Search the Community
Showing results for tags 'red-team'.
Hello Researchers, Let's Just Quickly Talk About our Topic What is Recon ? Recon or Reconnaissance is the technique or a procedure used in information security to determine about our target, Generally during a pen test or during any boot-to-root style capture the flag, reconnaissance is the basic thing to do. Now in this post I'll be sharing some of my own techniques I use during a recon. PORT SCANNING Port scanning is the basic thing to do during reconnaissance but we are not going to talk about some basic tools and techniques for scanning ports, if you want really quick results and you don't have to waste time on your initial step even with very low specs do this (by the way I'm nmap user) cool kids using rust and mass these days but yeah NMAP is better overall according to me. Now, what I generally do, I just do a basic scan with simple argument [email protected]:~ nmap 192.168.xx.xx now it'll result us back basic result of open ports but here to work on, but here's a catch that nmap only look for initial 10,000 ports by default, after getting few ports to look back we can do one more step to get things done quickly [email protected]:~ nmap -p- -v 192.168.xx.xx "-p-" argument let us have full port scan over 65,535 ports and "-v" argument stands for verbose so it will display ports as it finds them. Most of people do a mistake that they use "min-rate" argument to get results fast but sometimes it could skip some ports and that leads to a massive lost as a pen tester. Now after you've this result displayed on your screen and if you need proper scan for your report or for your notes you can do one thing [email protected]:~ nmap -sC -sV -pxx,xx,xxxx,xxx, 192.168.xx.xx by using "-p" argument it will only scan for given ports. Directory Enumeration and Fuzzing Let's Suppose we've a http server running on our target machine or server and we've a website to test on, For Directory Busting I use Gobuster and with SecLists it become very dangerous because SecLists is the thing which have collection of massive wordlists specific for directory enumeration, I use my some common sense and webapplizer to expose technology used for the website like php, So let's have a example [email protected]:~ gobuster dir -w /opt/SecLists/Discovery/Web-Content/raft-small-words-lowercase.txt -u http://normalweb.net -x php Now why do i use "raft-small-words" is just because it contain .git and big.txt doesn't have that, now if i found .git I could use Git Dumper and so much interesting depends on how you use your approach to test your target. this was just a basic approach but mostly people skip a really important step they enumerate that parent directory they working on for example if you got something like "sources" they'll just left it behind and I really did this mistake million times and I regret most of the time so in my opinion don't skip anything [email protected]:~ gobuster dir -w /opt/SecLists/Discovery/Web-Content/raft-small-words.txt -u http://normalweb.net/sources Now's let's talk about fuzzing little bit, Fuzzing is the really important step that most of people skip but whenever if you lands on some kind of dead end like 404 not found and 301 forbidden make sure to fuzz the path once before making a regret because it happened to me mostly during ctfs, when I skip fuzzing. I really like wfuzz for the fuzzing also I'll advice to use wfuzz it is really easy to use. [email protected]:~ wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt --hc 404 http://192.168.x.xx/FUZZ So don't do these mistake or bang your head on the wall. Looking For Basic Vulnerabilities Now this is very common mistake and this mistake can make us distracted, whenever you find a website always to try to connect things like check the web socket requests that used for chat (they mostly vulnerable to blind sql injection) and also look for some kind of input field to do some kind cross site scripting and try all kind of Injection like ssti and xxe. If i look for web i mostly check all the owasp top 10 and also sans top 25, also don't forget to check the url because we can have some type lfi or IDOR. Heyy this is not the end just enough for part 1, we'll be back and start our topic from where we've left today. Catch me on my socials :- YouTube , Instagram
🔰Penetration Testing🔰 Penetration Testing is a method that many companies follow in order to minimize their security breaches. This is a controlled way of hiring a professional who will try to hack your system and show you the loopholes that you should fix. Before doing a penetration test, it is mandatory to have an agreement that will explicitly mention the following parameters − >what will be the time of penetration test, >where will be the IP source of the attack, and >what will be the penetration fields of the system. Penetration testing is conducted by professional ethical hackers who mainly use commercial, open-source tools, automate tools and manual checks. There are no restrictions; the most important objective here is to uncover as many security flaws as possible. ⭕️Types of Penetration Testing 1️⃣Black Box − Here, the ethical hacker doesn’t have any information regarding the infrastructure or the network of the organization that he is trying to penetrate. In black-box penetration testing, the hacker tries to find the information by his own means. 2️⃣Grey Box − It is a type of penetration testing where the ethical hacker has a partial knowledge of the infrastructure, like its domain name server. 3️⃣White Box − In white-box penetration testing, the ethical hacker is provided with all the necessary information about the infrastructure and the network of the organization that he needs to penetrate. 4️⃣External Penetration Testing − This type of penetration testing mainly focuses on network infrastructure or servers and their software operating under the infrastructure. In this case, the ethical hacker tries the attack using public networks through the Internet. The hacker attempts to hack the company infrastructure by attacking their webpages, webservers, public DNS servers, etc. 5️⃣Internal Penetration Testing − In this type of penetration testing, the ethical hacker is inside the network of the company and conducts his tests from there. Penetration testing can also cause problems such as system malfunctioning, system crashing, or data loss. Therefore, a company should take calculated risks before going ahead with penetration testing. The risk is calculated as follows and it is a management risk. ‼️ Share and support us ‼️
Like always HackTheBox has announced another medium difficulty Machine on this Saturday, ------------------------------------ Pit will be retired very soon, from my experience pit was really great box in learning cuz I learn a lot from pit.