3. Web App Pen Testing with Zap - Configuring Proxy
Setting Proxy manually using host 127.0.0.1 and port 8088
4. Web App Pen Testing with Zap - Configuring Proxy
Won’t save the this because an add-on will be installed for more systematic
proxy change.
5. Web App Pen Testing with Zap - Configuring Proxy
This foxproxy will act as a tool for a quick configuration of the proxy. This just
needs to be enabled and disabled and will act as if like we are setting up a manual
proxy .
6. Web App Pen Testing with Zap - Configuring Proxy
What this will do is to block your access to the website.
7. Web App Pen Testing with Zap - Configuring Proxy
This will be when Zap will be used to gather information of the request we send
to the server
8. Web App Pen Testing with Zap - Configuring Proxy
This will be when Zap will be used to gather information of the request we send
to the server
9. Web App Pen Testing with Zap - Configuring Proxy
Shown here are the data that we could gather using the zap tool since this acts
as the intermediary for the proxy and the server we are requesting the web[ages
from.
11. Web App Pen Testing with DirBuster - File
Directory Discovery
dirBuster can be used for file directory discovery. It is a multithreaded java
application designed to brute force directories and files from a web server.
12. Web App Pen Testing with DirBuster - File
Directory Discovery
Using the web crawler like the dirbuster, a target url is set to be tested. There is
a Wordlist we can choose from to select folders, files and directories.
13. Web App Pen Testing with DirBuster - File Directory
Discovery
Here after starting the attack , the dirBuster was able to go to all the files and
that few known that is actually existing from the web server.
14. Web App Pen Testing with DirBuster - File Directory
Discovery
Tried to access and open the admin folder from the browser to see if there is
any important information we could gather as we could freely navigate to all of the
directories of the website we set as target.
15. Web App Pen Testing with DirBuster - File Directory
Discovery
Since the website that i have searched is specifically catering those who are
practicing penetration, we are prompt that the admin information are in other
directories.
17. Web Vulnerability using Nikto and printing out Data in an
output
Nikto is an Open Source (GPL) web server scanner which performs
comprehensive tests against web servers for multiple items, including over 6700
potentially dangerous files/programs, checks for outdated versions of over 1250
servers, and version specific problems on over 270 servers
Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration
Testing and Security Auditing. Kali contains several hundred tools which are geared
towards various information security tasks, such as Penetration Testing, Security
research, Computer Forensics and Reverse Engineering.
18. Web Vulnerability using Nikto and printing out Data in an
output
Nikto is a pre-installed tool for pentesting in Kali linux. Upon launching it , the
terminal will show up and you just need to do and command other data you want.
19. Web Vulnerability using Nikto and printing out Data in an
output
What is important is we know the target IP taht we are going to attack to test for
vulnerability. Here I installed a Metasploitable VM which is intentionally build for
server vulnerability tests.
20. Web Vulnerability using Nikto and printing out Data in an
output
After running the command “nikto -h 192.168.2.109 , which is the IP assigned to the
web server in the metasploitable vm, we can see some details that will give us hint
of the vulnerability.
21. Web Vulnerability using Nikto and printing out Data in an
output
The nmap command will help us confirm open ports that are open and can be tested
for vulnerability.
22. Web Vulnerability using Nikto and printing out Data in an
output
The cat command will simplify the output to the IP with open ports.
23. Web Vulnerability using Nikto and printing out Data in an
output
The information collected from the target host server can be printed to an output
and can be put to wherever directory you decide to put it in.
25. How to change Mac addresses using MACCHANGER
command in Kali Linux
Macchanger will let you assign new Mac Address atleast important if hacker were
able to access your IP address
26. How to change Mac addresses using MACCHANGER
command in Kali Linux
To change the MAC address, you can first check on the assigned MAC address to
the machine using ifconfig
27. How to change Mac addresses using MACCHANGER
command in Kali Linux
With sudo macchanger -eth0,the command changes the MAC of the machine in an
instance.
28. How to change Mac addresses using MACCHANGER
command in Kali Linux
The command ip a will confirm that the MAC address was already set to the newly
assigned address.
29. CREDITS: This presentation template was created by Slidesgo,
including icons by Flaticon, infographics & images by Freepik
THANKS