Month: March 2018

Last week, I learned to use online tools to discover old DNS and the real IP address behind the firewall. One of the online tools that I tried was dnstrails.com. In dnstrails.com, I could get so many information for a specific website such as the registrant, the registrar, the admin contact, the real IP, the other hosts that in the same server, the subdomains and many else.  Moreover, I could also determine whether the emails that they sent in spf are as spam or not, it will be spam if the IP they’re using is different.

The records:

We could get address mapping record, IPv6 address records, mail exchanger records, name server records, start of authority records and text records.

History data:

We could get the old script, which may contain vulnerable code and the old admin page, which we could brute force it and other sensitive informations

Last week, I learned information gathering towards a website to get the information such as the registrant information, their server, their email server and many other stuff using Dig, Whois, Host in Kali Linux.

Dig pentest.id

Host pentest.id

Whois pentest.id

I also learned about DNS and Zone transfer tools like I mentioned before. With zone transfers tool like dig, I am able to check many pieces of information regarding domain name server.

Last week, I learned that website is an easy source of information.  We could get a lot of informations from a website. One of the tools that we learned is paros proxy. It is a Java-based web proxy for accessing web application vulnerability. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting.

Below are the experiment I do using paros proxy.

With paros proxy, I was able to see the structure of this company’s website

As we can see from the picture, I could see the details like the subfolder and the domains.

In the paros proxy, we can scan a specific folder to see the their vulnerabilities. In this case, I scanned the main page of the company’s website.

And then there will be a generated scanning report in the LatestScanningReport.htm which is the result from the scanning.  I could see the risk level whether is high, low or medium and also the website server, etc.

On the first day of my Ethical Hacking and Penetration Testing class, I learned many things about the introduction regarding ethical hacking and penetration test. There are many terms that I learned such as:

• Ethical Hackers: Someone who employed by companies to do penetration testing(with permission)
• Penetration Test: An attempt to break into company’s system or network to find the vulnerabilities inside it and always ends with report findings.
• Hackers: Someone who access the computer system or network without any permission/authorization
• Crackers: Someone who access the computer system to destroy or steal data
• Script Kiddies/Packet Monkey: A young inexperienced hackers who copy techniques from an experienced hacker
• Tiger Box: A collection of hacking tools for penetration testers
• White box model: A model where penetration tester is told everything about the network topologies
• Black box model: A model where penetration tester is not given details about the network
• Gray box model: A model where the company gives partial information about the network topologies to the penetration tester
• Red team: A team that performing penetration testing to a specific target
• Blue team: A team that defend the system from the attackers

In conclusion, those terms are very important for me before I learn further about the penetration test and ethical hacker.