Forum Replies Created
May 6, 2015 at 9:11 pm #54131
The first thing that you need to do is making an agreement about the scope and level of pentest project otherwise you might break laws and get caught during the pentest.
Because for example your client wants you to perform pentest on their web application in order to identify security weakness, but you’ll compromise the entire server during the pentest which is ilegal in this case.
Your contract should emphasis the following items:
1- what kind of access you can get.
2- Penetration test scope.
3- Black box or white box
4- other legal aspects of the project.
About tools, i suggest you to use kali linux as platform which has a whole bunch of tools for pentest. You’ll need a place to archive gathered information about the target and i suggest you dradis framework, Leo and xmind for that.
May 6, 2015 at 8:19 pm #54139
What kind of protocol your attacking? Is it WEP or WPA/WPA2?
Generally in order to crack wireless password you should keep these things in mind:
1- you need a wireless card that supports packet injection alfa cards are awesome
2- microsoft windows is not a good platform for any kind of wireless hacking. Try to use kali linux instead, its even easier then windows
3- be ethical DO NOT attack to any access point that’s not yours.
If your target is not broadcasting ssid. You should find it during traffic capture. But it might not work some times because it will find ssid when a client associates with the AP. In this case you should send a deauth packet to the access point in order to force clients to re-associate.
Again use kali linux for these things.
May 5, 2015 at 7:50 pm #54160
Hi kashton I’m also a newbie here. Well i really dont know what do you wanna do, it seems that your in active info gathering phase. We have lots of tools for dns enumeration (even online). If your problem is getting two IPs for a domain, i wanaa say its normal and if the 2nd ip dosent return your domain it is also normal.
For example if you ping google.com each time you’ll get a different ip address and its because of load balancing
Your target might impelement edge servers for security and ..
Multiple domains can point to a single ip address so u need to perform a reverse lookup search to findout if the ip can return your domain or not.
In active info gathering i suggest you to find their public ip range (Cidr) and search the range to find alive hosts. Then you must identify what the task of each host and the relationship between identified hosts