We’ve learned how to do Cookie Stealing in the last post through XSS vulnerabilities. Some of you might be wondering (I was curious too in the beginning) why cookie can be so important for the attacker and that is exactly the reason why I choose this topic for my post.
Attention: This post is for educational purposes only. I do not advise or encourage anyone to do the following process for malicious reasons.
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication. Phishing might be useful during the Social Engineering step in Kali Linux Penetration Testing process. Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities.
In this post, I’m going to show you how to create a phishing website using 2 methods: BeEF XSS Framework and SET. Not only that, I’ll talk about how a hacker persuades their target to go to his/her fake website and obtain the important information.
According to DVWA’s website, Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment.
DVWA’s Installation Steps
Port Scanning is one of the methodologies that will be conducted during Enumerating Target process. This process will scan all TCP Ports or UDP ports, not only just the well-known ports which make the process could take a minute or two. This process also helps in determining which TCP and UDP ports are open, closed, or filtered.
In this post, I’m going to talk about the differences between TCP & UDP port, types of port scanning, and also showing how to do port scanning using Nmap!
After knowing that the target machine is available or active during the Target Discovery process. The next thing to do is enumerate invaluable information such as email, username, password, or any services available on the target systems. This will be used to help us as pentesters in identifying vulnerabilities on these services.
In this post, I’m going to use WPScan and TheHarvester to help me enumerate my target:
♡ usernames from wp1.pentest.id
♡usernames from jo1.pentest.id
♡ find emails that has @pentest.id and @gmail.com
It is important to learn Linux command as a penetration tester since it helps you get your job done faster and you will be working usingTerminal most of the time. So in this week’s post, I’m going to share some basic Linux command that I find useful to use in Terminal.
After information gathering, the next step is to discover our target machines. This process is commonly known as Target Discovery.
Why do we need to identify our target machines?
- To find out which machine in the target network is available. If the target machine is not available, we won’t continue the penetration testing process to save more time.
- To find the underlying operating system used by the target machine which will help us during the vulnerabilities mapping.
Same like the last post, my target is pentest.id.
Google Dorks is a hacking technique that utilizes Google Search Engine and other Google applications to find security holes in the configuration and computer code that websites use. Since Google has a searching algorithm and indexes most websites, it can be useful for a hacker to find vulnerabilities, hidden information, and access pages on the target.
In today’s post, I’m going to show you how to utilize Google for your hacking experience.