Multi-function Tool in Kali Linux: Armitage for vulnerability analysis

Kali Linux provides us with several useful tools that we could use for penetration testing. Not forgetting one of its useful multi-function tools called Armitage. It is an attack management tools with Graphical User Interface that makes it easier for us to do penetration testing. Actually, It is more accurately a graphical interface for Metasploit framework. If you would like to know more about Metasploit framework. You can read What is Metasploit Project? by Margaret Rouse

In this post I will only show how to scan a range of network, the open port and the type of OS.

Continue reading

Enumeration Practice

Today, I got a lecture about how to enumerate data and was given a task.

Our task was to do these three things:

  1. Enumeration User wp1.pentest.id
  2. Enumeration User jo1.pentest.id
  3. Enumeration User Email @pentest.id

Several tools that were suggested:

  1. wpscan
  2. jooscan
  3. TheHarvester
  4. Google
  5. Nmap

so now I would like to show the results and techniques that I used to solve these task.

Continue reading

Fun Way to Learn Linux Command

Last week, my lecturer asked us to study about Linux command. However, studying about command line was not one of my favorite things, but at that time my friend suggested that I study Linux command from a game on the web called OverTheWire: Bandit.

This game consist of 26 level that encourage us to explore some of fundamental linux command that might be useful for us later on. It is a pretty interesting game.

Below is some of the screenshot of how to play it.

Continue reading

Target Scoping and Information Gathering

Kali Linux Testing Methodology (Target scoping and Information Gathering)

  1. Target scoping

Before starting the security assessment, we need to know what should be tested, how to test it (penetration testing plan), what condition should be applied during the penetration testing, what is the business objective, and how long will it takes to do the penetration testing

  1. Information gathering

Once we have get the target scoping, we need to gather the information that we need

For instance, the company’s ISP, name, address, website, operating system supported, and so on. Continue reading

Introduction To Ethical Hacking and Penetration Testing

The content of this post might not be 100% accurate because it is based on writer’s research and knowledge from internet resources, lectures, and experiences.

Introduction

Nowadays, we usually hear the term hacking as something related to cyber attack, denial of service, IP spoofing, and other things that are related to bad things. It is inevitable that hackers are the cause of those problem. However, do you know that hacking is not always bad? Hacking can give improvement for companies’ security systems and patch the vulnerable part of the system. Therefore, the term ‘ethical hacking’ comes up.

Continue reading