Mar 24

What I learned:

– name server is used to provide an IP address

– cloud flare put in front of IP will give a random IP address

– hacking use more than 1 tools

– cloud storage: storage internal or externally

– avoid using share folder to avoid being hacked easily

– NBT (NetBIOS over TCP/IP): tool for enumerating Microsoft OS

– mitrei.org: CVE number

I learned how to find operating system of a website using nmap

 

first we must find the real IP Address

then, use nmap IP Address -O

adding -sV the version of the open ports

Mar 24

I learned that IP address can be hidden by using cloudflare, and the importance of updating old record. Old record can be used to brute force and hack the new website that have been updated by using specific website to gather information, such as dnstrails.com.  we can get the historical data of the website and get the old script that may contain vulnerable code of their old website like database, etc.

IP address

mail server that is used by google

DNS server

Mar 9

The things I took note:

– mailbox is based on pop protocol
– open ports means an open way to the system
– Linux Torvalds: creator of linux kernel(source)
– people are trying to migrate to v6, because v4 is running out
– every time packet is sent, it goes through the gateway(virtual machine) which is translated to public address
– every system have vulnerability
– DNS provides a local map, shows the record of server IP address and name
– SOA is DNS authority record
– google scholar to find articles(only the latest document), use sci-hub to open the pdf in google scholar
– google dorks find out some leaked information such as sensitive documents, sensitive information, web configuration, and backup files from domain
– backup files that forgot to be saved can be downloaded to find out all the information of the websites
– get hash value, open md5 cracker to get password
– do not store your password in clear text
– salt is used to randomize code even if they have the same password
– how linux stole password: create salt in value of 16bit(created from random number based on things such as date logged in), hash+salt value
– create longer password is harder to crack
– maltego tool is used to find relationships or connection

linux command:
– ifconfig (own information)
– host targetdomain(website information)

Theharvester -d targetdomain -l 100 -b google (backtrack: collect information from Google, Bing, PGP, Linkedin)

harvester is one of the tools used to collect information, it shows the emails and host of the target domain

Mar 9

Today, I learned about DNS, the way to do penetration testing by separating the people into 2 teams of attacker and defender, domain of OSSTMM, a bit of OWASP. I tried to use zap as a testing tool, zap is similar to paros proxy, it is a testing tool to test the security and vulnerability of your system.

 

First, scan the web which you want to find the vulnerability

Then, zap will show the possible vulnerabilities in the website in the form of alerts.

Clicking the alerts will show the description, and possible action to be taken to solve the problem