
These scans will test a 1oomla installation for a number of common security issues"
vulnerable modules as well as perform web reputation analysis of sites that are being linked
and sites that are hosted on the same IP address.
• 0etermine if 1oomla installation is present.
25
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 26/46
• 0etect 1oomla <ersion unning.
• 0etect known e#ploits and security vulnerabilities.
•
1oomla plug,in based firewall detection.
• *nderstand the security configuration of a 1oomla install.
• un an in,depth security test that includes plug,in and theme brute forcing
with 1oomscan
• 3et )ite 3eo,'ocation and hosting info.
Dr%/*, S*n
0rupal is one of the world;s leading content management system. It is used on a
large number of high profile sites. It is known for its security and e#tensibility. Perform a
simple 0rupal security test by filling out the following form. This module will test target
website in a non,intrusive manner and display any discovered vulnerabilities or configuration
errors.
This module acts as )ecurity )canner for 0rupal installations to &uickly identify
potential security issues" server reputation and other aspects of the web server.
• 0etect 0rupal <ersion unning.
• )can for <ulnerabilities $-numerates the modules%.
• *nderstand the security configuration of a 0rupal install.
3et )ite 3eo,'ocation and hosting info.
D)t)t CMS ")r'$on B,$ndE,)/:*nt S*n#
! Blind -lephant scan will attempt to determine the version of content management
systems and other web scripts. This is useful when assessing the security of a given web site.
0iscover the version of :7 of the most popular types of content management system
$/)% and web application utilities.
0etermine if a known vulnerable application version is in use. 0evelop an
understanding of an organizations website security maintenance and patching policies.
26
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 27/46
This scan is used to identify the version of a web applicationD the application may be a
web forum" blog or phpmyadmin. The important thing to note about these types of
applications is that there are many publicly available e#ploits for different versions of the
applications. !n e#ploit in a single small web application can be the foothold that an attacker
will capitalize on to get deeper access on the server and perhaps even compromise of an
entire organization.
)o it is vitally important that web application such as those assessed by the
Blindelephant scan are kept up to date.
Blind-lephant is a tool for fingerprinting your web application version. )ecurity
vulnerabilities in well,known web applications are a common attack vector. eeping your web applications up to date can reduce your risk of being hacked significantly.
The Blind-lephant Web !pplication 9inger,printer will try to discover the version of
a web application by comparing static files against precomputed hashes for versions of those
files in all available releases. The techni&ue is fast" low,bandwidth" non,invasive" generic"
and fairly accurate.
.1.3 N)t6or8 Too,' Mod%,)
*sing the HT/'" PHP web applications" this module is designed which includes the
necessary labels" te#t,bo#es" buttons" forms and other web components. The interface is
developed in accordance with the previously discussed functionality of the 2etwork Tool
module.
9ind IP and 02) information &uickly with this information gathering tool. -asy
access to this tool complements the in depth vulnerability scanners.
The various options available in the this module areA
DNS 9%)r$)'
By its nature e#ternal facing 02) is an open and public service" while the
information is openly available you should be aware of what information is being revealed.
)ecurity penetration testers and attackers will use information collected from 02) to e#pand
their knowledge of an organizations information technology infrastructure and from that
knowledge begin to understand the attack surface.
27
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 28/46
9or e#ample" the )P9 records that an organization can publish in order to improve
email security can also reveal the IP addresses or host,names of systems with the ability to
send email. These services can all then become targets to be assessed and attacked.
• 02) 'ookup
• everse 02) 'ookup
• Whois 'ookup
• /? 'ookup
• 02) Jone Transfer
• 9inds the )tatus (f !uthority$)(!% record in a zone file
• Brute 9orce 02)
• Trace a chain of 02) )erver to the source
IP Too,'
! web server can be configured to server multiple virtual hosts from a single IP
address. This is a common techni&ue in shared hosting environments in particular. However it
is also common in many organizations and can be an e#cellent way to e#pand the attack
surface when going after a web server.
IP 3eo location involves attempting to find the location of an IP address in the real
world. 0ue to the fact that IP addresses are assigned to organization and these are ever
changing associations it can be difficult to determine e#actly where in the world an IP address
is located. *ser can perform following operations using this tool.
• IP 3eo 'ocation
• everse IP 'ookup
• Port heck
W)( Too,'
This sub modules can be used for e#tracting header information" dumping all the
links of a website" checking validity of the links on a web page.
28
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 29/46
This module can perform the following operationsA
• 3et HTTP Header
• -#tracts links from a web page
• hecks the validity of websites links
N)t6or8 T)'t'
Perform an IP trace with mtr" an advanced trace route tool that uses multiple I/P
ping to test the connectivity to each hop across the Internet.
! ping test is used to determine the connectivity and latency of Internet connected
hosts.
*ser can perform the following actions with this toolA
• Trace route
Test Ping target to check its availability
2Ping, another utility like ping
I/P monitoring using fping
.1. In+or4*t$on G*t:)r$n0
*sing the HT/'" PHP web applications" the Information 3athering module is
designed which includes the necessary labels" te#tbo#es" buttons" forms and other web
components. The interface is developed in accordance with the previously discussed
functionality of the information gathering module.
The various options available in this module areA
In+or4*t$on G*t:)r$n0
The information gathering steps of foot printing and scanning are of utmost
importance. 3ood information gathering can make the difference between a successful
penetration test and one that has failed to provide ma#imum benefit to the client. We can say
that Information is a weapon" a successful penetration testing and a hacking process need a
lots of relevant information that is why" information gathering so called foot printing is the
29
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 30/46
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 31/46
Goo0,) H*8$n0
3oogle hacking is the term used when a hacker tries to find e#ploitable targets and
sensitive data by using search engines. The 3oogle Hacking 0atabase $3H0B% is a database
of &ueries that identify sensitive data. !lthough 3oogle blocks some of the better known
3oogle hacking &ueries" nothing stops a hacker from crawling your site and launching the
3oogle Hacking 0atabase &ueries directly onto the crawled content.
Information that the 3oogle Hacking 0atabase identifiesA
• !dvisories and server vulnerabilities
• -rror messages that contain too much information
• 9iles containing passwords
• )ensitive directories
• Pages containing login portals
• Pages containing network or vulnerability data such as firewall logs.
The easiest way to check whether your web site K applications have 3oogle hacking
vulnerabilities" is to use this tool. This tool scans entire website and automatically checks for
pages that are identified by 3oogle hacking &ueries as per dorks chosen by user.
.1.; Do4*$n Too,'
*sing the HT/'" PHP web applications" this module is designed which includes the
necessary labels" te#t,bo#es" buttons" forms and other web components. The interface is
developed in accordance with the previously discussed functionality of the 0omain Tools
module.
The various options available in the this module areA
Do4*$n $n+o
*ser can collect the following information about a domain by using this tool.
31
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 32/46
• !vailability of a domain name
• heck page rank with 3oogle
•
heck 0omain age
• 3et !le#a rank and number of back,links
• Perform whois lookup and finds sub,domains
Do4*$n Too,'
*ser can collect the following information about a domain by using this tool.
•3enerate and Test 0omain Typos
• 3enerate and )how Invalid 0omain 2ames
• 3enerate and heck 0omain Popularity with 3oogle
• Perform a whois lookup on the domain name of host
• Blacklist hecker
• Investing IP related to domain through different web based tools
The information from this tool can be used for
• Typo s&uatting
• *' hiacking
• Phishing etc.
.1.< P*5,o*d G)n)r*tor
*sing the HT/'" PHP web applications" the Payload 3enerator module is designed
which includes the necessary labels" te#t,bo#es" buttons" forms and other web components.
The interface is developed in accordance with the previously discussed functionality of the
Payload 3enerator module.
32
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 33/46
This module can be helpful in generating metasploit payload for all operating
systems available $Windows" 'inu#" !pple ()?" and !ndroid%.
The various options available in this module areA
W$ndo6' OS P*5,o*d
This module asks user to enter information like IP address and port number of
computer to connect back" name of the payload" how stealthy it should be $ if it is more
stealth then the chances of getting detected by anti,virus products are less % and asks to
choose the payload type.
Based on the user;s &uery it generates the undetectable $Bypasses most of the
popular anti,virus products% and encoded metasploit payload for Windows () $!ll <ersions%.
Ot:)r OS
This module asks user to enter information like IP address and port number of
computer to connect back" name of the package" and operating system for which payload has
to be generated.
Based on the user;s choice it generates the () specific payload. It can generate
payload for 'inu#" !pple ()? and !ndroid ().
J*-*.?*r P*5,o*d
This module asks user to enter information like IP address and port number of
computer to connect back" name of the package.
Payload generated by this tool is a 1ava.ar file. !s 1ava is a platform independent
language" this payload can affect any () which is having 1ava installed. !ffected )ystems
areA 'inu#" Windows" !ndroid and !pple ()?.
W)( ':),,
This module asks user to enter information like IP address and port number of
computer to connect back" name of the package" and type of web shell $ !)P" PHP" 1)P % for
which payload has to be generated.
33
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 34/46
Payload generated by this tool is either a !)P file" 1)P file or a PHP file. !ffected
)ystems areA websites
.1.< A%to4*t)d E&/,o$t'
*sing the HT/'" PHP web applications" the !utomated -#ploits module is designed
which includes the necessary labels" te#t,bo#es" buttons" forms and other web components.
This tool is capable of back,dooring e#e file" debian packages" pdf and automates the
process of backdooring PHP files.
The various options available in the this module areA
P*8*0).d)( B*8door
This module asks user to enter information like IP address and port number of
computer to connect back" name of the package" and allow user to choose a debian package.
This tool generates the payload and attaches it with the debian package choosen by
user and then the final package is e#ported as the name specified by user. !ffected )ystems
areA 'inu# $ 0ebian Based %.
B*8door$n0 )&) +$,)'
This module asks user to enter information like IP address and port number of
computer to connect back" name of the package" and allow user to upload an e#e file.
This tool generates the metasploit payload and attaches it with the e#e file uploaded
by user and then the final package is e#ported as the name specified by user. !ffected
)ystems areA Windows () $!ll <ersion%.
PDF B*8door
This module asks user to enter information like IP address and port number of
computer to connect back" name of the package" and allow user to upload a pdf file.
This tool generates the metasploit payload and attaches it with the pdf file uploaded
by user and then the final package is e#ported as the name specified by user. !ffected
)ystems areA !dobe P09 eader
.2 TESTING
34
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 35/46
)oftware testing is an investigation conducted to provide stakeholders with
information about the &uality of the product or service under test. )oftware testing can also
provide an obective" independent view of the software to allow the business to appreciate
and understand the risks of software implementation. Test techni&ues include" but are not
limited to the process of e#ecuting a program or application with the intent of finding
software bugs $errors or other defects%.
)oftware testing can be stated as the process of validating and verifying that a
computer program+application+productA
• /eets the re&uirements that guided its design and development"
• Works as e#pected"
•
an be implemented with the same characteristics"• )atisfies the needs of stakeholders.
In order to fully test that all the re&uirements of an application are met" there must be at
least two test cases for each re&uirementA one positive test and one negative test. If a
re&uirement has sub,re&uirements" each sub,re&uirement must have at least two test cases.
eeping track of the link between the re&uirement and the test is fre&uently done using a
traceability matri#. Written test cases should include a description of the functionality to be
tested" and the preparation re&uired to ensure that the test can be conducted. .
The basic obective of writing test cases is to validate the testing coverage of the
application. If you are working in any //I company then you will strictly follow test cases
standards. )o writing test cases brings some sort of standardization and minimizes the ad,hoc
approach in testing.
.2.1 S*nn)r Mod%,)
Table 7.: Test cases for )canner module
S.
No
T)'t C*')
N*4)
T)'t C*')
Pro)d%r)
E&/)t)d
R)'%,tO(t*$n)d R)'%,t
St*t%'
P*''@
F*$,#
35
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 36/46
:.-mpty *'
fields
'eave all the te#t
fields in the form
blank
The form does
not get submitted
! Pop,*p appears
stating *' is emptyPass
5. esult PagePress the start
button
esult page
should appear
esult page appears
with loading animation
in between form and
tool 0escription
Pass
6. esetPress the reset
button
*' field should
be cleared.*' field cleared Pass
7.Passing values
to the server
-nter valid values
in all the te#t
fields and press
submit
The values
should be passed
to the server
The values are passed
to the server.Pass
8.
)electing
fields from
side menu list
)elect a module
from side menu
list
elated page
should be loaded
! page related to that
modules gets loadedPass
=.
)electing
Hide+)how in
side bar
lick hide+show
te#t in left side
)ub modules of
module should
hide+show
In case of hide" sub
modules hide and only
)canner module name
is visible
.2.2 CMS7E&/,or)r Mod%,)
S.
No
T)'t C*')
N*4)
T)'t C*')
Pro)d%r)
E&/)t)d
R)'%,tO(t*$n)d R)'%,t
St*t%'
P*''@
F*$,#
36
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 37/46
:.-mpty *'
fields
'eave all the te#t
fields in the form
blank
The form does
not get submitted
! Pop,*p appears
stating *' is emptyPass
5.
-mpty
Pingback port
in wordpress
'eave the te#t
fields in the form
for pingback port
blank
The form does
not get submitted
! Pop,*p appears
stating pingback port is
empty
Pass
6. esult PagePress the start
button
esult page
should appear
esult page appears
with loading animation
in between form and
tool 0escription
Pass
7. esetPress the reset
button
*' field should
be cleared.*' field cleared Pass
8.Passing values
to the server
-nter valid values
in all the te#t
fields and press
submit
The values
should be passed
to the server
The values are passed
to the server.Pass
=.
)electing
fields from
side menu list
)elect a module
from side menu
list
elated page
should be loaded
! page related to that
modules gets loadedPass
>.
)electing
Hide+)how in
side bar
lick hide+show
te#t in left side
)ub modules of
module should
hide+show
In case of hide" sub
modules hide and only
)canner module name
is visible
Table 7.5 Test cases for /),-#plorer /odule
.2.3 N)t6or8 Too,' Mod%,)
S.
No
T)'t C*')
N*4)
T)'t C*')
Pro)d%r)
E&/)t)d
R)'%,tO(t*$n)d R)'%,t
St*t%'
P*''@
F*$,#
37
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 38/46
:.-mpty *'
fields
'eave all the te#t
fields in the form
blank
The form does
not get submitted
! Pop,*p appears
stating *' is emptyPass
5. esult PagePress the start
button
esult page
should appear
esult page appears
with loading animation
in between form and
tool 0escription
Pass
6. esetPress the reset
button
*' field should
be cleared.*' field cleared Pass
7.Passing values
to the server
-nter valid values
in all the te#t
fields and press
submit
The values
should be passed
to the server
The values are passed
to the server.Pass
8.
)electing
fields from
side menu list
)elect a module
from side menu
list
elated page
should be loaded
! page related to that
modules gets loadedPass
=.
)electing
Hide+)how in
side bar
lick hide+show
te#t in left side
)ub modules of
module should
hide+show
In case of hide" sub
modules hide and only
)canner module name
is visible
Pass
Table 7.6 Test cases for 2etwork Tools /odule
.2. In+or4*t$on G*t:)r$n0 Mod%,)! Do4*$n Too, Mod%,)
S.
No
T)'t C*')
N*4)
T)'t C*')
Pro)d%r)
E&/)t)d
R)'%,tO(t*$n)d R)'%,t
St*t%'
P*''@
F*$,#
38
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 39/46
:.-mpty *'
fields
'eave all the te#t
fields in the form
blank
The form does
not get submitted
! Pop,*p appears
stating *' is emptyPass
5. esult PagePress the start
button
esult page
should appear
esult page appears
with loading animation
in between form and
tool 0escription
Pass
6. esetPress the reset
button
*' field should
be cleared.*' field cleared Pass
7.Passing values
to the server
-nter valid values
in all the te#t
fields and press
submit
The values
should be passed
to the server
The values are passed
to the server.Pass
8.
)electing
fields from
side menu list
)elect a module
from side menu
list
elated page
should be loaded
! page related to that
modules gets loadedPass
=.
)electing
Hide+)how in
side bar
lick hide+show
te#t in left side
)ub modules of
module should
hide+show
In case of hide" sub
modules hide and only
)canner module name
is visible
Pass
Table 7.7 Test cases for Information 3athering /odule and 0omain Tool /odule
.2.; P*5,o*d G)n)r*tor Mod%,)
S.
No
T)'t C*')
N*4)
T)'t C*')
Pro)d%r)
E&/)t)d
R)'%,tO(t*$n)d R)'%,t
St*t%'
P*''@
F*$,#
39
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 40/46
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 41/46
:.
-mpty IP"Port"
package name
fields
'eave all the
9ield in the form
blank
The form does
not get submitted
! Pop,*p appears
stating IP is emptyPass
5. esult PagePress the start
button
esult page
should appear
esult page appears
with loading animation
in between form and
tool 0escription
Pass
6. esetPress the reset
button
*' field should
be cleared.*' field cleared Pass
7.Passing values
to the server
-nter valid values
in all the te#t
fields and press
submit
The values
should be passed
to the server
The values are passed
to the server.Pass
8.
)electing
fields from
side menu list
)elect a module
from side menu
list
elated page
should be loaded
! page related to that
modules gets loadedPass
=. *pload *pload a file
9ile should be
uploaded and a
message should
be generated in
result section
9ile uploaded and
checked in the upload
directory
Pass
Table 7.= Test cases for !utomated -#ploits module
CHAPTER ;
CONCLUSION AND FUTURE SCOPE
;.1 CONCLUSION
Web based penetration testing lab is a web interface of various command line tools
along with some of its uni&ue features.
41
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 42/46
The Web interface is very powerful and general and makes it a easy to use it
efficiently. It provides an effective way for the penetration testers to test a network or website
or system. Thus the Web based penetration testing lab is being developed in PHP and the
above mentioned concepts are being implemented successfully.
;.2 FUTURE SCOPE
This interface will make the penetration testing much easier than before.It can also be
used for educational purpose to teach students the basics of penetration testing and to make
them aware about various tools and techni&ues to secure a system. It can be e#tended in the
future by adding any latest tool in the proect.
APPENDIX A
SAMPLE SOURCE CODE
<?php
if(isset($_POST['su!it'"##
42
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 43/46
$ip%$_POST['ip'"&
$pt%$_POST['pt'"&
$p)*%$_POST['p)*'"&
$+%$_POST['+'"&
$s%$_POST['s'"&
if($ip%%'',,$pt%%''#
e+h -<s+ipt tpe%'te/ts+ipt'$.!s*(fe 500feOut 500*Pth ':*s' +tet ';u e t etee ts
+e+t:...'=#&<s+ipt-&
=
e:se
e>uie_+e ':i*.php'
she::(--#&
she::(-su sh +!pss.sh $+ $ip $pt e/p:its$p)* $s-#&
e/e+(-su +!:iu/she::+ee/e+./32 e/p:its$p)*-#&
e/e+(-su +!:iu/she::+ee/e+./64 e/p:its$p)*-#&
e/e+(-su +h! 777 e/p:its$p)*-#&
e/e+(-su ip e/p:its$p)*.ip e/p:its$p)*-#&
e/e+(-su ip utu$p)*.ip utuutu.i+
utuutu.if utu$p)* -#&
e+h '<p<P: @A*uti<<p'&
43
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 44/46
e+h'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'
&
e+h '<p<COST< DD'.$ip.'<p'&
e+h '<p<CPOET< DD'.$pt.'<p'&
e+h '<p<PF@GFHI JFKI< DD'.$p)*.'<p'&
e+h '<p<PF;COFL< DDMiMsshe::_eese_t+p<p'&
e+h '<p<FNFCFCI OE LOQJCOFL i efu:t f!t R< DD<
hef%e/p:its'.$p)*.'@:i+) hee<'&
e+h '<p<FNFCFCI OE LOQJCOFL i ip f!t R< DD<
hef%e/p:its'.$p)*.'.ip@:i+) hee<'&
e+h '<p<FNFCFCI OE LOQJCOFL utu A::es i ip f!t R<
DD< hef%utu'.$p)*.'.ip@:i+) hee<'&
e+h '<p<FI@TIL S;STIKS FEI< DDQiMs OS<p'&
e+h'<pBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
BBBBB<p'&
e+h '<Jte<;u + se this p+)*e t i+ti! s+i:
e*ieei* te+hi>ues '&
e+h '<p<T stt :istee +p pste this +e i t u
te!i:<<p'&
e+h 'su !sf+:i e/p:it!u:tih:e PF;COFL%'.$+.' COST%'.$ip.' CPOET%'.
$pt.' I'&
e+h -<s+ipt tpe%'te/ts+ipt'$.!s*( fe 500feOut
500 *Pth ':*s' +tet '-.$p)*. -Heete Su++essfu::P:ese efe
esu:t se+ti fte this !ess*e'=#&<s+ipt-&
APPENDI B
SCREEN SHOTS
44
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 45/46
S+ee Sht 1 S+e p*e
45
8/18/2019 web service report
http://slidepdf.com/reader/full/web-service-report 46/46
S+ee Sht 2 S+e Eesu:t P*e
S+ee Sht 3 QiMs P:
REFERENCES
M:N obin 2i#on" Learning PHP, MySQL & JavaScript " .
M5N Elliot White, O PHP the complete Reference 9ebruary :F@@
M6N 'uke Welling K 'aura Thomson" PHP and /y)4' Web 0evelopment 9ourth -dition.
M7N Thomas !. Powell" The Complete Reference !J!" .
M8N 1on 0uckett" #eginning HTML, "HTML,CSS, an$ JavaScript .
M=N M(nlineN httpA++ phpfreaks.com
M>N MonlineN httpA++www.w6schools.com
M@N MonlineN httpA++www.php.net
MFN MonlineN PHP 9" httpsA++wiki.php.net+rfc