Category Archives: Uncategorized

Documentation and Report

A part of penetration testing is presenting the findings to clients. Documentation, report preparation, and presentation are important and must be done in a systematic and structured, and consistent manner. These are the types of reports 1. Executive Report The … Continue reading

Posted in Uncategorized | Comments Off on Documentation and Report

Social Engineering Toolkit; Creating a Fake Site

Social Engineering Toolkit (SET) is an advanced and easy-to-use computer-assisted social engineering toolset, created by the founders of TrustedSec. Now, I will try to create a fake login page using SET and credential harvester. The goal is to obtain the email and … Continue reading

Posted in Uncategorized | Comments Off on Social Engineering Toolkit; Creating a Fake Site

Social Engineering

Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. On security infrastructure, There are people, process, and technology. People are the weakest link in the security defense of any organization. Attack Process 1.Intelligence gathering 2.Identifying vulnerable … Continue reading

Posted in Uncategorized | Comments Off on Social Engineering

Playing with DVWA

We’ve already learned how to install DVWA, now, let’s try it to search some sites’ vulnerabilities. This is the DVWA homepage For a beginner, set the security level to low Go to command injection. You can ping any IP address … Continue reading

Posted in Uncategorized | Comments Off on Playing with DVWA

Installing DVWA

Change directory to web root directory (/var/www/html) using the cd command Then download the file from github using wget command (https://github.com/ethicalhack3r/DVWA/arch ive/master.zip) After it fully downloaded, unzip the master.zip Move the content from directory DVWA-Master to web root directory using mv command Then … Continue reading

Posted in Uncategorized | Leave a comment

Vulnerability Mapping

Once the operations of information gathering, discovery, and enumeration are complete, it is time to find vulnerabilities that might exist in the target infrastructure. Vulnerability mapping is the process of identifying and analyzing the critical security flaws in a target … Continue reading

Posted in Uncategorized | Comments Off on Vulnerability Mapping

WPScan Enumeration

WPScan is a black box vulnerability scanner for WordPress site. WordPress is a popular open source content management system. A lot of people use WordPress. That’s why WPScan is necessary. Now I will try to find the username and password … Continue reading

Posted in Uncategorized | Comments Off on WPScan Enumeration

Google Dorking

Google hacking or Google dorking is a hacking technique that use Google search to find security holes in the code that website use. Dorks are keywords used to filter put desired results from Google database. Now, I want to try the … Continue reading

Posted in Uncategorized | Comments Off on Google Dorking

Target Discovery Tools

Identify Target Machines Ping to check if the host is available or not It works by sending an Internet Control Message Protocol (ICMP) echo request packet to the target host. It will reply with ICMP echo reply if the host is … Continue reading

Posted in Uncategorized | Leave a comment

Information Gathering Tools

Information gathering is the 2nd phase of the Kali Linux Methodology. In this phase, we collect as much information about our target, such as Domain Name Server (DNS) hostnames, IP address, technologies used, etc. I will deliberate some tools available … Continue reading

Posted in Uncategorized | Leave a comment