Let's discuss penetration testing here

I see you are making progress. Bypassed Mac address filter yet ?

Thanks for your compliments kudaisi. For now, nothing has prompted me to bypass Mac address filter but if my focus is directed towards that direction, I will.

@Fellow Testers, for now I have tested several sites for vulnerability via sql injection using sql map / havij and I was able to discover vulnerability on several sites. As a penetration tester, what should I do to these vulnerable sites? Should I contact the admins of these vulnerable sites and notify them of their sites vulnerability or I should just hack the sites and email the hacking details to the admins of this vulnerable sites?

kudaisi:
I see you are making progress. Bypassed Mac address filter yet ?

@Penetration Testers, what is the most advanced penetration tool to check for vulnerabilities in secured sites like google, yahoo, facebook etc?

I don't know the use of brutal force and md6. Is it to break cipher keys and encryption?
Example
Refer to this English letter frequency table (http://gnosis.cx/download/letterfrequency.gif) and decipher the message: SEVRAQF, EBZNAF, PBHAGELZRA, YRAQ ZR LBHE RNEF!

Hint use spell check dictionary in your phone to decipher the message

@proxy23, Brute force is used for password exploit

proxy23:
I don't know the use of brutal force and md6. Is it to break cipher keys and encryption?
Example
Refer to this English letter frequency table (http://gnosis.cx/download/letterfrequency.gif) and decipher the message: SEVRAQF, EBZNAF, PBHAGELZRA, YRAQ ZR LBHE RNEF!

Curiousmind:
@proxy23, Brute force is used for password exploit

Ok

Curiousmind:
Thanks for your compliments kudaisi. For now, nothing has prompted me to bypass Mac address filter but if my focus is directed towards that direction, I will.

@Fellow Testers, for now I have tested several sites for vulnerability via sql injection using sql map / havij and I was able to discover vulnerability on several sites. As a penetration tester, what should I do to these vulnerable sites? Should I contact the admins of these vulnerable sites and notify them of their sites vulnerability or I should just hack the sites and email the hacking details to the admins of this vulnerable sites?

This practise could keep u behind bars. If u have some intention like this why not keep to your self. Anyways, best to send the administrative section message and notify them.

If you're "hacking" the last place you want to try bruting big names like google is on *80 unless you're a attempting to exploit Gets, maybe posts or deletes. You can always find wp, cpanel, etc logins portals via http to try brute force. Brute force is hacking for dummies/beginners, chances are you'll trigger something. Most sophisticated hacks are indirectly or directly aided by rogues on the inside of a company or makers/gurus of the exploited software. You have to spend time knowing your target, its a reason most hackers I know have a crippling case OCD and petty vendettas

gimakon:


This practise could keep u behind bars. If u have some intention like this why not keep to your self. Anyways, best to send the administrative section message and notify them.

Thanks for your comment. Your advice is well taken!

AAinEqGuinea:
If you're "hacking" the last place you want to try bruting big names like google is on *80 unless you're a attempting to exploit Gets. You can always find wp, cpanel, etc logins portals via http to try brute force. Brute force is hacking for dummies/beginners, chances are you'll trigger something. Most sophisticated hacks are indirectly or directly aided by rogues on the inside of a company or makers/gurus of the exploited software. You have to spend time knowing your target, its a reason most hackers I know have a crippling case OCD and petty vendettas

If brute force is for dummies/beginners, so what methodology is for advanced hackers? Your answer will be highly appreciated

Curiousmind:



If brute force is for dummies/beginners, so what methodology is for advanced hackers? Your answer will be highly appreciated

Brute guesses are an option unencrypting rainbow dictionary hashes (md) or any silo of you already have, but you can't really believe that pounding on the front door of a server using brute force is not going to trigger some alarm thus that's the only option, brute is more of an annoyance like ddos

Btw, spent 20 minutes already on the cipher, still not solved.

bruteforcing is d next thing I wanna lay my hands on ....

Anyways computer wizards can we link up here on privste chat and exchange ideas if you know wat I mean

Hello Papertrail11, you can comment your ideas here. Exchange of penetration ideas was the reason this thread was created. I await your comments & ideas!

Papertrail11:
bruteforcing is d next thing I wanna lay my hands on ....

Anyways computer wizards can we link up here on privste chat and exchange ideas if you know wat I mean

So what do you recommend?

AAinEqGuinea:


Brute guesses are an option unencrypting rainbow dictionary hashes (md) or any silo of you already have, but you can't really believe that pounding on the front door of a server using brute force is not going to trigger some alarm thus that's the only option, brute is more of an annoyance like ddos

Btw, spent 20 minutes already on the cipher, still not solved.

Curiousmind:
So what do you recommend?

Staying invisible on every layer, firstly.

Knowing the target, well... recon. Secondly.




That's why you can't simply run around brute forcing ports...unless you're having spiders or botnets report those easy targets.

AAinEqGuinea:


Staying invisible on every layer, firstly.

Knowing the target, well... recon. Secondly.




That's why you can't simply run around brute forcing ports...unless you're having spiders or botnets report those easy targets.

Yeah you are right , you need to ensure you have no digital footprint with your target always wanted to learn hacking on a basic level, discovered from a friend it took take a good amount of time before he can even say he can access any broken site. keep this thread up. eager to learn something

Thanks for your comment. So what is your favourite penetration tool?

AAinEqGuinea:


Staying invisible on every layer, firstly.

Knowing the target, well... recon. Secondly.




That's why you can't simply run around brute forcing ports...unless you're having spiders or botnets report those easy targets.

Curiousmind:
Thanks for your comment. So what is your favourite penetration tool?

Honestly depends on which layer I'm penetrating or causing chaos

I mean what is your favourite penetration tool in each layer?

AAinEqGuinea:


Honestly depends on which layer I'm penetrating or causing chaos

Curiousmind:
I mean what is your favourite penetration tool in each layer?

Fyi bro, I'm not dodging or derailing, but it really depends what you mean by penetration. If you're looking to rape your server or benchmarking your firewall(s), I mostly create the tools I need to do such.

Hopefully you're able to glean that I take a more thoughtful approach to white/gray hat. You have to be tactful. The level of penetration testing I use depends on the elusiveness of my or others implementation and active framework.

What's the most important penetration test for *80 web applications first? Google scouting. It doesn't stop there. Watch their DNS, content type handles, cms exploits as well. Browser level exploits. Because i try to be the smartest out there i confront these types of projects with seriousness, much planning and blueprinting before coding.

Backdoor filtered ports requires mimicking attempts, knowledge of finite networking is extremely useful here. Maybe I want to interpret server pulses from obfuscated attempts. Knowledge of mainly hardware goes a long way here and 'as-a-service' providers (cloud, analytics, etc)

if there is a "right" tool is out there, there's likely a patch or a basic anti-subversion implementation. It's take little to no effort to gain control of a web amateur site. I get nothing from it. There are scripts you can download to "penetrate" their server. Personally I dont call it hacking if 1) the target was easily subverted (like ddos) and 2) over-reliance on vendor or in-the-wild tools or scripts. You're looking for zero-day hacks, and increasing those attacks aren't discovered by tools, attackers have thorough knowledge of the target.

In hopes of having fruitful discussion with specificity while teaching other who pass by, i was hoping we can discuss penetration on various layers under various hypotheticals, to create or find the right tool and state of mind for the job.

Your reply is very insightful. My favourite penetration tool is sqlmap

AAinEqGuinea:


Fyi bro, I'm not dodging or derailing, but it really depends what you mean by penetration. If you're looking to rape your server or benchmarking your firewall(s), I mostly create the tools I need to do such.

Hopefully you're able to glean that I take a more thoughtful approach to white/gray hat. You have to be tactful. The level of penetration testing I use depends on the elusiveness of my or others implementation and active framework.

What's the most important penetration test for *80 web applications first? Google scouting. It doesn't stop there. Watch their DNS, content type handles, cms exploits as well. Browser level exploits. Because i try to be the smartest out there i confront these types of projects with seriousness, much planning and blueprinting before coding.

Backdoor filtered ports requires mimicking attempts, knowledge of finite networking is extremely useful here. Maybe I want to interpret server pulses from obfuscated attempts. Knowledge of mainly hardware goes a long way here and 'as-a-service' providers (cloud, analytics, etc)

if there is a "right" tool is out there, there's likely a patch or a basic anti-subversion implementation. It's take little to no effort to gain control of a web amateur site. I get nothing from it. There are scripts you can download to "penetrate" their server. Personally I dont call it hacking if 1) the target was easily subverted (like ddos) and 2) over-reliance on vendor or in-the-wild tools or scripts. You're looking for zero-day hacks, and increasing those attacks aren't discovered by tools, attackers have thorough knowledge of the target.

In hopes of having fruitful discussion with specificity while teaching other who pass by, i was hoping we can discuss penetration on various layers under various hypotheticals, to create or find the right tool and state of mind for the job.

Hello penetration testers / hackers, how do you penetrate / hack a website that is not sql vulnerable and xss vulnerable? Your answers are highly appreciated. Thank you in advance. Happy penetrating!