Penetration Testing with Kali Linux OffSec
wget https://github.com/obsidianmd/obsidian-
|
|
wget https://github.com/obsidianmd/obsidian-
releases/releases/download/v0.14.2/Obsidian-0.14.2.AppImage .... 2022-03-31 15:38:53 (1.28 MB/s) - 'Obsidian-0.14.2.AppImage' saved [113102744/113102744] kali@kali:~$ chmod +x Obsidian-0.14.2.AppImage kali@kali:~$ ./Obsidian-0.`14.2.AppImage Listing 27 - Getting and Running Obsidian When we execute the AppImage, we get a welcome screen, which enables us to open an Obsidian vault or create a new one. 200 (Obsidian, 2022), https://obsidian.md/ 201 (SnapCraft, 2022), https://snapcraft.io/ 202 (Flatpak, 2022), https://flatpak.org/ 203 (AppImage, 2022), https://appimage.org/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 96 Figure 8: Obsidian Welcome Screen Obsidian stores information in a Vault , which is a folder on our system. We can create both markdown files and folders within the Vault. Obsidian’s features include a live preview of markdown text, in-line image placement, code blocks, and a multitude of add-ons such as a community-built CSS extension. An example of directly entering notes in markdown is shown below: Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 97 Figure 9: Taking Notes in Obsidian Then, it’s can be previewed live by Obsidian. Figure 10: Live Preview of Markdown An Obsidian vault can be relocated to another computer and opened from the Welcome menu. Markdown files can simply be dropped into the Vault folders, which will automatically be recognized by Obsidian. The use of markdown means that we can provide syntax and formatting that is easily copied to most report generation tools, and a PDF can be generated straight from Obsidian itself. Tool selection is a personal and situational preference. Some tools are better in certain scenarios than others, but there isn’t a perfect tool. It is recommended to take time and try out the tools we’ve covered, read the documentation, get familiar with them, and then decide which tool works for you. Some additional tools can be found referenced on nil0x42’s 204 website. 5.1.5 Taking Screenshots Screenshots are an important part of note-taking and technical reporting. A good screenshot can explain the issue being discussed at a glance and in more detail than a textual description. Screenshots are particularly useful to help present a technically complex or detail-heavy section of a report. As the saying goes, a picture is worth 1000 words. Conversely, a bad screenshot can obfuscate and draw attention away from what the issue is. Screenshots are an important way to communicate the visual impact of a finding, and can be far more effective than mere text. For example, it’s more effective to show a screenshot of an alert box popping up from an XSS payload than to describe it in words. However, it’s more difficult to use a screenshot to describe exactly what’s happening when we use something like a buffer overflow payload. Just like we want to use the right tool to perform certain attacks, so we also want to use the right tool to show certain results (such as text vs images). 204 (nil0x42, 2022), https://github.com/nil0x42/awesome-hacker-note-taking Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 98 We can use screenshots to supplement our note-taking or to include them in our report to illustrate the steps we took, which will help another tester reproduce the issues. However, we need to be conscious of the audience. While a penetration tester may consider an alert window to demonstrate XSS as perfectly self-explanatory, developers unfamiliar with the vulnerability may not understand its true cause or impact. It’s good practice to always support a screenshot with text. Screenshots have a specific goal, which is to convey information that would take several sentences to describe or to make an impact. With this in mind, the screenshot should contain exactly enough information to justify not using text, but there shouldn’t be too much information to make the screenshot confusing. To return to the example given above in the notes section, we have found reflected XSS in the username field of the application login. We will properly explain the effects of XSS in the actual report. However, the impact of XSS is far easier to show rather than explain without a visual reference as a base. We must include evidence of arbitrary JavaScript execution, as well as visual components of the site (i.e. the URL in the browser window). If necessary, secondary or lead-up steps can be captured as well. A well-constructed screenshot is easy to parse visually. Readers should be able to intuitively understand the picture and its caption without any questions. If there is a greater need for surrounding context, that can be added in a paragraph above or below the image, but the image itself should be understood. Once again, using the example of XSS in our login form, we will include the following components in the screenshot, resizing the window if necessary. Ideally, we would include the URL as well as some company-specific branding and logos on the form. This lets them know the exact webpage and ties the vulnerability to their corporate image. The actual pop-up executed in the proof-of-concept is necessary as well, substituted for any more advanced payload as the proof of concept is slowly taken further. Finally, we want to ensure that it is all legible. A screenshot that needs to be zoomed in to be properly viewed disrupts the reader’s flow. A good screenshot is immediately legible, as shown below. Yüklə Dostları ilə paylaş:
|