Home / Web Hacking (page 3)

Web Hacking

WRITING THE PENETRATION TESTING REPORT

WRITING THE PENETRATION TESTING REPORT

Writing the Penetration Testing Report: Like every other topic we have discussed, writing a good penetration testing report takes practice. Many penetration testers mistakenly think that they can simply provide the raw output from the tools that they run. This group of people will often collect and nearly organize the …

Read More »

WIRESHARK: SNIFFING NETWORK TRAFFIC

WIRESHARK: SNIFFING NETWORK TRAFFIC

Sniffing Network Traffic: Another popular technique that can be used to gain access to systems is network sniffing. Sniffing is the process of capturing and viewing traffic as it is passed along the network. Several popular protocols in use today still send sensitive and important information over the network without …

Read More »

SIFTING THROUGH THE INTEL TO FIND ATTACKABLE TARGETS

SIFTING THROUGH THE INTEL TO FIND ATTACKABLE TARGETS

Sifting Through the Intel to Find Attackable Targets: Once you have completed the steps in previously articles, you need to schedule some time to closely review all the reconnaissance and information you have gathered. In most cases, even light reconnaissance should produce a mountain of data. Once the reconnaissance step …

Read More »

FIERCE: WHAT TO DO WHEN ZONE TRANSFERS FAIL

FIERCE: WHAT TO DO WHEN ZONE TRANSFERS FAIL

Zone Transfers Fail: As we have previously discussed, most administrators are savvy enough to prevent random people from completing an unauthorized zone transfer. However, all is not lost. If your zone transfer fails, there are dozens of good DNS interrogation tools. Fierce is an easy to use, powerful Perl script …

Read More »

Extracting Information From DNS

Extracting Information From DNS

Extracting Information from DNS: DNS servers are an excellent target for hackers and penetration testers. They usually contain information that is considered highly valuable to attackers. DNS is a core component of both our local networks and the Internet. Among other things, DNS is responsible for the process of translating …

Read More »

Brief Guide on HOST

Brief Guide on HOST

Host: Oftentimes, our reconnaissance efforts will result in host names rather than IP address. When this occurs, we can use the “host” tool to perform a translation for us. The host tool is built into most Linux systems including Kali. We can access it by opening a terminal and typing: …

Read More »

The Basics of Web Hacking: Our Approach

The Basics of Web Hacking: Our Approach

Basics of Web Hacking: Our approach is made up of four phases that cover all the necessary tasks during an attack. Reconnaissance Scanning Exploitation Fix It’s appropriate to introduce and discuss how these vulnerabilities and attacks can be mitigated, thus there is a fix phase to our approach. As a …

Read More »

Noteworthy HTTP Headers

Noteworthy HTTP Headers

Noteworthy HTTP Headers: Each HTTP cycle also includes headers in both the client request and the server response that transmit details about the request or response. There are several of these headers, but we are only concerned with a few that are most applicable to our approach covered in this …

Read More »

Setting a Web Browser to Use a Proxy | Using Proxies

Using Proxies A proxy is a system acting as a stand-in between the scanner and the target. The proxy acts as an agent for the scanning party, thus providing a degree of anonymity for the scanning party. Proxy servers can perform several functions, including these: Filtering traffic in and out …

Read More »