Enumerating HTTP and HTTPS
In this section, the open ports found with the Nmap scan are examined more closely, and additional information about services running on the webserver and sub-directories of the webpage are identified with a tool called dirbuster.
Scanning with Nmap
In this section, we will learn how to use Nmap to scan a target machine for open ports and services running on the machine that can be exploited in the following step.
Installing Kioptrix
This is the beginning of the “Scanning and Enumeration” section of “Practical Ethical Hacking”. We will use a vulnerable virtual machine called Kioptrix.
Utilizing Social Media
Websites liked Linkedin or Twitter can deliver valuable information, too, e.g. badge photos or desk photos.
Google Fu
Google is a super helpful source of information for pentesters that makes a successful pentester.
Information Gathering with Burp Suite
Burp Suite is a web proxy. It can intercept web traffic for us. The Community Edition has a limited functionality, one can only select Temporary Project upon startup, then click on Start burp (using the Burp defaults).
Hunting Subdomains (Parts 1 and 2)
One of the first steps in reconnaissance is to find out which subdomains belong to the target. One reason is that one might find subdomains which should not be publicly accessible, e.g. dev.tesla.com, another reason is that it gives us a chance to attack multiple websites and not only one.
Identifying Website Technologies
In this lecture, TCM presents several tools to analyse which technologies and frameworks have been used to create a website.
Hunting Breached Credentials with DeHashed
TCM demonstrates a website called DeHashed.com, which is only available as a paid service and can only be paid in cryptocurrency.
Gathering Breached Credentials with Breach-Parse
Finding user names and passwords in breached credentials is a very important step and part of every pentest.