Professional Documents
Culture Documents
Who Am I ?
Rungga Reksya Sabilillah
Certified Risk Management 1st / BSMR (2010) S1 – Teknik Informatika (2005 – 2009)
Teacher of TIK SDIT (2007)
Certified Ethical Hacking / CEH (2013) S2 – Manajemen Sistem Informasi (2011-2013)
Assistant IT Lab (2008-2009)
IT Support Lead Auditor ISO 27001 (2013)
Lead Auditor ISO 20000 (2014) Wushu Athletes at The PORDA II Banten (2006)
IT Auditor at Conventional Bank
Security Analyst / ECSA (2015) Leader of Wushu Gunadarma (2007-2008)
IT Auditor at Islamic Bank
Security and Infrastructure Auditor at Media Security Certified Professional / OSCP (2015)
IT Consultant Certified Network Defender / CND (2016)
Lead Auditor ISO 22301 (2017) rungga_reksya
4
https://techlog360.com/top-15-favourite-operating-systems-of-hackers/ rungga_reksya
5
rungga_reksya
6
Introduction
rungga_reksya
7
831 817
40% Web App Attacks Hacking - Use of Social - Phishing
stolen credential
817 812
23% POS Intrusions
Hacking - Use of Malware – Spyware /
backdoor or C2 Key logger
Percentage (blue bar), and count of breaches per pattern. The gray Top 10 Threat action varieties within Web App
line represents the percentage of breaches from the 2015 DBIR. Attack breaches, (n=879)
(n=2,260)
rungga_reksya
8
rungga_reksya
9
Payment
POS
Use of Stolen Terminal
Credential
rungga_reksya
10
Confidentiality
C
Integrity I A Availability
rungga_reksya
Information Security Look Like Football 11
rungga_reksya
12
rungga_reksya
13
SUCCESSFUL
Reporting RESULT
Exploitation
http://resources.infosecinstitute.com/penetration-testing-methodologies-and-standards/ rungga_reksya
14
PENETRATION
BLACKBOX WHITE BOX
TESTING
GRAY
BOX
rungga_reksya
15
Framework
Penetration Testing
rungga_reksya
16
2010-A2 – Cross Site Scripting (XSS) 2013-A2 – Broken Authentication and Session Management
2010-A3 – Broken Authentication and Session Management 2013-A3 – Cross Site Scripting (XSS)
2010-A4 – Insecure Direct Object References 2013-A4 – Insecure Direct Object References
2010-A7 – Insecure Cryptographic Storage 2013-A7 – Missing Function Level Access Control
2010-A8 – Failure to Restrict URL Access 2013-A8 – Cross-Site Request Forgery (CSRF)
2010-A9 – Insufficient Transport Layer Protection 2013-A9 – Using Known Vulnerable Components (NEW)
2010-A10 – Unvalidated Redirects and Forwards (NEW) 2013-A10 – Unvalidated Redirects and Forwards
§ Added New 2013-A9: Using Known Vulnerable Components § 2010-A8 broadened to 2013-A7
rungga_reksya
17
Exploit Database
36845 Exploit Archieved, 82454 CVE ID, 3000 Modules on Metasploit, etc.
1 2 3 4
Common
Exploit DB Packet Storm Rapid 7
Vulnerabilities
& Exposures
https://www.exploit-db.com https://packetstormsecurity.com https://cve.mitre.org https://www.rapid7.com/db/
modules
rungga_reksya
18
rungga_reksya
19
Information Gathering
The Object of Penetration Testing
Information Gathering
The Object of Penetration Testing
XSS
SHELL
Login to Upload
Phishing APP File
PWN
SVR
rungga_reksya
22
NMAP Features
Closed:
Open:
This indicates that the
This indicates that an
application is listening for 1 2 probes were received but
there is no application
connections on this port.
listening on this port.
NMAP Features
Target
(192.168.1.0/24)
ü Host Discovery
ü Service/Version Detection
ü Operating System Detection
ü Network Tracerouter
ü Nmap Script Engine
P
IP Pentester
(10.0.0.10)
rungga_reksya
24
How it Works
Service detection is one of the most loved features of Nmap, as it's
Service Detection very useful in many situations such as identifying security
vulnerabilities or making sure a service is running on a given port.
# nmap -sV –-version-intensity 9
Finding Live Finding live hosts in a network is often used by penetration testers
to enumerate active targets, and by system administrators to count
Hosts or monitor the number of active hosts.
# nmap -sP 192.168.1.1/24
rungga_reksya
25
80
53 25
http
21 domain smtp
ftp
1433
22 445 8080
3389 mssql
ssh remote smb tomcat
5432 8009
3306
23 mysql postgresql ajp13
telnet
Common
rungga_reksya
90%
HASH
IDENTIFICATION
ONLINE
PASSWORD HASH HACKING
90%
HASH
IDENTIFICATION
ONLINE
PASSWORD HASH HACKING
28
Cheat Sheet
rungga_reksya
29
Case Study
Turn on Your VM:
- Target: 192.168.1.2
- Kali Linux: 192.168.1.3 (root::toor)
SHELL
DUMP
NET
NIKTO USER
PHP
MYADMIN
SEARCH
PLOIT
rungga_reksya
So You Want to be a Penetration Tester
Feeling
Experience
Untiring
Lucky
rungga_reksya
31
rungga_reksya