Introduction

Goal

The goal of this tutorial is to provide a comprehensive understanding of penetration testing for application security. By the end of this tutorial, you will gain knowledge on how to identify and exploit vulnerabilities in a web application.

Learning Outcomes

• Understanding the concept of penetration testing and its importance in application security.
• Learning how to conduct a penetration test.
• Familiarity with common tools used in penetration testing.

Prerequisites

Basic understanding of web application architectures and protocols is beneficial. Experience with a programming language like Python or JavaScript is helpful but not mandatory.

Step-by-Step Guide

Penetration testing, also known as 'pentesting' or 'ethical hacking', is a process meant to probe and exploit vulnerabilities in a system, such as a web application, to assess its security.

Steps to Conduct a Penetration Test

1. Planning and Reconnaissance: This involves defining the scope and goals of the test and gathering intelligence (like network and domain names, mail servers) to better understand how the target system works and its potential vulnerabilities.

2. Scanning: This step involves using applications like Nessus, Nmap, or Wireshark to understand how the target application will respond to various intrusion attempts.

3. Gaining Access: This step involves web application attacks like Cross-Site Scripting (XSS), SQL Injection, and Backdoor attacks to uncover a system's vulnerabilities. The goal is to exploit these vulnerabilities to extract valuable data.

4. Maintaining Access: The goal of this step is to see if the vulnerability can be used to achieve a persistent presence in the exploited system—long enough for a bad actor to gain in-depth access.

5. Analysis: The results are then compiled into a report detailing:

6. What vulnerabilities were discovered

7. Which of them were successfully exploited
8. How long the tester could stay in the system undetected
9. What sensitive data was accessed

Code Examples

Note: The code examples here use Python, a common language for penetration testing due to its easy-to-read syntax and wide range of libraries.

Example 1: Using Python for a basic port scan

import socket

ip = '127.0.0.1'  # replace with your target IP
ports = [21, 22, 80, 443]  # common ports for FTP, SSH, HTTP, HTTPS

for port in ports:
    try:
        service = socket.getservbyport(port)
        print(f"Port: {port} runs {service}")
    except:
        print(f"Port: {port} is not recognized")

This script tries to identify the services running on the specified ports of the target IP.

Example 2: Using requests library to test for a basic SQL Injection vulnerability

import requests

url = 'http://target-url.com/login'  # replace with your target URL
data = {'username': 'admin', 'password': "' OR '1'='1"}

response = requests.post(url, data=data)

if 'logged in' in response.text:
    print('SQL Injection vulnerability detected')
else:
    print('No SQL Injection vulnerability detected')

This script injects a common SQL Injection payload into the password field. If the server processes it and logs in, it's vulnerable to SQL Injection.

Summary

Through this tutorial, you learned about penetration testing, its steps, and practiced examples of conducting a basic port scan and testing for SQL Injection vulnerability. The next step is to continue learning about and practicing different types of application attacks.

Practice Exercises

1. Write a Python script to perform a full port scan (ports 1 to 65535) on your local machine. (Hint: Use a loop)

2. Try to exploit an XSS vulnerability on a test site like Google's XSS Game.

3. Write a Python script to check if a website is vulnerable to a directory traversal attack.

Remember, ethical hacking means you have permission to attack the system.

Additional Resources

1. OWASP Testing Guide
2. Metasploit Unleashed
3. Hack The Box

Happy learning and remember to hack ethically!