Hi, Newbie here

This topic contains 4 replies, has 3 voices, and was last updated by  Mr-Inaudible 5 years, 5 months ago.

  • Author
    Posts
  • #8660
     Mr-Inaudible 
    Participant

    Hi at last I’ve registered to this cool forum.
    I just wanna say hi to everyone, I have done some pentesting projects for some companies, and now I’m here to learn and to share my information with others. So i hope we can have a great time together..

  • #53776
     rattis 
    Participant

    Hi and welcome to the forum.

    So what tools and methodology did you use on your project? how did you track the data? what was your favorite part, and what was your least favorite parts of the project?

  • #53777
     m0wgli 
    Participant

    @rattis wrote:

    Hi and welcome to the forum.

    +1

    @mr-inaudible wrote:

    Hi at last I’ve registered to this cool forum.

    “And then it happened… a door opened to a world… rushing through
    the phone line like heroin through an addict’s veins, an electronic pulse is
    sent out, a refuge from the day-to-day incompetencies is sought… a board is
    found.” πŸ˜‰

  • #53778
     Mr-Inaudible 
    Participant

    @rattis wrote:

    Hi and welcome to the forum.

    So what tools and methodology did you use on your project? how did you track the data? what was your favorite part, and what was your least favorite parts of the project?

    Thank you so much for your comment.
    Well, I use ISSAF methodology in my Penetration Testing projects (OSSTMM is newer and alot better but I haven’t fully studied it, I’m gonna use it later after studying) but ISSAF handles my job very well, so I’m happy with that.

    About the tools, I pretty much use all of common tools. I use Kali and Samurai as a platform, Nmap for active info gathering, OpenVAS for finding vulns, Metasploit and Searchsploit for exploitation, brupsuite. w3af and temper and acunetix for web application pentest, and you can guess the rest i think, Hydra, john the ripper, nessus, and so on….

    I think the most important part in a pentest is Information gathering, Because we can find alot sensitve data without even using any hacking skills, and i always dedicate more time for this phase, For example it’s great to search the company’s name in job finding websites, because if their IT dept wants to hire someone, then we can somehow guess which services they are running. i also try to find employees in social network like Facebook or LinkedIn, because i may want to perform a social engineering attack against them later in order get data out of them. I’ve also created a virtual Linux based mediawiki server on vmware to archive all of the obtained information from this phase.

    My favorite part of any pentesting project, is exploitation. It makes me so happy when an exploit runs successfully! But again in order to exploit a services we need to have a whole bunch of correct and useful information from previous phases.

    Again Thank so much for your comment my friend.

  • #53779
     Mr-Inaudible 
    Participant

    @m0wgli wrote:

    @rattis wrote:

    Hi and welcome to the forum.

    +1

    @mr-inaudible wrote:

    Hi at last I’ve registered to this cool forum.

    “And then it happened… a door opened to a world… rushing through
    the phone line like heroin through an addict’s veins, an electronic pulse is
    sent out, a refuge from the day-to-day incompetencies is sought… a board is
    found.” πŸ˜‰

    Thank you :D. I do love the hacker manifesto, i have read it a hundred of thousands times!!

You must be logged in to reply to this topic.

Copyright Β©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?