PenTest Magazine | PentestIT Test.

lab
PenTest Magazine | PentestIT Test.lab
2
P
enetration Testing
Laboratories PentestIT
is a copy of the IT-
structure of the real companies.
Laboratory Test.lab created
in order to allow participants to
legally validate and consolidate
skills penetration testing under
real conditions, but we strongly
recommended to use the
knowledge gained in a wrongful
and unlawful purposes.
Laboratories are always unique
and contain the most current
vulnerability in anonymous
form (under NDA), discovered
during penetration testing of a
real companies by PentestIT
team. Developing Test.lab we
try to cover almost all areas of
information security: network
security, operating systems and
applications. Participants are
encouraged to perform operation
of a variety of vulnerabilities:
work-related network
components, cryptographic
mechanisms, configuration errors
and code, the human factor.
Gathering participants
from around the world, we
have developed Test.lab for
various events, such as the All-
Russian contest ProfIT 2013,
PentestIT Test.lab
a platform for legal practical experience
penetration testing
PentestIT Test.lab | PenTest Magazine
PentestIT Test.lab | PenTest Magazine
3
ZeroNights13, PHD IV. We are supported by experts in the
field of information security from around the world, and our
laboratory made into one big map pentest.
Test.lab is a real computer network virtual
companies containing common configuration errors and
vulnerabilities. Participants acting as pentesters (White
hat), trying to exploit them, and in case of success have
access to individual nodes laboratories, each of which
contains a token. The winner is the participant who
first collected all the tokens. Work in the laboratory is
based on the technique of gray box: before the study
(penetration testing), participants are given information
about the infrastructure Test.lab in the form of diagrams
and descriptions.
Depending on the particular laboratory, allowed to use
different methods of hacking (operation vulnerabilities of network
services, WEB, social engineering, buffer overflow, etc.).
We invite you to participate in the lab One step ahead
Test.lab, presented on Positive Hack Days IV. To gain access
to the laboratory is necessary to pass a free registration on
the website: https://lab.pentestit.ru. Good luck!
Mayorovsky Maxim, the headmaster of a department,
working out penetration testing laboratories of PentestIT
company.
PenTest Magazine | PentestIT Test.lab
PenTest Magazine | PentestIT Test.lab
4
Reconnaissance and information gathering
Types of intelligence (active and passive information
gathering)
Collect information using DNS
Use of search engines
Metadata
Automating the collection of information
Scanning
Scan Types
Tools to scan (nmap, unicornscan)
Fingerprint (definition version of the OS)
Grabbing banners (the definition of network services
and services)
Exploitation
Overview freymorka Metasploit
Operation and exploits
Using Meterpreter for research purpose compromised
Postexploitation
Investigation of compromised systems (Windows and
Linux)
Work in the Windows command line without additional
tools (scanning and sorting of passwords)
Web security
Basics of SQL Injection for different databases (MySQL,
MSSQL and PostgreSQL)
The concept of vulnerability type SQLi
Techniques and methods of disposal SQLi
Cross-site scripting
Types of XSS vulnerabilities (passive and active)
Stealing Cookies
Stealing data from forms
Species by vectors (Steady / reflected, Constant /
stored).
Plan Of The
Workshop