vulninux

Forum Replies Created

Viewing 2 reply threads
  • Author
    Posts
    • #54131
      vulninux
      Participant

      Hi there
      The first thing that you need to do is making an agreement about the scope and level of pentest project otherwise you might break laws and get caught during the pentest.
      Because for example your client wants you to perform pentest on their web application in order to identify security weakness, but you’ll compromise the entire server during the pentest which is ilegal in this case.

      Your contract should emphasis the following items:
      1- what kind of access you can get.
      2- Penetration test scope.
      3- Black box or white box
      4- other legal aspects of the project.

      About tools, i suggest you to use kali linux as platform which has a whole bunch of tools for pentest. You’ll need a place to archive gathered information about the target and i suggest you dradis framework, Leo and xmind for that.

    • #54139
      vulninux
      Participant

      Hi buddy.
      What kind of protocol your attacking? Is it WEP or WPA/WPA2?

      Generally in order to crack wireless password you should keep these things in mind:
      1- you need a wireless card that supports packet injection alfa cards are awesome
      2- microsoft windows is not a good platform for any kind of wireless hacking. Try to use kali linux instead, its even easier then windows
      3- be ethical DO NOT attack to any access point that’s not yours.

      If your target is not broadcasting ssid. You should find it during traffic capture. But it might not work some times because it will find ssid when a client associates with the AP. In this case you should send a deauth packet to the access point in order to force clients to re-associate.

      Again use kali linux for these things.

    • #54160
      vulninux
      Participant

      Hi kashton I’m also a newbie here. Well i really dont know what do you wanna do, it seems that your in active info gathering phase. We have lots of tools for dns enumeration (even online). If your problem is getting two IPs for a domain, i wanaa say its normal and if the 2nd ip dosent return your domain it is also normal.

      For example if you ping google.com each time you’ll get a different ip address and its because of load balancing
      Your target might impelement edge servers for security and ..
      Multiple domains can point to a single ip address so u need to perform a reverse lookup search to findout if the ip can return your domain or not.

      In active info gathering i suggest you to find their public ip range (Cidr) and search the range to find alive hosts. Then you must identify what the task of each host and the relationship between identified hosts

Viewing 2 reply threads

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?