No Tools... well this is impossible ...why? maybe because tools are everywhere heck your browser is a tool , your terminal is a tool, ummm yes your BRAIN... this is a very handy tool, so here goes my No-Tools list :)
Brain---> very important needs a lot of nourishment including a little rest here and there (yes its not all work and no play)
Terminal---> yes this little creature awes many when they finally know who/how/where/when to use it
Browser--->I have always insisted on using the browser as a tool but why??? well maybe because its called a browser... its the one thing that we can actually see a graphical output/input of the data we feed and also comes from it anywho.....
Here is my working of all this lets start from this point where we all want to do a pentest and we want to avoid tools just for the sake of (not wanting/having*) the tool so here we start by Information gathering ... only the above tools....
say we are attempting to get information about a website we want to pentest... the tools only the above ... here we go :)
PASSIVE INFORMATION GATHERING
Footprinting---aimed at gathering intelligence about the infrastructure of a target network, only from information which access is free and authorized. It is the first component of the information gathering step of a pentest, before port scanning and fingerprinting.
here we can fire up our *nix terminal and have a heads on lock on this by doing the following
- DNS query: with a domain name, you obtain the associated IP. Any field of the DNS response can be exploited: A, MX, etc. ,
- reverse DNS query: with an IP or an IP addresses range, you obtain domain names,
here we can also fire up our browser and do simple but informative steps such as
- WhoIs database: you obtain the informations legally provided for the domain name rental,
- search engines queries,
- X509 certificates queries,
- robots.txt of the website analysis,
-websource code
and with some nifty tricks we can move on to:
FingerPrinting and Port Scanning
well on port scanning its very tricky to do this with only the above tools but default configurations will tell us a lot about this website e.g
-Noting down the Favicon---to tell us what CMS is running
-Noting /Generating errors on the website---to tell us on webservers platform and ports e.g 80,8080,443
FingerPrinting and Port Scanning
well on port scanning its very tricky to do this with only the above tools but default configurations will tell us a lot about this website e.g
-Noting down the Favicon---to tell us what CMS is running
-Noting /Generating errors on the website---to tell us on webservers platform and ports e.g 80,8080,443
-Noting the protocols implemented-- from webmail logins(we can get an open port) from, https (443) ftp links e.t.c
see we are already getting information just by simple and yet effective tactics...
well i cant outline all tricks in one page but this should get you rolling others will come off as such,
well i cant outline all tricks in one page but this should get you rolling others will come off as such,
giving us lots of ways to go around the website with attacks /vulnerabilities known to the running services/platform/CMS
with that doing XSS,SQL,brute force(web forms) , RFI.LFIs and other techniques become reliable and a little easier than before... am not saying tools are not usefull am saying working from a knowledgeable point of view is more relatable and easier .
have a good day won't you :)
have a good day won't you :)
