Professional Documents
Culture Documents
Web App Pen Testing - Information Gathering Video Notes - Odt
Web App Pen Testing - Information Gathering Video Notes - Odt
whois.domaintools.com
testing dns
– nslookup > set querytype=mx > [domain name]
– nslookup > set querytype=any [gets all dns records];
Netcraft
– “what's the site running”
– find OS and more of web server;
Netcat
– nc microsoft.com 80 → HEAD / HTTP/1.0 [hit return two times]; - server, x-powered-by,
etc.
Dirbuster
– java application designed to bruteforce directories and filenames on web applications;
– custom lists to find hidden files and directories;
– gui tool;
– pure brute force – every possible combo; list brute force – less than pure and from wordlists
which we have to specify;
– with pure brute force, have to select the character set to use;
– file extensions to search for: e.g. bak.old;
With the above files, like “user.bak” can right click → view response [to see what's in file];
Another interesting file above is “include/config.old” which when → view response → shows info
for the database connection;
Subdomain enumeration
dnsenum
– enumerate with google:
subbrute
– dictionary attack to discover all available domains [note can also do this from dnsenum];
– uses an inbuilt wordlist, but can also do custom ones;
– can store this stuff in files too – grepable and normal I believe;
with burpe
– target → scope → past url
– filter → display only inscope items
– spider → spider is paused [now spider starts];