Tools Hacking

313
-1

Published on

ToolBox

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
313
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Tools Hacking

  1. 1. Introduction To  ToolBox Pentest Dwi Septian Wardana putra KOLAM – Komunitas Linux Arek Malang dwiseptianwardanaputra@gmail.com
  2. 2. ToolBox You want to know nearly all your toolbox  ­ dpkg ­­list You want to know if a specific tool is installed  ­ dpkg –list | grep <tool name> dwiseptianwardanaputra@gmail.com
  3. 3. Ethical 1. Information Gathering 2. Reconnaissance ­ Scan 3. Gain 4. Maintaining dwiseptianwardanaputra@gmail.com
  4. 4. Information Gathering  ­ Pre pentest, Important Phase  ­ Gathering All Information # Internet Searches   # Social Engineering # Hping # Fierce   dwiseptianwardanaputra@gmail.com
  5. 5. ToolBox Fierce ToolBox:  ­ Scanning DNS   ­ Zone transfer  ­ Config Check DNS # /pentest/enumeration/dns/fierce # /fierce.pl –dns <www.target.com> dwiseptianwardanaputra@gmail.com
  6. 6. Fierce  dwiseptianwardanaputra@gmail.com
  7. 7. Recon ­ Scanning Recon Tools :  Vulnerability Tools :   ­ Nslookup   ­ Nessus    ­ Nikto   ­ Whois   ­ Etc   ­ Google  Enum Tools / Network Scanner :     ­ Nmap    ­ Netcraft    ­ Etc dwiseptianwardanaputra@gmail.com
  8. 8. ToolBox Nmap ToolBox is :  ­ Free and Open Source  ­ Cross platform  ­ Simple to use Nmap : http://www.nmap.org Command : nmap ­p <ip­addr> dwiseptianwardanaputra@gmail.com
  9. 9. Nmap dwiseptianwardanaputra@gmail.com
  10. 10. ToolBox Vulnerability Assessment Nikto :  ­ Web Server Scanner  ­ http://cirt.net/nikto2  ­ /pentest/scanners/nikto  ­ ./nikto.pl ­host <websiteip>:<port> dwiseptianwardanaputra@gmail.com
  11. 11. Nessus Vulnerability Assessment :  ­ Install   # dpkg ­i *.deb   # /opt/nessus/sbin/nessus­adduser   # Reg : http://www.nessus.org/plugins/?view=register­info   # Start Nessus : /etc/init.d/nessusd start ­ https://localhost:8834 dwiseptianwardanaputra@gmail.com
  12. 12. Nessus dwiseptianwardanaputra@gmail.com
  13. 13. Gain Gain Access Point of a modern­day attack The usual goal is to either extract information Gain Tools :   ­ Metasploit   ­ SET (Social Eng Toolkit) ­ Etc.. dwiseptianwardanaputra@gmail.com
  14. 14. ToolBox dwiseptianwardanaputra@gmail.com
  15. 15. ToolBox ToolBox Metasploit Interfaces :   # MSFconsole   # MSFcli # MSFgui, MSFweb # Armitage dwiseptianwardanaputra@gmail.com
  16. 16. MSFconsole dwiseptianwardanaputra@gmail.com
  17. 17. MSFcli /fierce.pl –dns Target (like google.com) dwiseptianwardanaputra@gmail.com
  18. 18. TERIMAKASIH Dwi Septian Wardana putra KOLAM – Komunitas Linux Arek Malang dwiseptianwardanaputra@gmail.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×