Basic PenTest of a website - help!

[ivrytwr3]

Hey all,

I am currently doing a course and have been tasked with conducting a basic PenTest of a target system/domain. I understand there are tools out there to do this, but as stated, just a basic introduction is required. I have followed the instructors example, but could do with some help and advice if any of you guys know about this stuff?

Target: staffs.ac.uk

whois: revealed 3 servers (ns0 and ns1 with IP addresses, the other is an education server).

nslookup: name and IP address

dig: CNAME and IP

set type=any: - no further info

set type=ns: - more info, but what?

server ns0.staffs.ac.uk: what did I do here?!

tracert: gave me hops and route of packets.

Like I said, just a basic search is required (introduction to PenTesting), but can anyone help with interpreting the results or offering further basic commands?

[reverend]

Hey all,

I am currently doing a course and have been tasked with conducting a basic PenTest of a target system/domain. I understand there are tools out there to do this, but as stated, just a basic introduction is required. I have followed the instructors example, but could do with some help and advice if any of you guys know about this stuff?

Target: staffs.ac.uk

whois: revealed 3 servers (ns0 and ns1 with IP addresses, the other is an education server).

nslookup: name and IP address

dig: CNAME and IP

set type=any: - no further info - this tells nslookup to try and pull any available record for that zone

set type=ns: - more info, but what? - this pulls just the name server records, i.e. what servers are authoritative for that zone. A or AAA records are the ipv4 or ipv6 records so you'd do set type=a and then put in whatever address you wanted. Likewise SMTP servers are mx records - probably worth you reading up on DNS record types.

server ns0.staffs.ac.uk: what did I do here?! - you just told nslookup to use the server ns0.staffs.ac.uk DNS server which probably is authoritative for that zone I'm guessing?

tracert: gave me hops and route of packets. - this identifies routers between you both and the response times

Like I said, just a basic search is required (introduction to PenTesting), but can anyone help with interpreting the results or offering further basic commands?

It's also probably worth looking into something like http://www.kali.org - this replaced BackTrack which was a popular Linux distro for the sorts of things you're after doing

[ivrytwr3]

yep, those toys/tools come out later, at the minute we are doing the 'basics' of the information gathering.

[reverend]

Cool, is this the fingerprinting stage then mate? Is this a uni course or something then - it's something I always fancied getting into but never got around too!

[Goldberg]

Will see if I can dig up anything here for you. Normally though it is our customers that carry out their own Pen testing on our software.

[ivrytwr3]

Cool, is this the fingerprinting stage then mate? Is this a uni course or something then - it's something I always fancied getting into but never got around too!

Exactly that!

[Goldberg]

Ok this stuff might be a bit old now, but some Firefox Plugins to get:

Tamper Data (lets you modify requests)
Firebug (I would hope you have this already.

What will the code of the site be done in? I have access to a lot of Python stuff as that is what the application is made with.

[doughboy]

Metasploit


Sent from my Nexus 7 using Tapatalk

[doughboy]

Metasploit

And make a quick script to nslookup every IP in that domain too.


Sent from my Nexus 7 using Tapatalk

Sent from my Nexus 7 using Tapatalk