Embed Size (px)
DESCRIPTION
ToolBox
Citation preview
Introduction To ToolBox Pentest
Dwi Septian Wardana putra
KOLAM – Komunitas Linux Arek Malang
ToolBox
You want to know nearly all your toolbox
dpkg list
You want to know if a specific tool is installed
dpkg –list | grep <tool name>
Information Gathering
Pre pentest, Important Phase
Gathering All Information
# Internet Searches
# Social Engineering
# Hping
# Fierce
ToolBox
Fierce ToolBox:
Scanning DNS
Zone transfer
Config Check DNS
# /pentest/enumeration/dns/fierce
# /fierce.pl –dns <www.target.com>
Recon Scanning
Recon Tools :
Nslookup
Whois
Enum Tools / Network Scanner :
Nmap
Netcraft
Etc
Vulnerability Tools :
Nessus
Nikto
Etc
ToolBox
Nmap ToolBox is :
Free and Open Source
Cross platform
Simple to use
Nmap : http://www.nmap.org
Command : nmap p <ipaddr>
ToolBox
Vulnerability Assessment Nikto :
Web Server Scanner
http://cirt.net/nikto2
/pentest/scanners/nikto
./nikto.pl host <websiteip>:<port>
Nessus
Vulnerability Assessment :
Install
# dpkg i *.deb
# /opt/nessus/sbin/nessusadduser
# Reg : http://www.nessus.org/plugins/?view=registerinfo
# Start Nessus : /etc/init.d/nessusd start
https://localhost:8834
Gain
Gain Access Point of a modernday attack
The usual goal is to either extract information
Gain Tools :
Metasploit
SET (Social Eng Toolkit)
Etc..
ToolBox
ToolBox Metasploit Interfaces :
# MSFconsole
# MSFcli
# MSFgui, MSFweb
# Armitage
