Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Tools Hacking

547 views

Published on

ToolBox

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Tools Hacking

  1. 1. Introduction To  ToolBox Pentest Dwi Septian Wardana putra KOLAM – Komunitas Linux Arek Malang dwiseptianwardanaputra@gmail.com
  2. 2. ToolBox You want to know nearly all your toolbox  ­ dpkg ­­list You want to know if a specific tool is installed  ­ dpkg –list | grep <tool name> dwiseptianwardanaputra@gmail.com
  3. 3. Ethical 1. Information Gathering 2. Reconnaissance ­ Scan 3. Gain 4. Maintaining dwiseptianwardanaputra@gmail.com
  4. 4. Information Gathering  ­ Pre pentest, Important Phase  ­ Gathering All Information # Internet Searches   # Social Engineering # Hping # Fierce   dwiseptianwardanaputra@gmail.com
  5. 5. ToolBox Fierce ToolBox:  ­ Scanning DNS   ­ Zone transfer  ­ Config Check DNS # /pentest/enumeration/dns/fierce # /fierce.pl –dns <www.target.com> dwiseptianwardanaputra@gmail.com
  6. 6. Fierce  dwiseptianwardanaputra@gmail.com
  7. 7. Recon ­ Scanning Recon Tools :  Vulnerability Tools :   ­ Nslookup   ­ Nessus    ­ Nikto   ­ Whois   ­ Etc   ­ Google  Enum Tools / Network Scanner :     ­ Nmap    ­ Netcraft    ­ Etc dwiseptianwardanaputra@gmail.com
  8. 8. ToolBox Nmap ToolBox is :  ­ Free and Open Source  ­ Cross platform  ­ Simple to use Nmap : http://www.nmap.org Command : nmap ­p <ip­addr> dwiseptianwardanaputra@gmail.com
  9. 9. Nmap dwiseptianwardanaputra@gmail.com
  10. 10. ToolBox Vulnerability Assessment Nikto :  ­ Web Server Scanner  ­ http://cirt.net/nikto2  ­ /pentest/scanners/nikto  ­ ./nikto.pl ­host <websiteip>:<port> dwiseptianwardanaputra@gmail.com
  11. 11. Nessus Vulnerability Assessment :  ­ Install   # dpkg ­i *.deb   # /opt/nessus/sbin/nessus­adduser   # Reg : http://www.nessus.org/plugins/?view=register­info   # Start Nessus : /etc/init.d/nessusd start ­ https://localhost:8834 dwiseptianwardanaputra@gmail.com
  12. 12. Nessus dwiseptianwardanaputra@gmail.com
  13. 13. Gain Gain Access Point of a modern­day attack The usual goal is to either extract information Gain Tools :   ­ Metasploit   ­ SET (Social Eng Toolkit) ­ Etc.. dwiseptianwardanaputra@gmail.com
  14. 14. ToolBox dwiseptianwardanaputra@gmail.com
  15. 15. ToolBox ToolBox Metasploit Interfaces :   # MSFconsole   # MSFcli # MSFgui, MSFweb # Armitage dwiseptianwardanaputra@gmail.com
  16. 16. MSFconsole dwiseptianwardanaputra@gmail.com
  17. 17. MSFcli /fierce.pl –dns Target (like google.com) dwiseptianwardanaputra@gmail.com
  18. 18. TERIMAKASIH Dwi Septian Wardana putra KOLAM – Komunitas Linux Arek Malang dwiseptianwardanaputra@gmail.com

×