Penetration testing with PHP and Linux
https://stackoverflow.com/questions/10633651
-
09-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
For research purposes I've recently modified Debian sources for the Linux Apache2 PHP5 stack and now I'd like to do some security penetration testing.
In particoular I modified the PHP5 core overriding system libc6 calls, the SuEXEC Apache wrapper and clamdscan daemon.
I'm trying some exploits, such as C99 madShell, ircBots, Mempodipper etc. But I think that are tools just for newbies (in fact I'm not really a security expert).
Can someone suggest me on how to do effective and evil pentests?
Solution
Probably more of a question for https://security.stackexchange.com/ and they've loads comments/answers on pen testing.
To be honest, the answer to your question could go on forever but here are a few documents and links on effective pen-testing.
Presuming you want to do legitimate pentests and have permission to do the pentest (very important to get written sign-off, I can't emphasis that enough) then check out these documents from SANS -
http://www.sans.org/reading_room/analysts_program/PenetrationTesting_June06.pdf http://www.sans.org/reading_room/whitepapers/auditing/conducting-penetration-test-organization_67
A lot of pen testers have a bad name because many of them simply run Nessus and give a canned report (don't do that) so a bunch of top folk in the industry are trying to create a pen-testing standard so check this out - http://www.pentest-standard.org/index.php/Main_Page.
If you want to learn how to write exploits and start messing with shellcode then check out the http://www.exploit-db.com/ site and maybe join the Metasploit mailing lists or IRC channels.
OTHER TIPS
If you want the penetration test to be meaningful and uncover more problems than just the low-hanging fruits, you really should hire a professional pentester or get somebody else with the necessary hands-on experience and practice to do it for you. A beginner's (no offence meant) textbook penetration test will not be meaningful to assess your systems' security. Also, since you are testing a security system or device you designed yourself, it makes a lot of sense to not do the testing yourself but throw someone against the problem who will also question the system's underlying assumptions for real-world practicability.
