Home > Articles

This chapter is from the book

This chapter is from the book

Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security AuditsPenetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits

Learn More Buy

This chapter is from the book

This chapter is from the book

Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security AuditsPenetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits

Learn More Buy

Test Your Skills

Multiple Choice Questions

  1. Which of the following is an automated general vulnerability assessment tool?

    1. Nmap

    2. Nessus

    3. OWASP ZAP

    4. Wireshark

  2. Which of the following commands will cause Aircrack to dump the contents of a wireless access point with a bsssid 00:01:02:03:04:05?

    1. airodump-ng -c 11 --bssid 00:01:02:03:04:05 -w dump interface

    2. airodump-ng -c 11 --bssid 00:01:02:03:04:05 dump interface

    3. airodump-ng --bssid 00:01:02:03:04:05 -w dump interface

    4. airodump-ng -c 11 --bssid 00:01:02:03:04:05 -w dump

  3. What will the tcpdump -i eth0 command do?

    1. Dump all packets except for those on eth0

    2. Dump all packets regardless of interface

    3. Dump all packets on eth0

    4. Dump all packets that include the string eth0

  4. Which of the following is a web application vulnerability scanner?

    1. OWASP ZAP

    2. Wireshark

    3. tcpdump

    4. Nessus

  5. Which of the following scanners is available for Macintosh computers?

    1. tcpdump

    2. MBSA

    3. OWASP ZAP

    4. Vega

Projects

While it is not a crime to scan anyone’s network, people tend to find it unfriendly. It is best to scan your own home or class lab network. Doing this at work is usually not a good idea, unless you have permission from your boss.

Project 1: MBSA

Microsoft Baseline Security Analyzer is not the most robust vulnerability analyzer but it does work well in Microsoft environments, and it is free to download at https://www.microsoft.com/en-us/download/details.aspx?id=7558.

Download and install it. Choose Scan a computer (see Figure 8-22), and scan your own computer (see Figure 8-23). Address any issues it finds.

FIGURE 8-22

FIGURE 8-22 MBSA.

FIGURE 8-23

FIGURE 8-23 MBSA Results.

Project 2: OWASP ZAP

In this project, you will actually use OWASP ZAP to find vulnerabilities in a website.

  1. Download and install OWASP ZAP, available at https://github.com/zaproxy/zaproxy/wiki/Downloads.

  2. Launch OWASP ZAP; you can use Windows or Kali Linux.

  3. Select a target (you can use www.chuckeasttom.com if you want).

  4. Click Attack.

  5. Review the results.

Project 3: Download Wireshark

First install Wireshark on your computer. It is a free download from https://www.wireshark.org/. Then follow these steps:

  1. Configure Wireshark to trap traffic on your network, using promiscuous mode (default) with no capture filters.

  2. Open your browser and surf to a few sites. Perhaps send an email.

  3. When you have about 2,000 packets, stop the capture.

  4. Pick one or two packets at random. Expand them and look at the headers (TCP, IP, and Ethernet). Can you identify the MAC address? IP address? Port? Protocol? Repeat this a few times until you are comfortable reading packet headers.

  5. Identify an IP address that appears frequently in your capture.

  6. Apply a view filter to only capture that IP address (see Figure 8-24).

    FIGURE 8-24

    FIGURE 8-24 Wireshark View Filters.

  7. Remove the filter.

  8. Use TCP Stream to follow your communication with some website you visited when you were capturing (see Figure 8-25).

    FIGURE 8-25

    FIGURE 8-25 Wireshark Follow TCP Stream.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.