Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

This lesson talks about automated types of discovery and teaches participants about the gollowing variants and where to find them: 1. VEGA: Freeware and GUI-based found on KALI 1 and 2 2. SQLMAP: Freeware and CMD line based found on KALI 1 and 2 3. NMAP: Freeware and CMD line based found on KALI 1 and 2 4. ZAP: Freeware and GUI-based found on KALI 1 and 2 5. ARACHNI: Freeware and GUI-based found via the Arachni Scanner web site 6. BurpSuite: Freeware and GUI-based found on portswigger.net This lesson specifically focuses on VEGA and offers participants step-by-step instruction in how to use it.

Video Transcription

00:04
the other form of discovery where you are going to
00:06
discuss here is automated a lot of awesome tools out there that will fuzz different Web applications to find
00:15
these vulnerabilities for you.
00:17
So we're gonna talk about a couple of them here that you could give free.
00:21
Vega's gooey based freeware found on Callie Callie, too.
00:25
Sequel mapas command line base and it's also free and found Kelly Kelly, too.
00:30
And map is also command line based.
00:32
Again. Bring us on Callie
00:35
Zap or the WASP zit Attack Proxy
00:39
is Gu ae base, and that can be found on the operating system as well.
00:43
Recognize, gooey based, However, you have to download it from the Iraq. My scanner website,
00:48
which we should you should have done earlier when we were setting up the environment. And then finally,
00:54
Barb suite is gooey. Basically, purchase from ports were Don't expect anybody actually purchase breath Sweet for this class. Burp suite is a
01:03
$300 program. However, there is a free version of burbs sweet on there
01:10
that does everything except the actual scanner portion of the of the program. So let's hop on the Cali and check out how Vega operates. All right, so here we are in our Callie to environment.
01:25
And remember, you will have to goto applications Web application, analysis and then click Vega in order to get the tool operational.
01:33
We'll take a second for pop up, but once it does, it'll be good to go.
01:38
We have our
01:42
V EMS network properly. See it because we were able to browse to the pen Tester Lab's website.
01:49
Now, in order to scan
01:52
with Vega, you will click new scan
01:55
well, starting to scam,
01:56
and then you'll want to enter the address
02:01
of what you'll be scanning.
02:06
Then in here, you want to select your different type of modules that you'll be scanning for,
02:12
so
02:14
we want to be scanning first. People injection.
02:16
So let's turn everything off.
02:20
Let's scroll down here and
02:22
find all of our
02:24
sequel injection. So there's some blind sequel here.
02:30
Scroll down further. Make sure we did.
02:32
You don't miss anything.
02:44
Here we go. Buy a sequel. Injection. Missed that one.
02:52
All right,
02:53
and click next.
02:54
Now. If you had an identity, you want to sign in as
03:00
that's where he would select here. You would have to set the identity up
03:04
in the configuration of Vega if you wanted to, but we don't need an identity
03:09
to skin site. As for the sequel injection,
03:15
have there any special parameters that you want to exclude? This is where you would
03:20
put those parameters. So if there's anything that might be sensitive on your network that you don't want getting fuzzed
03:27
um, that's where you put this at.
03:30
Now the scans gonna kick off here
03:34
and up here, we can see that some spider ring has been done.
03:38
So we see the address of 19268 11 And these air some links that were found
03:46
by Vega and it attempted toe spider out to them, however, says we're not connected.
03:53
It wasn't a successful with attempting despite her. If it was successful, you would see a whole lot like this here.
04:01
That is one reason why
04:02
we want to be careful with
04:05
how were performing our scans environment wise because anything that we spider could reach out and touch and, you know, continue aspiring other things that we might not have permission to might look like an attack.
04:21
So let's give Vegas sometime heydar scan
04:30
no rain,
04:33
no scan is complete, and we see that.
04:36
Well, we have some sequel injection vulnerabilities here.
04:41
Let's come over to our scan alerts.
04:43
Drop it down. We see the I p. Address of the
04:46
the server, that website that we were scanning here
04:49
drop down again. Siarhei results. If there was anything else that was medium or low, this will be listed here,
04:57
man.
04:58
Here we have all of our web pages that are,
05:00
you know,
05:01
supposed toe have sequel injection vulnerabilities. And we know for a fact that they do because that's all the lab is designed.
05:09
So come over here,
05:11
click on example one.
05:13
And it gives us this nice low breakdown here, so
05:16
gives us real quick
05:18
the resource parameter that was used the method, So get methods. Oh,
05:25
that's how it performed the sequel injection
05:28
the risk here,
05:30
and it shows the exact request that was sent.
05:34
You see here in the request Ah, the escape characters that we had talked about earlier. They're being used
05:43
if we go further down.
05:46
They're so
05:47
discussion about the sequel injection vulnerability, The impact of it in the remediation
05:55
and as well as some references, is fortunately, report is awesome
05:59
because it helps you write your report very easily. So if you're a person who you're creating a report for doesn't really care about the impact. But once remediation, you give them these kind of remediation tabs, you know?
06:15
So it's very good free toilet you can use here.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor