DD-WRT Forum: : View topic - HOWTO: REPEATER MODE in atheros
Aaaron Special thanks to www. Zipped Application Bundle - right-click and Open for the first time; Running. My word list is compiled from all known & some unknown internet sources such as: 1. openwall 2. coasts password collections. Wireless (Wifi) WEP WPA WPA2 Key Generator. OS X El Capitan before v10.11.6 and Security Update 2020-004, a validation issue existed in the parsing of 407 responses. Synopsis, cast information, and user reviews.
Penetration Testing 2020
Pen testing is also known as ¨ethical hacking¨. The use of the term began after 1986, when the Computer Fraud and Abuse Act (CFAA), specified that particular ethical hacking techniques were only allowed under a contract between the hacker, and client organization. This Act made it a federal crime to access a protected computer without proper authorization.
In 1995, John Patrick of IBM coined the term officially. Nevertheless, it wasn’t until 2003 when the Open Web Application Security Project (OWASP) published its Testing Guide, defining industry's first set of best practices. The pentesting became a formal procedure. There are several professional certifications for pen-testers, such as Offensive Security Certified Professional (OSCP) and GIAC Web Application Penetration Tester (GWAPT).
Best Penetration Testing Tools in 2020
The list is not comprehensive; it displays, in our opinion, the six most popular tools so far.
1.Kali Linux: Kali is the default pentesting operating system for most use cases. It is a Debian-based Linux distribution with more than 600 pre-installed tools such as Reverse Engineering, Nmap, Forensics, and Penetration Testing.
The last version 2019.4 added the ability to execute PowerShell scripts directly on Kali, a modern and more functional desktop, an undercover mode that makes Kali looks like a Windows desktop. The new version features the NetHunter Kex, making it possible to run Kali from an Android phone. With a strong enough phone, you can have a portable ARM desktop in your pockets.
Kali experimented with a significant change in 2020. The developers announced that as a part of an evaluation of Kali tools and policies, they decided to move Kali to a traditional default non-root user model. For years Kali used the default root user policy inherited from BackTrack.
The developers claim that the number of tools requiring root access has dropped over the years because several applications and services have been configured to forbid their usage as the root user.
This element, joint to the fact that many users started to run Kali as their day to day operating system, made the default root policy less useful. Dropping the default root policy will also simplify the Kali maintenance, and avoid problems for the end-users.
The users will have a better security model to operate while performing assessments. However, some tools like Nmap require root access to conduct a syn scan, which uses raw sockets to identify the open ports.
2.Nmap: A free and open-source network scanner or network mapper. It scans the most popular TCP/UDP 1000 ports, and detects if they are opened, closed, or filtered. The 7.80 version was released last year in August and provided 598 NSE scripts. Nmap finally created its Npcap raw packet capturing/sending driver, using Microsoft Winpcap as a base. The new driver uses modern APIs, and it is more secure, faster, and stable. Even Wireshark switched to Npcap recently because Wincap has been discontinued.
3.Wireshark: It is the world's widely-used network protocol analyzer. In January 2020 was released the 3.2.1 version, featuring capabilities such as:
· In-depth inspections of hundreds of protocols, with more being added frequently.
· Multi-platform runs on Windows, Linux, Mac, Solaris, FreeBSD, and others.
· VoIP analysis, Read/Write many different formats compressed or uncompressed
· Decryption support for IPsec, SSL/TLS, and WPA/WPA2
4.Metasploit: The world's most used penetration testing framework, as its website claims. It includes web application exploits, buffer overflow, and code injection. The pro version offers automated and manual exploits. The latest release in January 2020, is the 4.17.0, and it uses the new Metasploit Framework 5.0 featuring:
· Compatibility with Python 3 codes.
· Additional exploit modules for Linux privilege escalation, and web application vulnerabilities
· Support for macOS in the web delivery module.
· The module PR 12391 allows a user to inject arbitrary shellcode into the memory of an existing process on Windows.
Metasploit it is an open-source project with commercial support from Rapid7, which provides Metasploit developers with near real-time information about the exploitation of vulnerabilities, for different products. Rapid7 collects updated information from the project Heisenberg, a honeynet consisting of over 240 nodes in 6 continents.
5.John the Ripper: It is a free and open-source password-cracker, available for Unix, Windows, DOS, and OpenVMS. It is distributed primarily in source code form, but the Pro version, on the contrary, is meant to be easier to install and use, and is distributed in packages. Its primary purpose is to detect weak Unix passwords and is meant for offline password cracking.
The last year 2019 was released the 1.9.0-jumbo-1 version, providing optimizations for faster handling of large password hash files (until hundreds million hashes)
6.Burp Suite: The best-of-breed toolkit for hands-on web penetration testing, like its website, declares. There is a free version, including the essential manual tools. The Professional suite is priced at $399 per user, per year, and the Enterprise Edition starts at $3,999.00 per year. The Burp Suite Enterprise Edition and Burp Suite Professional contain the Burp Scanner. Some Burp competitors like Nessus and UTMStack offer reliable and less expensive products.
This expensive tool can perform scheduled scans across thousands of sites, prioritizing the most severe threats. The last release includes:
· Improved APIs – Better integration with external systems and other automated use cases.
· Cloud friendly –Easy installation into cloud environments, auto-scaling of resources to support scan workloads, and hourly metered licensing.
· Enterprise integrations –Integration with popular platforms for user management (including Active Directory) and issue tracking (including GitHub and Team Foundation Server).
· Updated User interface – Improved HTTP message editor. Upgraded workflows for in-place encoding, analysis, and other everyday tasks.
· HTTP/2 Support – Support core features of HTTP/2, first in Burp Proxy, and then in other applicable tools. It expands the attack area, accelerating the work of automated tools like Burp Intruder and Scanner.
· Updated Payloading –New payload types, new options for payload placement, more productive analysis of attack results, and incremental saving of data.
· Recorded Login sequences –Burp Scanner lets users record login sequences using their browsers. It improves coverage and accuracy over simply configured credentials.
Penetration Testing Risks
An ethical hacker could be precisely the opposite. Companies have to be careful and hire only honest and credentialed Vendors. If penetration testing professionals don't have the appropriate training and experience, the attempts to access a system could cause the same damage as a real attack: sensitive data loss, servers crashing, and corrupted systems.
Best practices before running Pentesting.
· Prevention: Before testing, the organization must create a Backup Plan and a fast-response team. It is vital to determine which parts of the IT infrastructure will be tested, avoiding obsolete hardware, and applications that could cause failure. During the testing, it is necessary to avoid non-scheduled interruptions on services and processes.
· Confidentiality: The use of Confidentiality and Clearing Agreements is imperative; establishing what sort of data can be processed. After finishing, it is advisable to change all Access codes, as well as prohibit any interaction with databases and email services.
· Integrity and Responsibility: It is forbidden for pen-testers
· Deployment of back doors, bots, trojans, or rootkits.
· Remove, modify, or disable any record or log file.
· Alter the original penetration tools configuration.
· Eliminate or hide the penetration testing traces.
The use of pen testing with ethic and responsibility can provide invaluable intelligences about the risks and vulnerabilities. That information is a valuable tool to assess the security strategy conducted by any organization.
submitted by PrestigiousWorker763