Questions tagged [penetration-test]

An attempt to penetrate a system's security in an effort to evaluate the protections in place.

Penetration testing simulates an attack by a malicious party. It involves a scan and assessment of vulnerabilities, followed by exploitation of found vulnerabilities to gain further access. Using this approach will result in an understanding of the ability of an attacker to gain access to confidential information, affect data integrity or availability of a service and the respective impact. Each test should be approached using a consistent and complete methodology in a way that allows the tester to use their problem-solving abilities, the output from a range of tools and their own knowledge of networking and systems to find vulnerabilities that would/ could not be identified by automated tools. This approach looks at the depth of attack as compared to the Security Assessment approach that looks at the broader coverage.

Useful Resources:

1261 questions
306
votes
7 answers

Is it normal for auditors to require all company passwords?

My company is currently engaged in a security audit framed as a pentest. They've requested all admin passwords for every one of our services and all source code of our software. They want logins for Google Apps, credit card processors, GitHub,…
Zachary Iles
  • 2,181
  • 2
  • 10
  • 9
241
votes
12 answers

Is single quote filtering nonsense?

Penetration testers found out that we allow single quotes in submitted data fields, and want us to apply rules (input validation) to not allow them in any value. While I'm aware that single quotes are popular for SQL injection attacks, I strongly…
Peter Walser
  • 1,781
  • 2
  • 11
  • 9
179
votes
9 answers

Can webcams be turned on without the indicator light?

I've made a series of penetration tests in my network and one of the things I've tried was to record webcam and microphone. Recording an end-user's microphone seems to be a stealth thing, but what about the webcam? In my tests, the indicator is…
user4610
132
votes
2 answers

What to do if caught in a physical pentest?

I've seen a lot of people talk about how to pentest and how NOT to get caught during engagements but have a hard time finding "How to behave when caught during a Red Team engagement". Red Teams are to simulate adversaries attacking systems. Many…
ChocolateOverflow
  • 3,452
  • 4
  • 17
  • 34
121
votes
8 answers

Is it acceptable that a skilled professional pentester deletes or modifies sensitive data in production unintentionally during a pentest?

Today I experienced a situation where a person responsible for the security of a company required a pentesting company to withdraw a clause in the contract that says that: "during the pentest there exist the possibility to delete or modify…
kinunt
  • 2,759
  • 2
  • 23
  • 30
97
votes
7 answers

How does hacking work?

I am specifically talking about web servers, running Unix. I have always been curious of how hackers get the entry point. I mean I don't see how a hacker can hack into the webpage when the only entry method they have into the server is a URL. I must…
user7360
93
votes
7 answers

Script Kiddies - how do they find my server IP?

I've set up a site on Digital Ocean without a domain yet, so there is only the IP. Despite telling no-one of its existence or advertising it, I get hundreds of notices from fail2ban that various IP's are trying to hack my SSL port or are looking for…
microwth
  • 2,101
  • 2
  • 14
  • 19
71
votes
6 answers

Do actual penetration testers actually use tools like metasploit?

I've played around with metasploit simply as a hobby but am wondering if actual pentesters and/or hackers actually use metasploit to get into systems or do they write their own post exploitation modules or their own programs entirely? Reason I ask…
shawn
  • 813
  • 1
  • 7
  • 6
63
votes
16 answers

What tools are available to assess the security of a web application?

What tools are available to assess the security of a web application? Please provide a small description of what the tool does. Update: More specifically, I'm looking for tools that assume no access to the source code (black box).
62
votes
6 answers

At what point does "hacking" become illegal? (US)

Hypothetical situation: before I hire a web development company I want to test their ability to design secure web apps by viewing their previous client's websites. Issue: this situation raises a big red flag: with regards to viewing a website, what…
Moses
  • 2,137
  • 2
  • 20
  • 23
61
votes
4 answers

I think I accidentally DoS'd a website. What should I do?

I was browsing a website, and stumbled across a sample scheme for password-protecting web pages. The owner of the website specifically had a page that invited people to attempt to hack it. I wanted to give it a try, so I wrote up a quick python…
Michael0x2a
  • 721
  • 1
  • 5
  • 9
60
votes
7 answers

Testing for HTTP TRACE method

How can I test for HTTP TRACE on my web-server? I need to train a Tester how to verify that the HTTP TRACE method is disabled. Ideally I need a script to paste into Firebug to initiate a https connection to return the web server response to a HTTP…
Andrew Russell
  • 3,633
  • 1
  • 20
  • 29
55
votes
13 answers

What makes it illegal to use the information learned by exploiting a bug?

According to news reports, arrests have already been made in relation to the Heartbleed bug. It sounds like this person managed to gain access to the website's database by capturing the credentials the app used to access the database. This person…
53
votes
9 answers

How should I tell school that they are vulnerable when I wasn't given permission to check?

I would like to report security weaknesses to my school in UK. I had managed to find security weaknesses without any exploits or other software or hardware. I had look at similar question however problem is that it is very likely to find out that it…
vakus
  • 3,743
  • 3
  • 20
  • 32
50
votes
5 answers

New XSS cheatsheet?

There is a great list of XSS vectors avaliable here: http://ha.ckers.org/xss.html, but It hasn't changed much lately (eg. latest FF version mentioned is 2.0). Is there any other list as good as this, but up to date?
naugtur
  • 1,095
  • 2
  • 12
  • 15
1
2 3
83 84