Nimbuzzmasters forum
nwlve HI   GUEST nwlve
WELCOME TO NIMBUZZ MASTERS FORUM
PLEASE   REGISTER

TO
Dzs HAVE FULL ACCESS TO THE FORUM AND BE ABLE TO DOWNLOAD STUFF Dzs
Grp
STAY WITH US THANK YOU
Forum management ©️
Mzs

WEB PEN TEST- Information Gathering Part 0

View previous topic View next topic Go down

r00t d3str0y3r
Member
Member
Join date : 2014-10-25
Posts : 30
Thanks gained - : 130
Gender : Male
Age : 23
View user profile http://securitymafia.com

Postr00t d3str0y3r on Fri Oct 31, 2014 10:44 pm

Understanding Information Gathering

$ Hello and welcome to my first tutorial on Information Gathering. Very Happy

In this tutorial we will understand and see what is the purpose of Information Gathering before starting to pentest or attack a Website.

First of all i will start with a funny Very Happy but a logical examle, :P let us assume your girlfriend tell you to hunt something for her. You wont go outside and start hunting. The first question you will ask what she actually want you to hunt, lets say fish. So now as you know its a fish then you will goto a place like a sea or a waterfall rather than to grounds in forest. You know to hunt a fish you will need a Fishing Rod and some other important things. ;)

Very Happy In the same manner Web Pentesting is also much like this. When you are going to hunt a website down then you must know what really you are going to deal with, if you know your enemy which you are going to face then you can prepare yourself for that.

So this is why Information Gathering is the first phase of Penetration testing. But now arise the question what information are we going to collect and where are we going to get that information from. "e;Where and how"e;, Well i will tell you both of these things step by step in the next tutorials of Information Gathering. :P

But in this tutorial we will understand that what we are targetting to achieve via Information Gathering and how that information is going to help us in our Penetration testing.

-------------------------------------------------
Who is Information : This is the most basic information about a domain, It shows the registration Details of the website in which you can commonly see who registered the domain and which date did he registered it on, when will it expire etc. This information may help you sometimes in Social engineering like sending him email on his registered email. Or you use his address, name or contact number in various tasks of Social Engineering.

:-D Example - click below the link

http://m.whoismind.com/whois/securitymafia.com.html

-------------------------------------------------
Ip Address: Well this ones for newbies, actually IP address is the real address behind any domain name which are resolved by the nameservers. Every Box or you can say a system contains a unique IP address for example (213.155.66.22). Using it computers communicate to eachother. IP Address will help us targetting the network as well as find open ports and other exploitable services on the system while pentesting.

-------------------------------------------------

NameServers: These are the DNS resolvers, for example when you type in google.com in your browser the DNS resolvers finds the real IP behind and and take your request to the server, and bring back the response. We can later target the nameservers to for DNS based attacks testing of our pentesting.

-------------------------------------------------
Web Server: Webservers the one we are dealing over here is an application which is running over an Operating system and serves to the web requests coming to the system. Like Apache, Tomcat, IIS etc are webservers running on an operating system when any web request is sent to a system they handle it and they are responsible for giving out the response. Many times you can get Exploits related to a webserver and get a way into the sytem using that exploit, and if you know which webserver is bieng used then it will help you to find out the default directories or known vulnerabilities for that web server.
-------------------------------------------------

Operating System: Well most of you know what an operating system is but still if any one is confused that why do we need to know the OS, then let me clarify that when we know the operating system then we can find out the rights attacks, Open Ports, Exploits, Common Services etc which will help us later in pentesting.
-------------------------------------------------

Login Pages: While pentesting when you find a login page or admin login page which requieres some username and password to login then that is nothing to get sab about, actually getting a login page is just like finding a Locked door of a Secure house. But the to break inside you can use a master key or you can even break the lock. In the same manner Login pages can also be tested for many known Attacks.

-------------------------------------------------
Sub Domain: If you do not know what subdomains are then, Subdomain are domains maintained under a domain for examle google.com is a domain name then mail.google.com is a subdomain inside it. We need to collect all available sub domains for a website. In many cases you may find hidden or private domain where they are maintaining something private and such application are usually left vulnerable and exposed because of the assumption the no one can reach them.

-------------------------------------------------
Web Application: Many times what you are targetting is a public Web Application like Joomla, Wordress or any other. We also need to get all the information about the web Application so we can find any known Vulnerability for that particular Version or else we can find any Vulnerability in the source code available online.
-------------------------------------------------
Web Application Firewall : We can also test if they are using any firewall for that we can know what we are going to face and is there any ways to bypass that firewall.

These are some of the common things we are going to try and find about our target.

:P :)
Author- r00t d3str0y3r

avatar
Mariya joys
Member
Member
Join date : 2012-12-30
Posts : 43
Thanks gained - : 55
Gender : Female
Age : 22
Location Location : india tamilnadu
View user profile http://www.nimbuzzmasters.net

PostMariya joys on Sat Nov 01, 2014 7:41 am

Post

avatar
peterjames250
Member
Member
Join date : 2016-04-23
Posts : 6
Thanks gained - : 6
View user profile

Postpeterjames250 on Sat Apr 23, 2016 11:17 am

It is a nice thread about information gathering. I am very afraid because website attacking is a most common thing now and ofcourse I am also owned by a website of http://resumeplus.us. There are so many methods for attacking such as SQL Injection,
URL Guessing, Cross-Site Scripting (xss) - embed javascript. The foundation for any successful penetration test is solid reconnaissance. Failure to perform proper information gathering will have you flailing around at random, attacking machines that are not vulnerable and missing others that are. And I would like to tell about Nmap. Nmap is tool that can perform various activities in a penetration test.The function of NSE (Nmap Scripting Engine) and the scripts that have written so far they can transform Nmap to a multi purpose tool.For example we can use Nmap during the information gathering stage of a penetration test just by using the appropriate scripts.In this article we will examine those scripts and the information that we can extract. And of course thank you so much for sharing this tutorial and it is really helpful to me and easily understandable.

Sponsored content

PostSponsored content

View previous topic View next topic Back to top

Create an account or log in to leave a reply

You need to be a member in order to leave a reply.

Create an account

Join our community by creating a new account. It's easy!


Create a new account

Log in

Already have an account? No problem, log in here.


Log in

 
Permissions in this forum:
You cannot reply to topics in this forum