On our previous post, we already talked about phishing.
Tag Archives: ethical hacking
WHOIS
According to Wikipedia, WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource.
Footprinting a Webserver
Before we do footprinting, we have to understand what footprint is. Footprinting (also known as reconnaissance) refers to the process of collecting as much as information as possible about the target system to find ways to penetrate into the system. Information such as ip address, Whois records, DNS information, an operating system used, employee email id, Phone numbers etc is collected. These information is very useful to a hacker who is trying to crack a whole system.
Web Application Fingerprinting
One of the first tasks when conducting a web application penetration test is to try to identify the version of the web server and the web application. It allows us to discover all the well-known vulnerabilities that are affecting the web server and the application.This process is called web application fingerprinting and in this article we will see how to perform it.
What is Social Engineering and How Does it Work?
Social engineering is still one of the most common means of cyber-attack, primarily because it is highly efficient. To criminals, the user is the weakest link in the security chain. Social engineering is one of the biggest problem in IT security today. It’s so effective because it targets at the human level as opposed to the technical level. While you can patch up technical vulnerabilities, it’s way harder to address vulnerabilities caused by human error. An education process is vital for end users to understand the dangers of social engineering and to avoid falling for such scams.
How to Utilize Search Engine with Google Search Operators
What is Google search operators? According to moz.com, Google search operators are special characters and commands (sometimes called “advanced operators”) that extend the capabilities of regular text searches. Search operators can be useful for everything from content research to technical SEO (Search Engine Optimization) audits. In a word, It is an act of searching using Google search engine to find anything that is left behind by system admin or web developer, that is not meant to be public consumption.
Enumerating Target Using TheHarvester
In this section we will try to do enumeration using TheHarvester. TheHarvester is a tool to gather your target’s emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers, and SHODAN computer database.
Enumerating Target Using WPScan
In this section we will talk about how to enumerate our target using WPScan. So, what is enumeration? According to Tutorialspoint.com, Enumeration belongs to the first phase of Ethical Hacking, i.e., “Information Gathering”. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further. In a nutshell, enumeration can be used to gather information.
How to Use Maltego
Maltego is a program built into Kali Linux that lets you do reconnaissance on any person, by scraping up data from all publicly available areas of the Internets. Maltego is used for information gathering and data-mining, and can be useful for anyone who needs to gather data on a person or company.
Installing Kali Linux as a Virtual Machine
Reply
To do a penetration testing we are going to install some penetration testing tools. We will use an operating system called Kali Linux. It’s just a flavor of Linux based on Debian, and it comes in with all the programs and the applications that we need to use pre-installed and pre-configured. This means that we can just install this operating system and then start learning our hacking.