Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,151,604 members, 7,812,976 topics. Date: Tuesday, 30 April 2024 at 12:59 AM |
Nairaland Forum / Science/Technology / Computers / Any Penetration Tester Here? (2084 Views)
Penetration Testers And Ethical Hackers Needed / Who Can Teach Penetration Testing (2) (3) (4)
Any Penetration Tester Here? by Curiousmind(m): 1:03pm On Apr 09, 2015 |
Let's discuss penetration testing here |
Re: Any Penetration Tester Here? by kudaisi(m): 1:06pm On Apr 09, 2015 |
I see you are making progress. Bypassed Mac address filter yet ? |
Re: Any Penetration Tester Here? by Curiousmind(m): 1:45pm On Apr 09, 2015 |
Thanks for your compliments kudaisi. For now, nothing has prompted me to bypass Mac address filter but if my focus is directed towards that direction, I will. @Fellow Testers, for now I have tested several sites for vulnerability via sql injection using sql map / havij and I was able to discover vulnerability on several sites. As a penetration tester, what should I do to these vulnerable sites? Should I contact the admins of these vulnerable sites and notify them of their sites vulnerability or I should just hack the sites and email the hacking details to the admins of this vulnerable sites? kudaisi: |
Re: Any Penetration Tester Here? by Curiousmind(m): 1:56pm On Apr 09, 2015 |
@Penetration Testers, what is the most advanced penetration tool to check for vulnerabilities in secured sites like google, yahoo, facebook etc? |
Re: Any Penetration Tester Here? by Nobody: 7:58pm On Apr 09, 2015 |
I don't know the use of brutal force and md6. Is it to break cipher keys and encryption? Example Refer to this English letter frequency table (http://gnosis.cx/download/letterfrequency.gif) and decipher the message: SEVRAQF, EBZNAF, PBHAGELZRA, YRAQ ZR LBHE RNEF! 1 Like |
Re: Any Penetration Tester Here? by Nobody: 11:03pm On Apr 09, 2015 |
Hint use spell check dictionary in your phone to decipher the message |
Re: Any Penetration Tester Here? by Curiousmind(m): 6:53am On Apr 10, 2015 |
@proxy23, Brute force is used for password exploit proxy23: |
Re: Any Penetration Tester Here? by Nobody: 10:08am On Apr 10, 2015 |
Curiousmind:Ok |
Re: Any Penetration Tester Here? by Nobody: 7:16pm On Apr 10, 2015 |
Curiousmind: This practise could keep u behind bars. If u have some intention like this why not keep to your self. Anyways, best to send the administrative section message and notify them. |
Re: Any Penetration Tester Here? by AAinEqGuinea: 12:33am On Apr 11, 2015 |
If you're "hacking" the last place you want to try bruting big names like google is on *80 unless you're a attempting to exploit Gets, maybe posts or deletes. You can always find wp, cpanel, etc logins portals via http to try brute force. Brute force is hacking for dummies/beginners, chances are you'll trigger something. Most sophisticated hacks are indirectly or directly aided by rogues on the inside of a company or makers/gurus of the exploited software. You have to spend time knowing your target, its a reason most hackers I know have a crippling case OCD and petty vendettas |
Re: Any Penetration Tester Here? by Curiousmind(m): 8:20pm On Apr 11, 2015 |
gimakon: Thanks for your comment. Your advice is well taken! |
Re: Any Penetration Tester Here? by Curiousmind(m): 8:24pm On Apr 11, 2015 |
AAinEqGuinea: If brute force is for dummies/beginners, so what methodology is for advanced hackers? Your answer will be highly appreciated |
Re: Any Penetration Tester Here? by AAinEqGuinea: 9:25pm On Apr 11, 2015 |
Curiousmind: Brute guesses are an option unencrypting rainbow dictionary hashes (md) or any silo of you already have, but you can't really believe that pounding on the front door of a server using brute force is not going to trigger some alarm thus that's the only option, brute is more of an annoyance like ddos Btw, spent 20 minutes already on the cipher, still not solved. |
Re: Any Penetration Tester Here? by Papertrail11(m): 12:59pm On Apr 13, 2015 |
bruteforcing is d next thing I wanna lay my hands on .... Anyways computer wizards can we link up here on privste chat and exchange ideas if you know wat I mean |
Re: Any Penetration Tester Here? by Curiousmind(m): 8:52pm On Apr 16, 2015 |
Hello Papertrail11, you can comment your ideas here. Exchange of penetration ideas was the reason this thread was created. I await your comments & ideas! Papertrail11: |
Re: Any Penetration Tester Here? by Curiousmind(m): 8:53pm On Apr 16, 2015 |
So what do you recommend? AAinEqGuinea: |
Re: Any Penetration Tester Here? by AAinEqGuinea: 6:00am On Apr 18, 2015 |
Curiousmind: Staying invisible on every layer, firstly. Knowing the target, well... recon. Secondly. That's why you can't simply run around brute forcing ports...unless you're having spiders or botnets report those easy targets. |
Re: Any Penetration Tester Here? by Nobody: 11:49pm On Apr 18, 2015 |
AAinEqGuinea: Yeah you are right , you need to ensure you have no digital footprint with your target always wanted to learn hacking on a basic level, discovered from a friend it took take a good amount of time before he can even say he can access any broken site. keep this thread up. eager to learn something |
Re: Any Penetration Tester Here? by Curiousmind(m): 7:15pm On Apr 19, 2015 |
Thanks for your comment. So what is your favourite penetration tool? AAinEqGuinea: |
Re: Any Penetration Tester Here? by AAinEqGuinea: 8:11pm On Apr 19, 2015 |
Curiousmind: Honestly depends on which layer I'm penetrating or causing chaos |
Re: Any Penetration Tester Here? by Curiousmind(m): 9:43am On Apr 20, 2015 |
I mean what is your favourite penetration tool in each layer? AAinEqGuinea: |
Re: Any Penetration Tester Here? by AAinEqGuinea: 4:40pm On Apr 20, 2015 |
Curiousmind: Fyi bro, I'm not dodging or derailing, but it really depends what you mean by penetration. If you're looking to rape your server or benchmarking your firewall(s), I mostly create the tools I need to do such. Hopefully you're able to glean that I take a more thoughtful approach to white/gray hat. You have to be tactful. The level of penetration testing I use depends on the elusiveness of my or others implementation and active framework. What's the most important penetration test for *80 web applications first? Google scouting. It doesn't stop there. Watch their DNS, content type handles, cms exploits as well. Browser level exploits. Because i try to be the smartest out there i confront these types of projects with seriousness, much planning and blueprinting before coding. Backdoor filtered ports requires mimicking attempts, knowledge of finite networking is extremely useful here. Maybe I want to interpret server pulses from obfuscated attempts. Knowledge of mainly hardware goes a long way here and 'as-a-service' providers (cloud, analytics, etc) if there is a "right" tool is out there, there's likely a patch or a basic anti-subversion implementation. It's take little to no effort to gain control of a web amateur site. I get nothing from it. There are scripts you can download to "penetrate" their server. Personally I dont call it hacking if 1) the target was easily subverted (like ddos) and 2) over-reliance on vendor or in-the-wild tools or scripts. You're looking for zero-day hacks, and increasing those attacks aren't discovered by tools, attackers have thorough knowledge of the target. In hopes of having fruitful discussion with specificity while teaching other who pass by, i was hoping we can discuss penetration on various layers under various hypotheticals, to create or find the right tool and state of mind for the job. |
Re: Any Penetration Tester Here? by Curiousmind(m): 8:14am On Apr 23, 2015 |
Your reply is very insightful. My favourite penetration tool is sqlmap AAinEqGuinea: |
Re: Any Penetration Tester Here? by Curiousmind(m): 3:13pm On Apr 30, 2015 |
Hello penetration testers / hackers, how do you penetrate / hack a website that is not sql vulnerable and xss vulnerable? Your answers are highly appreciated. Thank you in advance. Happy penetrating! |
(1) (Reply)
Funny Notepad Trick To Check If Your Pc Is Male Or Female - Arewatech / Hp 2000 4GB RAM 500GB Hard disk AMD A6 with dedicated graphics [Sold] / Unlock Bios Password For Dell, Sony, HP And Asus Laptops
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 42 |