.

Hi, Newbie here

<<

Mr-Inaudible

User avatar

Newbie
Newbie

Posts: 5

Joined: Tue Apr 01, 2014 5:41 am

Post Tue Apr 01, 2014 6:58 am

Hi, Newbie here

Hi at last I've registered to this cool forum.
I just wanna say hi to everyone, I have done some pentesting projects for some companies, and now I'm here to learn and to share my information with others. So i hope we can have a great time together..
"This is it... this is where I belong..."
I know everyone here... even if I've never met them, never talked
to them, may never hear from them again... I know you all...
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1186

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Apr 01, 2014 1:12 pm

Re: Hi, Newbie here

Hi and welcome to the forum.

So what tools and methodology did you use on your project? how did you track the data? what was your favorite part, and what was your least favorite parts of the project?
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 339

Joined: Fri Jul 20, 2012 3:34 pm

Post Tue Apr 01, 2014 3:38 pm

Re: Hi, Newbie here

rattis wrote:Hi and welcome to the forum.

+1

Mr-Inaudible wrote:Hi at last I've registered to this cool forum.

"And then it happened... a door opened to a world... rushing through
the phone line like heroin through an addict's veins, an electronic pulse is
sent out, a refuge from the day-to-day incompetencies is sought... a board is
found." ;)
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

Mr-Inaudible

User avatar

Newbie
Newbie

Posts: 5

Joined: Tue Apr 01, 2014 5:41 am

Post Wed Apr 02, 2014 8:54 am

Re: Hi, Newbie here

rattis wrote:Hi and welcome to the forum.

So what tools and methodology did you use on your project? how did you track the data? what was your favorite part, and what was your least favorite parts of the project?


Thank you so much for your comment.
Well, I use ISSAF methodology in my Penetration Testing projects (OSSTMM is newer and alot better but I haven't fully studied it, I'm gonna use it later after studying) but ISSAF handles my job very well, so I'm happy with that.

About the tools, I pretty much use all of common tools. I use Kali and Samurai as a platform, Nmap for active info gathering, OpenVAS for finding vulns, Metasploit and Searchsploit for exploitation, brupsuite. w3af and temper and acunetix for web application pentest, and you can guess the rest i think, Hydra, john the ripper, nessus, and so on....

I think the most important part in a pentest is Information gathering, Because we can find alot sensitve data without even using any hacking skills, and i always dedicate more time for this phase, For example it's great to search the company's name in job finding websites, because if their IT dept wants to hire someone, then we can somehow guess which services they are running. i also try to find employees in social network like Facebook or LinkedIn, because i may want to perform a social engineering attack against them later in order get data out of them. I've also created a virtual Linux based mediawiki server on vmware to archive all of the obtained information from this phase.

My favorite part of any pentesting project, is exploitation. It makes me so happy when an exploit runs successfully! But again in order to exploit a services we need to have a whole bunch of correct and useful information from previous phases.

Again Thank so much for your comment my friend.
"This is it... this is where I belong..."
I know everyone here... even if I've never met them, never talked
to them, may never hear from them again... I know you all...
<<

Mr-Inaudible

User avatar

Newbie
Newbie

Posts: 5

Joined: Tue Apr 01, 2014 5:41 am

Post Wed Apr 02, 2014 9:00 am

Re: Hi, Newbie here

m0wgli wrote:
rattis wrote:Hi and welcome to the forum.

+1

Mr-Inaudible wrote:Hi at last I've registered to this cool forum.

"And then it happened... a door opened to a world... rushing through
the phone line like heroin through an addict's veins, an electronic pulse is
sent out, a refuge from the day-to-day incompetencies is sought... a board is
found." ;)


Thank you :D. I do love the hacker manifesto, i have read it a hundred of thousands times!!
"This is it... this is where I belong..."
I know everyone here... even if I've never met them, never talked
to them, may never hear from them again... I know you all...

Return to Greetings

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software