Reconnaissance and Profiling the Web Server

• include the following tasks:

  • IP adddress,subdomains,whois records,Dns servers,search engines
  • using google,bing,yahoo,and shodan,archive.org
  • social networking sites:Facebook,Flick,Instagram,Twitter,Maltego
  • Determining the physical location of the target using Geo IP database,satelite images from Google Maps and Bing Maps
  • Spidering the web application and creating sitemaps:Burp Suite,HTTP Track,and ZAP

• Setting up Your Lab with Kali Linux: Having a completely sepatate laptop installed with Kali Linux on the physical hard drive with suffcient amount of RAM and a high-speed proccessor to crunch in password hashes and rainbow tables is the way that most experienced penetration testers follow.While doing a real-world penetration test you need to have at least 8GB RAM on your machine.A high-speed network port and a wireless network card that allows packet injection is also an important part of the test’s toolkit.

• Insider attacks are more lethal than the one achieved by an external entity,so sometimes Black box testing would be a waste of money and time .
• Career as a penetration tester is not a sprint,it is a marathon.

Fuzzing Web Application

• Injecting random data into applications have varying effects and may reflect a different output for each input.This trial-and-error method could lead the attacker to vulnerabilities that have not beenprevioussly identified in the application.
• /dev/random is a special file in Linux that generates random data.

Major Flaws in Web Applicaitons

• Client-side flaws are targeted flaws and exploit the client-side technologies such as AJAX JSON,and flash code to extract information from the client.