I’m 6 feet 3 and I wanted to know if being tall is a disadvantage when red teaming. Does it make it easier to get spotted?
A typicall pentesting activity has the following step :
1 - information gathering + enumeration 2 - vulnerability assessment (vulnerability scanning) 3 - exploitation 4 - post exploitation (persistence, clearing tracks, etc...) 5 - report writing
Step 1 to 4 can be a cycle after getting a foothold.
But what do you do if you don’t get that foothold. That is, on the iteration, Step 2 (Vulnerability scanning) does not return any vulnerable service nor configuration. If social engineering is not part of the deal, does it mean it’s pretty much game over ?
I have a basic knowledge of ho Pen Testing work, but I would like to do more. I have downloaded and installed Kali Vbox and Metasploitable 2 and tinkered. I don’t know where to start. If I could get some Recommendations on good places to start, that would be great. Thanks.
I am currently pentesting a webserver running MySQL, managed to obtain its db configuration (w/ login credentials) but the hostname is in a Local Area Network. The server has white listing enabled, so i cannot login remotely.
Is there anyway to bypass the servers MySQL whitelisting?
“ERROR 1130 (HY000: Host ‘XX.XX.XXX.XXX’ is not allowed to connect to this MySQL Server”
I have a static-page website that I need to pentest. What I mean by this is that the site does not have a database, and it has no area to submit user input except for to a third party payment service that is managed entirely by them.
I have actually done web app pentesting before and found vulnerabilities such as XSS, CSRF, IDOR, and DoS. However, these were web apps where content was being reflected back to the page, and a user was “logged in.”
Off the top of my head, I can think of:
- Exposed/improperly protected admin panels
- Directory traversal
- Weak admin credentials on the host accounts/admin controls
Aside from those issues, I am having a difficult time coming up with other vulnerabilities to look for on a static site where user input is not collected or reflected, there is no notion of an “account”, and etc… The site does use PHP 7 on Apache, but the site is rather basic compared to many of the modern “web app” sites which utilize OAuth, social media login, reflect content back to the page, and so on.
Note: I did see Which security measures make sense for a static web site? but that post is more from a “blue team” standpoint, whereas I am asking for pentesting advice, not advice for how to secure the site.
I currently use very much Ubuntu and Kali from the Debian family for penetration testing (Network and Apps) and I want to know if anybody has tested arch Linux or other distros for penetration testing. If so where you able to download all the packages from kali into arch ?
So i have a jnlp application that is launched through a java web launcher. Setup:
– I have burp running in a vm
– The thick client is running on my windows base machine.
– I’ve got the referred jar files.
– The application establishes connection with a remote server(say, 126.96.36.199) to 443 port, which i got through wireshark and verified through the logs as well.
– I am trying to intercept the traffic through burp, invisible proxying is not possible because the app refers to the ip directly.
– Also tried to route all system traffic through the vm running kali, still i couldn’t intercept the 443 traffic.
– Fiddler failed to intercept the said communication as well. (Not sure why as it is supposed to just act as a tunnel and catch any and every damn packet traversing)
I implore the Titans of thick client pentesting to shed some words of wisdom to a peasant.
I’m new in web pentesting and I have read a lot of books.
But I think I should read some RFC to have a better knowledge about web applications.
There is a lot of RFC and I’m a bit lost on which one should I read…
i’m starting with RFC3986 but which ones would you recommend me after this one, please ?
I am looking to develop my skills in SDR pentesting. I have read some online article discussing how SDR attacks work, however, I have been unable to find a valid comprehensive tutorial on SDR pen-testing. Does anyone have any recommendations?
I want to learn and practice penetration testing on my own network, and I want to be sure I’m making it legal. So my question is the following: Is there a system, which reports to my ISP that I’m making suspicious activities, even if I never leave the LAN? If there is, would they report me? I’m speaking about “hacks” which ones don’t affect the hosts outside my local network (such as DHCP starvation, WiFi password cracking, ARP spoofing, DoS, etc). Or the ISP doesn’t care what I’m doing, until I don’t confront their system (which I never will)?
Maybe my question is nonsense, but I want to be sure I don’t miss anything.