Fariz Ihsan Yazid Blog

In this session, I learn how to utilize the search engine to find vulnerability on the target. the Google dorks or Google hacking database is one example that this class is being used and it works when users leveraging the advanced google searching technique. This technique allows users to use some kind of special queries that can identify the vulnerabilities, gathering information.

• the usage example
  • inurl:”index of” auth.key”
  • filetype:xml”PASSWORD”
  • intext:”Contents of Website”
  • inurl:”id=*” &intext:”mysql_fetch_array()”

This week, I learned about the target scoping and information gathering. Information gathering and target scoping is a crucially important step on penetration testing hence without gathering much information the pentest won’t be a success. next this week also I learn how to use the tools that are designed for information gathering

• The tool that I learned on this week
  • whois lookup
    • WHOIS lookup is an information-gathering tool that has a purpose to search the public databases in every specific domain such as registration, expiration date, etc. also this tools is very handy to know what the lower lever user capable to do
  • dnsenum
    • similar to whois lookup but this tool is focusing on enumerating the web domain. the other feature that available on this tool is finding subdomains of target
  • sam spade
    • sam spade is a little bit different from the other since this tool is specially made for Windows operating system. However the usage of this tool is similar with two previous tool that i mentions

in this semester, I choose to learn an elective course name Ethical Hacking and Penetration Testing. In the first week, our class is introduced about the peripherals things that you need for this class. then I learn about the tools that are used for doing pentest. this tool is called Kali Linux and the lecturer asked everyone in the class to install this tool in order to perform the hacking and penetration testing and it should be done before the second week. and in the next post will be written about week 2

Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.

Bypass by Upload File and Remote Code Execution

In order to bypass the access, I tried to upload some modified PHP files to get access to the directory and at the same time, I also start to listen to the open port by using Netcat thus I can access it on my terminal.

Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.

SQL Injection

After finding out that the target has a web application then I decided to open the IP address on the web browser. after opening the web page is open the next thing that I did is to log in the way that I did is to type with the same SQL query on username and the passwords until I reach to the next page

Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.

How to Use Nmap for Enumerating Target

In every pentest, the first step that pentester always does since it’s very important is to collect as much as possible information related to the target. In our case, we need to find which port is open, the identity of the target, discovering available host, and find what service they offer. here are the steps that I did on to get all information that is relevant.

• First, start the connection pack from Hack The Box by typing sudo openvpn (name of the downloaded connection pack) then hit enter. wait until the connection is establish
• the next step, open new tab on terminal and type nmap -sC -sV -A 10.10.10.185 wait until the result come out
• the result shows us the opening port which are
  • port 80: Apache = indicates there is open web server
  • port 22: OpenSSH = ssh shell is available to connect
• and the system that used is Linux with ubuntu as the distribution