|
  |
|
|
Web based target entry point acquisition
I want to share my methods for acquiring access to a specific target for “vulnerability testing”.
I won’t go into what to do after you have your target, that will be up to you. I will be using some handy web based tools for this tutorial, making it easy for those still using Windows for whatever reason. In this example we want to find a way into the servers that host our unfriendly competition. First thing we should do is find out what services they have running.
I prefer YouGetSignal’s Open Ports Tool, it’s almost like an web based nmap quick scan:
http://www.yougetsignal.com/openPortsTool/ Put your target’s IP into the box
At the bottom right of the page, click Scan all common ports
I haven’t checked to see what data they collect or send, so it would be wise to use this tool via a proxy. Once you have the open ports (if any), write them down somewhere. The next thing I like to do is check what other domains are hosted on that IP. This is especially useful if they are on a shared hosting plan. Just because the target has locked down his website doesn’t mean that everyone else on his box has too. I prefer the web based lookup tool at MyIPNeighbors.
This site does not proxy anything, so use your own.
http://www.myipneighbors.com/ Even if the target is on a dedicated or VPS, you will likely see other domains or subdomains they have registered. Once you have checked other domains for entry points (i hope you found one:)) we can move on to my next favorite web based tool. http://serversniff.net/ is a free “swiss army knife” site with tons of nice features. I will focus on its subdomain search, as it has proven very handy for finding “secret” subdomains such as admin.foo.com and other stuff you won’t find on google…
This is likely a dictionary based search, so don’t expect to find ai4038502.foo.com or whatever. Once you have found some (hopefully vulnerable) subdomains, you may notice that some of them have different IP addresses from the original. Go search for those on myipneighbors and look for more possible entry points. Repeat this process until you have mapped out pretty much everything web related for your target. Here are a few other web based tools that offer similar free services that can be helpful:
http://news.netcraft.com/ ye olde faithful. Can tell you what a site is running, known subdomains, similar TLD’s and other handy info. http://centralops.net/co/DomainDossier.aspx another nice web tool, has service scan, whois records, etc.
http://centralops.net/co/ btw has a bunch of other tools, none really unique though. I hope this tutorial has shown you something about the power these web based tools can add to your arsenal. |
|
 |
|
PLEASE VISIT THE CONTRIBUTOR'S WEBSITE
No reactions yet.
Please login or sign up to rate this intel.
Please login or sign up to add a comment.
The copyright for this content entitled "Web based target entry point acquisition" has been specified by the contributor as:
Creative Commons Attribution-Share Alike 3.0
Details 
This content may be copied, distributed, and modified, as long as a) the original author is acknowledged with a link back to the content page, and b) if the work is modified, the result is distributed with this same license.
If you use this content according to the license specified, you must link to the following URL:
http://fuzion.qondio.com/
|
|
|
This intel was contributed by fuzion
|
May, 2012
2008
January, February, March, April, May, June, July, August, September, October, November, December
2009
January, February, March, April, May, June, July, August, September, October, November, December
2010
January, February, March, April, May, June, July, August, September, October, November, December
2011
January, February, March, April, May, June, July, August, September, October, November, December
2012
January, February, March, April, May
|
|
Not a member yet?
Qondio is a powerful network for making it online. If you have a website to
promote, we can help.
Sign up and get in on the action.
|
|
Welcome to Qondio! Discover the awesome power this network can deliver by going to our About page. Or you could skip straight to the Sign Up form.
|
|
