Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.
After searching sensitive information inside the database, I decided to find the proper user name it means that I can access the server with proper login. next is to try login with the proper username and password.
Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.
as for this step after executing remote shell access, I started to find the vulnerabilities by searching all sensitive data on the server’s databases in here I use MySQL dump to explore all the sensitive data inside the database
In week 11 after the previous week learn how to get to the proper user role, I have learned how to maintain access to the target. as for the target I go with the same target as a week before which is dvwa. the purpose of maintaining access is to make an easy way to connect to the target without repeating the whole process. for this one, the way to maintain access is through the ssh connection.
on week 10, I have learned about the privileges escalation then what is privilege escalation. Privilege Escalations is the way how to exploit the bug, configuration, and pattern flaw of a system in order to gain elevated access to a system. as for this class lab implementation, I used the dvwa as a target. The first things that I did are to find the available ports then I used the msfconsole to connect to the server and after gaining access to the machine itself I started to enumerate which the proper user and after I found the proper user, immediately I generate the shell on to the server.
In week 9, I have learned about target exploitation. there are two tools that are commonly used for exploitation and those tools are msfconsole and msfvenom. the usage of both tools is to make listeners on target then we create payloads that contain malware. when the target opens the payloads it will automatically connect to the attacker and they can exploit the targets system.
this week I learn the extension of the previous week which is social engineering since the last time it is only learning about one tool but this week we learn the whole material of social engineering. this type of attack involves human psychology to obtain confidential information through communication and during the class session the lecturer showing the whole class a video of how social engineering happens
In week 7, before the midterm exam, I learn about a tool called SEToolkit. SEToolkit offers lots of options that we can choose. those options are cloning website, phone phishing, and many more. usually, I used this tool with the option of social-engineering attacks then I choose website attack vectors, credential harvester attack to gain people credentials in the fake website that similar to the real web
This week, I learned about vulnerability mapping. The vulnerability mapping, there are five types that are available those types are
after that, I also learn about the tools that are used in the vulnerability mapping those tools are OpenVas, Metasploit, sqlmap, burp suite.
on week 5, the material that I learned was how to enumerate the target. In the class, we were given a task to try to enumerate our target and I choose the target was my local machine.
In this session, the course is starting to get intense on the material. The material that this week I learned was about the target discovery. This skill is very important for every pentester since this skill is required to enter the target server. there are so many tools that can be used and the most popular one is the Nmap.
Nmap is an open-source vulnerability tool that used for scanning the network of a target. the result that comes out may show us the details of the target such as open ports, what services that target offer and etc.
Powered by WordPress. Theme: TheBuckmaker. Zinsen, Streaming Audio