Saturday, July 13, 2013

Look Ma' .... NO TOOLS :-)

Well this will probably come off weird by the time i explain the whole ordeal ... see recently i really wanted to publish about my best tools... but hey i also wanted to publish a little about Phone Network hacking and thought hmmm i will have to do a practical on that so wait till my tools arrive... then the vicious cycle came back and i had to go back to the basics of ... Not having/using any tools so ...here we go...

No Tools... well this is impossible ...why? maybe because tools are everywhere heck your browser is a tool , your terminal is a tool, ummm yes your BRAIN... this is a very handy tool, so here goes my No-Tools list :)

Brain---> very important needs a lot of nourishment including a little rest here and there (yes its not all work and no play)

Terminal---> yes this little creature awes many when they finally know who/how/where/when to use it

Browser--->I have always insisted on using the browser as a tool but why??? well maybe because its called a browser... its the one thing that we can actually see a graphical output/input of the data we feed and also comes from it anywho.....

Here is my working of all this lets start from this point where we all want to do a pentest and we want to avoid tools just for the sake of (not wanting/having*) the tool so here we start by Information gathering ... only the above tools....

say we are attempting to get information about a website we want to pentest... the tools only the above ... here we go :)

PASSIVE INFORMATION GATHERING

Footprinting---aimed at gathering intelligence about the infrastructure of a target network, only from information which access is free and authorized. It is the first component of the information gathering step of a pentest, before port scanning and fingerprinting.

here we can fire up our *nix terminal and have a heads on lock on this by doing the following
- DNS query: with a domain name, you obtain the associated IP. Any field of the DNS response can be exploited: A, MX, etc. ,
- reverse DNS query: with an IP or an IP addresses range, you obtain domain names,

here we can also fire up our browser and do simple but informative steps such as
- WhoIs database: you obtain the informations legally provided for the domain name rental,
- search engines queries,
- X509 certificates queries,
- robots.txt of the website analysis,
-websource code

and with some nifty tricks we can move on to:

FingerPrinting and Port Scanning
well on port scanning its very tricky to do this with only the above tools but default configurations will tell us a lot about this website e.g

-Noting down the Favicon---to tell us what CMS is running
-Noting /Generating errors on the website---to tell us on webservers platform and ports e.g 80,8080,443
-Noting the protocols implemented-- from webmail logins(we can get an open port) from, https (443) ftp links e.t.c

see we are already getting information just by simple and yet effective tactics...

well i cant outline all tricks in one page but this should get you rolling others will come off as such, 
giving us lots of ways to go around the website with attacks /vulnerabilities known to the running services/platform/CMS

with that doing XSS,SQL,brute force(web forms) , RFI.LFIs and other techniques become reliable and a little easier than before... am not saying tools are not usefull am saying working from a knowledgeable point of view is more relatable and easier .

have a good day won't you :)

No comments:

Post a Comment

Dynamic Binary Instrumentation (pt2)

Quick how to: After install of Frida on your machine, you will need to install your server agent on your (use case is phone) iphone/andro...