Hi all,
So I did the 2nd day of the course. The focus on web applications. Yay some stuff I knew! Because I have some grounding in the area I feel more in a position to give a balanced review of the 2nd day. Not to say I didn't give a balanced view of the 1st day, but I can give a better idea if it was beginner or not.
2nd Day Review
The course was to go through basics of XSS and SQLi and some Burpe Suite.
Copy & Paste from Day 1
----The course was through strategicsec with Joseph Mcray whose twitter is @j0emccray, having to manually link it because the Twitter could not find him.. The website/company he runs is http://strategicsec.com/.
Pentesters Weekend Bootcamp:
http://strategicsec.com/services/training-services/online/pentesters-workshop/----
SQL Injection
The SQLi was very basic, but it came with strong explanations. I even learnt when testing for SQL there is a difference between placing a quote for order by and not placing a quote. Answer being integers do not need the quote and string do, in order to escape to test it.
The instructor covered blind sql injection, basic sql injection and union based injection. He did this in a step by step approach, allowing your understand to be stretched appropriately. He even explained time based injection with a demo, although he did not spend much time on this I think it may have been to advanced for the course.
So ultimately the most advanced it went was union select, using the order by to find the number of columns first. Then in one of the columns that would show on screen we could extract data, such as @@database, user() etc etc. With the line in the URL bar being: ?id=1' union select 1,2,3,4, @@version --+
Not sure of the exact number of columns but you get the idea.
It did not go much more advanced than that, there was no explaining that all tables in a sql database are kept in the information_schema section, or columns in information_schema.columns, allowing further information extraction.
So in having a background, the SQL was a refresher for me, however I think it was suitable for the course and was explained quite well. Leaving enough out for students to go research themselves.
If any other students are reading this; a great free sql tute with videos is SQLi-labs by Audi-1.
It is run through PHP in Apache within whatever OS you set it up with. I did it in backtrack worked a treat.
https://github.com/Audi-1/sqli-labs
XSS
<script>alert(123)</script> was shown in a webpage that was specifically vulnerable to XSS. This will be great for students to play around with and see what can be done. Was the basics as well, very suited to the class.
The result of what XSS can do other than just a pop up I found was really important. A webpage where the XSS would send information too was able to be accessed. So as simple as seeing that session cookie information could be sent somewhere else was really great. Especially when as a Penetration Tester we must explain the outcome of a vulnerability, this was great to see.
Burpe Suit
Unfortunately this was not gone through, we finish and hour and a half early, so I am not sure why. However we were informed that another session would be made available before the end of the month. Hopefully this is true. I will come back and update if this is covered
I understand it was only $100, but the course description covers it and its a paid service. Other than that the course was great, delivered well, the course material was supplied.
Update: There is going to be another day added to the course, this is to cover the Burp Suite and LFI that were missed originally. This is great news, as it shows the instructor cares about what we learn and what he sets out to do, also keeping to his work (aka the course description). So more time covered on the original topics and extra time for those that were missed, is a win win for me.
The Labs + Virtual Machines
Having played with the labs a bit, for the web app side it includes vulnerable web pages which is really great for beginners (like me) to play around with.
The virtual machines given were customed xp, windows 7 and ubuntu, working really great so far!
I would certainly recommend this course. I need to upskill in the network scanning so I can test that out a bit more. But a fantastic course.
Cheers guys
No comments:
Post a Comment